when the internet disconnects it happens to all the pcs connected to it (just 2 to be specific) i experienced the disconnecting a few hours ago with only my PC on which might rule out some possibilities that the other pc is the cause.
OTL logfile created on: 8/26/2012 6:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\Nawaf\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 4.93 Gb Available Physical Memory | 61.71% Memory free
15.96 Gb Paging File | 12.33 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.71 Gb Total Space | 1576.11 Gb Free Space | 85.21% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.59 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
Computer Name: NAWAF-HP | User Name: Nawaf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2012/08/26 06:38:43 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Nawaf\Downloads\OTL.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/08/03 04:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
PRC - [2012/08/03 04:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/08/03 04:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/06/29 06:37:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/06/28 17:44:30 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/06/07 12:40:40 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/06/07 12:26:44 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe
PRC - [2011/12/20 16:06:00 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.196\deploy\LolClient.exe
PRC - [2011/12/20 15:24:22 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/08/19 11:11:26 | 002,548,224 | ---- | M] (SteelSeries) -- C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
PRC - [2011/08/18 11:36:54 | 001,993,216 | ---- | M] (SteelSeries) -- C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/10/05 17:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 17:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/28 18:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/05/25 15:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/09/18 10:24:08 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2009/08/21 09:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/08/19 21:24:24 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe
PRC - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2009/05/09 02:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/09 02:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/28 05:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/18 01:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/18 01:28:54 | 012,236,824 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012/08/18 01:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/18 01:27:36 | 000,526,872 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll
MOD - [2012/08/18 01:27:35 | 000,104,984 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll
MOD - [2012/08/18 01:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/18 01:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/18 01:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/06/07 12:28:09 | 004,770,176 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.196\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/06/07 12:26:44 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/20 15:24:22 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/04/11 13:58:21 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll
MOD - [2011/04/11 13:58:17 | 000,370,688 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll
MOD - [2009/09/11 13:10:04 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\WinTab32.dll
MOD - [2009/07/07 18:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
MOD - [2009/02/28 05:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/20 03:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011/06/24 02:23:14 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/08/06 05:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/09/23 17:34:06 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/08/25 06:39:14 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/08/03 04:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/08/03 04:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2012/08/03 04:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/08/03 04:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/29 06:37:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/06/28 17:44:30 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/06/23 00:18:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/31 11:51:32 | 003,272,704 | ---- | M] (LowerPing) [On_Demand | Stopped] -- C:\Program Files (x86)\LowerPing\LowerP.EXE -- (LOWERP)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/26 06:20:28 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/10/05 17:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 17:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/28 18:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/19 04:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/08/13 18:24:20 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/25 14:53:54 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/07/24 23:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/07/24 23:11:52 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/05/25 19:38:48 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/05/21 16:10:51 | 000,188,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/23 14:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/09 18:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 11:55:30 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/12/17 15:25:44 | 000,023,040 | ---- | M] (Sagatek Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MO3v2Driver.sys -- (SSMO3v2Filter)
DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/13 16:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/12 11:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 14:42:36 | 000,022,696 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2009/06/18 14:42:18 | 000,027,304 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2009/06/18 14:42:00 | 000,017,064 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2009/06/18 14:41:48 | 000,027,304 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/13
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.animetake.com/"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nawaf\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nawaf\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 00:18:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Nawaf\AppData\Roaming\IDM\idmmzcc5 [2012/06/07 12:39:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 00:18:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Nawaf\AppData\Roaming\IDM\idmmzcc5 [2012/06/07 12:39:33 | 000,000,000 | ---D | M]
[2012/06/07 12:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nawaf\AppData\Roaming\Mozilla\Extensions
[2012/06/08 12:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nawaf\AppData\Roaming\Mozilla\Firefox\Profiles\2j07ydun.default\extensions
[2012/08/03 22:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 22:06:16 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/07 12:39:33 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\NAWAF\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/06/23 00:18:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 18:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 18:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.animetake.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.animetake.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: Azusa Nakano = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\miemcinalacnaglobiaokemajdehgllg\1_0\
CHR - Extension: Gmail = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)
O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [Device Doctor] C:\Program Files (x86)\Device Doctor\DDLauncher.exe (Device Doctor Software Inc.)
O4 - HKCU..\Run: [IDMan] c:\program files (x86)\internet download manager\idman.exe (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 196.1.69.98 196.1.69.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}: DhcpNameServer = 196.1.69.98 196.1.69.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C48336A-913C-468B-A877-EEA2F9533482}: DhcpNameServer = 10.85.88.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7227B5F1-88BD-4B98-A72C-661324A43424}: DhcpNameServer = 196.1.69.98 196.1.69.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7227B5F1-88BD-4B98-A72C-661324A43424}: NameServer = 196.1.69.98,196.1.69.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/26 06:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2012/08/26 06:40:00 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2012/08/26 06:39:15 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012/08/26 06:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/08/26 06:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/08/26 06:39:08 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/08/26 06:39:08 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012/08/26 06:34:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/26 03:43:31 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/08/26 03:42:16 | 026,226,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/08/26 03:42:16 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/08/26 03:42:16 | 019,828,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/08/26 03:42:16 | 018,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/08/26 03:42:16 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/08/26 03:42:16 | 009,164,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/08/26 03:42:16 | 007,699,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/08/26 03:42:16 | 002,744,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/08/26 03:42:16 | 002,573,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/08/26 03:42:16 | 002,422,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/08/26 03:42:16 | 002,216,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/08/26 03:42:16 | 001,865,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/08/26 03:42:16 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012/08/26 03:42:16 | 000,828,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/08/26 03:42:16 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/08/26 03:42:16 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/08/26 03:42:16 | 000,188,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/08/26 03:42:16 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/08/26 02:39:38 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\Guild Wars 2
[2012/08/25 18:48:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{84215494-4B30-40E6-BBEE-C8816D521904}
[2012/08/25 10:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/08/25 10:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012/08/25 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\Documents\Guild Wars 2
[2012/08/25 06:47:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9E2A0723-A069-4352-9099-54AD2ABF46A2}
[2012/08/25 06:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/25 04:18:43 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Malwarebytes
[2012/08/25 04:18:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/25 04:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/25 04:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/25 04:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/25 04:14:00 | 059,884,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/08/24 18:47:33 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B3CB3E71-743C-46E8-9247-AB6E31773AAE}
[2012/08/23 20:01:06 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{73EBA53C-D5A6-4257-877C-A975ACBBD9B9}
[2012/08/23 08:00:42 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{77A07170-5EB6-4B2A-B8F8-D73D995EE895}
[2012/08/22 18:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/22 18:22:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/22 18:22:29 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/22 18:22:29 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/22 18:22:29 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/22 16:53:32 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{582888AF-D1E7-4487-BB15-A86C0ECC0AB9}
[2012/08/21 16:52:56 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E404A768-3623-4495-84A6-4551128DFE77}
[2012/08/21 00:21:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{A2A82F1C-E9F0-4B69-B8EF-C3CE34CFDE1E}
[2012/08/20 07:21:25 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{190955FC-27C3-4FCC-8C54-FD1541A75A7B}
[2012/08/19 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Reviversoft
[2012/08/19 17:36:36 | 000,018,240 | ---- | C] (ReviverSoft) -- C:\Windows\SysNative\roboot64.exe
[2012/08/19 17:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2012/08/19 17:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reviversoft
[2012/08/19 17:31:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2012/08/19 17:31:46 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\PackageAware
[2012/08/19 17:24:30 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Uniblue
[2012/08/19 17:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/08/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012/08/19 17:01:51 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/19 17:01:50 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/19 17:01:50 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/19 17:01:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/19 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D90EF747-337B-46C0-8502-C7537796F995}
[2012/08/18 19:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/08/18 19:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012/08/18 13:56:25 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3058724F-F615-4CC9-B5D6-958B24F0BC84}
[2012/08/18 13:56:14 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{264BDDE6-81BE-4A07-9B2B-39580C0ED345}
[2012/08/18 01:48:35 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{C36174C3-177B-419B-AEA2-0E56881D1185}
[2012/08/18 01:48:23 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B0FCE5E2-31D2-4E93-9EE1-7E0F8E624FBA}
[2012/08/17 13:47:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{FBBAA717-F0A2-48A6-B80A-C3CE64E40068}
[2012/08/17 13:47:45 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{13CA0861-0FE6-4CD2-BF7B-737E191AF79D}
[2012/08/17 01:25:37 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{640C0543-F045-4850-865C-2FB84B9AFE70}
[2012/08/17 01:25:26 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{493F6D4F-2839-44D2-9260-D957252BC786}
[2012/08/16 13:25:00 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{58824C71-A113-40D7-8FD4-F2F16A36CE32}
[2012/08/16 13:24:47 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{AFCBED33-46B0-449C-9D32-4DC7EFF18F81}
[2012/08/16 03:12:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 03:12:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 03:12:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 03:12:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 03:12:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 03:12:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 03:12:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 03:12:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 03:12:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 03:12:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 03:12:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 03:12:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 03:12:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/16 03:09:01 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/16 03:09:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/16 03:09:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/16 03:09:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/16 01:24:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{A25665BC-07AD-4AEF-88CC-58FD2472248D}
[2012/08/16 01:24:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3817A034-0E3F-497A-A1D8-7CBA37DD1BC9}
[2012/08/15 13:23:44 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3FA2AF25-0B8F-4EB5-ABE2-4AB757D85DD8}
[2012/08/15 13:23:33 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3D59609B-A80B-4DDF-8AC7-D1EC1F894F30}
[2012/08/15 01:23:07 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{7A984788-79B6-42A7-8B9D-7B7681C1A770}
[2012/08/15 01:22:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{06FCFE14-D950-48DC-8F31-5EA723B2DDCF}
[2012/08/14 18:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pen Tablet
[2012/08/14 18:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PEN TABLET
[2012/08/14 18:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet Software
[2012/08/14 18:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TABLET SOFTWARE
[2012/08/14 17:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2012/08/14 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
[2012/08/14 17:36:13 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Downloaded Installations
[2012/08/14 16:15:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Mumble
[2012/08/14 16:15:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\Mumble
[2012/08/14 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{306B6760-CA5E-4829-89EB-FB907B5CC4E7}
[2012/08/14 13:22:19 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{4A007076-463F-44A2-AF6C-045E4D6F577B}
[2012/08/14 01:07:22 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D5BB0A97-F69B-48DF-A169-BD90BBA01934}
[2012/08/14 01:07:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D8524266-151B-48BE-BEF7-288E6EB9A95B}
[2012/08/13 16:49:40 | 000,178,008 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kneps.sys
[2012/08/13 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{7732D333-FCE6-4CAF-801A-0DDE4FD586AC}
[2012/08/13 01:06:19 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B78C161A-A2FE-4445-BB31-B9661C10431A}
[2012/08/12 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9F09FF44-D037-4D1D-9BF6-0040086BCDE9}
[2012/08/12 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{EF91DED0-3480-49B1-B701-5CCE067A8D16}
[2012/08/12 01:05:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{06EA2F0E-A22C-4B83-8C6D-D1109014C1E1}
[2012/08/12 01:04:59 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{91FA2DBF-E6F2-4D2B-8D07-9F903B579E38}
[2012/08/11 13:11:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
[2012/08/11 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{55D87EF6-0B10-43B8-9256-137DCA9B611A}
[2012/08/11 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D1CAEB55-03DA-46D1-B255-DB50474203E4}
[2012/08/10 23:27:39 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F4A17F0C-007D-4C1C-97D5-5B87ED8097C2}
[2012/08/10 23:27:28 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B3E135C0-10C6-42B0-A423-619F4038929E}
[2012/08/10 11:27:01 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{269307A1-8153-4567-A245-9F458AFCF6BB}
[2012/08/10 11:26:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{1A35121F-FCC7-4F26-A145-0CD1443BCA0B}
[2012/08/09 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9BED4E36-00C7-4CF2-B8C9-B5335A7D02B8}
[2012/08/09 23:26:11 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{82069978-209B-45DB-8A50-C317E96FF85C}
[2012/08/09 07:33:42 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9FDD522E-E729-4F39-B453-B2D3668AF216}
[2012/08/09 07:33:30 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{327F8DE2-7B70-4432-9169-2AC739BF0995}
[2012/08/08 19:33:03 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B3EE49FD-222F-4594-BD37-887C548081AC}
[2012/08/08 19:32:52 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{678B0AD1-FADC-4C52-9D02-E0558E0A6565}
[2012/08/08 07:32:26 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{AA5D6B82-8CA4-489A-AB1D-48C88F31207C}
[2012/08/07 19:32:01 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3166C3C8-0E62-4C97-B721-F1B683B662CF}
[2012/08/07 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{58D716E8-3770-4D56-93D5-FF827C507032}
[2012/08/07 07:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012/08/07 07:31:22 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{6527EA24-2C29-4979-8398-E5424CD24F18}
[2012/08/06 19:30:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E3009958-8913-4D94-AD09-4C34244FE4DD}
[2012/08/06 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{4CFF4802-7550-49FF-BDFE-049507EEEF1F}
[2012/08/05 22:06:08 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{41C1844D-147F-4E35-922C-16ACC1541CD8}
[2012/08/05 22:05:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E5D2DDC3-0477-41E3-B143-7752692EAA9E}
[2012/08/05 04:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012/08/04 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{AE1D2F94-CC9C-4210-B532-A792FAE81BA0}
[2012/08/04 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{39369D2B-C919-45B5-A832-7626990041B5}
[2012/08/04 10:50:29 | 000,024,448 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2012/08/04 10:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2012/08/04 10:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
[2012/08/04 10:32:13 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\IObit
[2012/08/04 10:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/08/04 10:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\iobit
[2012/08/04 09:58:15 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/04 09:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/04 09:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/08/04 09:53:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/04 09:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/04 09:08:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{2899EB0C-0213-4F11-91DC-BA26938F7510}
[2012/08/04 02:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/08/04 02:53:15 | 001,468,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/08/04 02:53:14 | 015,290,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/08/04 02:53:14 | 012,388,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/08/04 02:53:14 | 000,969,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/08/04 02:53:14 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/08/04 02:53:14 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/08/04 01:53:04 | 001,758,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/08/04 01:53:04 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/08/04 01:53:04 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2012/08/04 01:53:04 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/08/04 01:53:04 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/08/04 01:51:58 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/08/04 01:44:33 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/08/04 01:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/08/04 01:37:46 | 001,547,616 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2012/08/04 01:37:46 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012/08/04 01:34:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\WinRAR
[2012/08/04 01:31:30 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Device Doctor
[2012/08/04 01:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor
[2012/08/04 01:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Device Doctor
[2012/08/03 22:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2012/08/03 22:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2012/08/03 22:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2012/08/03 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{5D695209-6EA1-4F48-922D-0E2306E1C05E}
[2012/08/03 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{6E253845-CEA7-4BE8-9BD2-29A50CA534FE}
[2012/08/03 16:38:52 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E5AFE105-F826-4CC5-8677-A36F13B8BEC5}
[2012/08/02 22:43:00 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/02 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/02 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/08/02 17:50:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F0046B75-1A90-450D-9E4E-B85DC2154731}
[2012/08/02 17:50:04 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9C203CB5-BE5B-48D3-A4A4-4397FBFD39BB}
[2012/08/02 15:09:34 | 000,028,504 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2012/08/02 04:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012/08/02 04:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2012/08/02 03:03:37 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{90D9B343-A6EE-487F-A0C6-CAF6A34EB64C}
[2012/08/02 03:03:26 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{587C944F-7B6B-43CC-9C89-547C6B9AF604}
[2012/08/01 15:03:00 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{88C6DEBC-E7C8-4FD1-A79D-5E025FF498EA}
[2012/08/01 15:02:49 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{934B1B52-B051-40AD-8C04-38F065321DB1}
[2012/08/01 09:40:53 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\TERA-Diagnostic
[2012/08/01 08:19:29 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/08/01 08:19:26 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/08/01 08:19:26 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/08/01 08:07:03 | 000,000,000 | -HSD | C] -- C:\Users\Nawaf\AppData\Local\ms-drivers
[2012/08/01 08:06:54 | 000,000,000 | -HSD | C] -- C:\Users\Nawaf\AppData\Local\icsxml
[2012/08/01 07:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\TERA
[2012/08/01 07:20:57 | 000,307,088 | ---- | C] (Network Tunnel Lab) -- C:\Windows\SysWow64\networkdlllsp.dll
[2012/08/01 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\BattlePing
[2012/08/01 07:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BattlePing
[2012/08/01 07:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BattlePing
[2012/07/31 22:43:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{DAB6EE53-1362-4048-B3F2-36BFE2FCED23}
[2012/07/31 22:43:03 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{51D23349-7681-41DB-8A72-B408650E34DB}
[2012/07/31 10:42:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{04094001-CD76-4F69-B27D-BDE38C356331}
[2012/07/31 10:42:04 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{76ADA4A4-A144-401F-982A-9C20E9D0DF62}
[2012/07/30 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{6AA3AC9A-49DE-4D4A-BF39-52C04F4D2EE7}
[2012/07/30 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{72C95815-4052-4455-9B3D-30EF60BAE711}
[2012/07/30 17:56:05 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{4197CD3B-1BA4-43B9-9E73-8C9F93A7E7CD}
[2012/07/30 00:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9EF09234-E61A-4510-8D83-80A836BA08B4}
[2012/07/30 00:28:28 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F3D85853-A5D4-4487-9438-E2E5EAEA6DA7}
[2012/07/29 13:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
[2012/07/29 13:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteelSeries
[2012/07/29 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{2B504156-22FD-42A4-AB3E-37921DF0A009}
[2012/07/29 12:27:51 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D7F32887-B32B-4077-827F-A882B17B83C1}
[2012/07/28 22:45:12 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/28 22:45:12 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/28 22:45:12 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/28 22:45:06 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/28 22:45:06 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/28 22:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 18:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012/07/28 18:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/07/28 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{BFBDACE5-6874-4D78-9996-9FE7F4533A64}
[2012/07/28 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{20C42F10-FDCB-4D51-B605-ABA1A9752006}
[2012/07/28 01:54:36 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{318CFBF6-53BD-4369-8CA2-556ED2AE0424}
[2012/07/28 01:54:25 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{0E1E4A6F-9B6C-4539-A00A-F56C1DB9D47F}
[2012/07/27 13:53:59 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{17318693-5B15-4C96-A56B-E8A247BEF579}
[2012/07/27 13:53:47 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D9D97365-CB4B-4141-ACFC-64E9F8DF28CB}
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/26 06:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3819528912-3924640605-2489132768-1000UA.job
[2012/08/26 06:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 05:57:53 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}
[2012/08/26 05:57:53 | 000,003,284 | ---- | M] () -- C:\Users\Nawaf\AppData\Roaming\ANIWZCS{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}
[2012/08/26 03:28:26 | 002,587,881 | ---- | M] () -- C:\Users\Nawaf\Desktop\reso.png
[2012/08/26 03:14:51 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 03:14:51 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 02:42:23 | 000,721,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/26 02:42:23 | 000,612,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/26 02:42:23 | 000,105,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/25 16:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3819528912-3924640605-2489132768-1000Core.job
[2012/08/25 06:39:14 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/25 06:39:14 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/25 06:35:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/25 06:35:31 | 2133,733,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/24 07:02:53 | 001,717,714 | ---- | M] () -- C:\Users\Nawaf\Desktop\DNS.png
[2012/08/22 18:22:25 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/22 18:22:25 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/22 18:22:25 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/22 18:22:25 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/22 18:22:25 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/22 18:22:25 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/20 07:19:45 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2012/08/19 17:36:36 | 000,001,280 | ---- | M] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Reviver.lnk
[2012/08/19 17:07:37 | 000,302,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/18 19:34:55 | 000,002,377 | ---- | M] () -- C:\Users\Nawaf\Documents\MumbleAutomaticCertificateBackup.p12
[2012/08/14 19:23:27 | 000,001,958 | ---- | M] () -- C:\Windows\Tablet8000x6000M.ini
[2012/08/14 18:03:00 | 000,000,142 | ---- | M] () -- C:\Windows\PenSign.INI
[2012/08/13 18:24:24 | 000,089,432 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012/08/13 18:24:20 | 000,611,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kneps.sys
[2012/08/08 21:20:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNAWAF-HP$.job
[2012/08/07 22:54:02 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNawaf.job
[2012/08/06 02:13:47 | 000,002,872 | ---- | M] () -- C:\Windows\SysWow64\LOWERP.ini
[2012/08/06 02:13:47 | 000,001,544 | ---- | M] () -- C:\Windows\SysWow64\LPOff.ini
[2012/08/06 02:13:47 | 000,001,544 | ---- | M] () -- C:\Windows\SysNative\LPOff.ini
[2012/08/04 10:13:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/04 01:50:08 | 000,014,416 | ---- | M] () -- C:\Users\Nawaf\Documents\cc_20120804_015004.reg
[2012/08/03 04:46:56 | 059,884,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2012/08/02 04:20:12 | 000,001,844 | ---- | M] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\TERA.lnk
[2012/08/01 07:20:53 | 000,000,037 | -HS- | M] () -- C:\Users\Nawaf\AppData\Local\1754111884ee9ab5277ca00.95260103
[2012/07/28 22:45:00 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/28 22:45:00 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/28 22:45:00 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/28 22:44:59 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/28 22:44:59 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/26 03:42:16 | 000,016,048 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/08/26 03:28:26 | 002,587,881 | ---- | C] () -- C:\Users\Nawaf\Desktop\reso.png
[2012/08/24 07:02:53 | 001,717,714 | ---- | C] () -- C:\Users\Nawaf\Desktop\DNS.png
[2012/08/19 17:41:38 | 000,002,400 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2012/08/19 17:36:36 | 000,001,280 | ---- | C] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Reviver.lnk
[2012/08/18 19:34:55 | 000,002,377 | ---- | C] () -- C:\Users\Nawaf\Documents\MumbleAutomaticCertificateBackup.p12
[2012/08/14 19:23:27 | 000,001,958 | ---- | C] () -- C:\Windows\Tablet8000x6000M.ini
[2012/08/14 18:03:00 | 000,000,142 | ---- | C] () -- C:\Windows\PenSign.INI
[2012/08/04 02:53:52 | 002,667,062 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/08/04 01:50:05 | 000,014,416 | ---- | C] () -- C:\Users\Nawaf\Documents\cc_20120804_015004.reg
[2012/08/04 01:44:33 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/08/04 01:37:46 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012/08/02 04:20:12 | 000,001,844 | ---- | C] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\TERA.lnk
[2012/08/01 08:20:47 | 000,001,637 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT Audio Control Panel.lnk
[2012/08/01 07:20:53 | 000,000,037 | -HS- | C] () -- C:\Users\Nawaf\AppData\Local\1754111884ee9ab5277ca00.95260103
[2012/07/28 18:49:05 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/06/28 17:44:42 | 000,428,904 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/06/18 22:15:53 | 000,000,600 | ---- | C] () -- C:\Users\Nawaf\AppData\Local\PUTTY.RND
[2012/06/07 13:47:06 | 000,003,284 | ---- | C] () -- C:\Users\Nawaf\AppData\Roaming\ANIWZCS{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}
[2012/06/07 13:43:19 | 000,000,253 | ---- | C] () -- C:\Users\Nawaf\AppData\Roaming\ANICONFIG_{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}.ini
[2012/06/07 12:31:59 | 002,246,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/07 12:14:38 | 000,002,872 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2012/06/07 12:14:38 | 000,001,544 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2012/06/07 12:04:22 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2012/06/07 12:04:11 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2012/06/07 12:04:11 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2012/06/07 12:04:11 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2012/06/07 12:04:11 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2012/06/07 12:03:47 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2012/06/07 12:03:21 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2012/06/07 12:03:21 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012/06/07 12:03:21 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2012/06/07 11:42:47 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/07/29 18:07:58 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/07/29 17:57:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/09/21 20:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
< End of report >
thank you in advance for any effort placed into trying to find if there is or not a problem as this is just a possibility not 100% sure its an infection. below is the notepad labeled as Extras from the OTL scan:
OTL Extras logfile created on: 8/26/2012 6:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\Nawaf\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 4.93 Gb Available Physical Memory | 61.71% Memory free
15.96 Gb Paging File | 12.33 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.71 Gb Total Space | 1576.11 Gb Free Space | 85.21% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.59 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
Computer Name: NAWAF-HP | User Name: Nawaf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCEB974-E08B-46D0-8026-F4CDE7F3B643}" = lport=138 | protocol=17 | dir=in | app=system |
"{14B7699A-26ED-412D-99B9-C8A3975D9B43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F220161-607E-41DE-8637-85E3604D5E80}" = rport=445 | protocol=6 | dir=out | app=system |
"{4171D3C5-7E65-4163-93BE-0EAB6E1EF08C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63FA8600-CB18-4DD8-86EA-C2737EDDB473}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{827FEBD8-5955-4070-96FB-81DBF1F49ADD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{89202623-58C9-4561-B84A-AC506CFC574E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B7F5C6E-8ACF-49EE-BCA8-43F4D849B22D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8CEE94F2-0ECC-4A9E-820A-3557C1D9B8AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E9265EB-B920-4739-8271-AD3E37DFD444}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2AB44FB-F3EA-4BCC-B368-E08C8CE42D18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8078641-8A1A-4BC9-929D-52F5E2B8C5DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{AB137D11-047F-4447-8688-528295EBDC50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB6DD801-50F0-482E-89C2-BEBD85A0ACDD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB6A4CCA-CB51-492C-89E2-FB4350EC6652}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C39EAFC1-D8CD-49E8-A90F-26945B8EFA95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C890CC92-A44F-455E-8D41-EE3956FB12DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8BD30A2-7DFC-4233-892D-B5609C3F443E}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD2C3BD6-3B46-4FA9-A026-2E6A751F1AC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA7E9F1D-6E61-434D-B578-C0B25DFEAEF8}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED159205-E0E4-4073-8E6E-465D40F2AD6C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0974A94A-9488-40AE-A642-58F053B74BA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0CBEA380-C55A-4A60-AC77-D9B14005CA84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EC964BB-3659-4AE4-9CDE-1A0931480E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{23DC84F8-72B7-4798-91A1-CE38EFE4208D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28180917-61EF-449E-AB2F-023D8B0EE298}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30403458-9B68-424D-B468-2A3B3DA75A9F}" = protocol=1 | dir=out | [email protected],-28544 |
"{32D499D9-B4A2-41D0-A187-C35A5FC5E25E}" = protocol=6 | dir=out | app=system |
"{3561D65A-7F57-4345-865B-E295B1508441}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{453005F1-BF67-4FEE-A115-1C39189DEA13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B5232D4-A640-4749-8355-5D36383E1EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{562B9BFC-7BCA-4826-AE75-788C72C78F02}" = protocol=1 | dir=in | [email protected],-28543 |
"{654F60A2-2DA0-4AB3-9035-3F3BD27598A2}" = protocol=58 | dir=out | [email protected],-28546 |
"{74B81157-2886-43A7-9014-E5B00ED97A7A}" = protocol=58 | dir=in | [email protected],-28545 |
"{786B3C46-5880-4229-9FC6-14D867582F7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B903C1D-F940-44E7-8DAA-8C318A0B03B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA56CAD9-5666-4620-89C7-1FBCBA216E56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD99D847-5682-481D-AFDA-122752988D2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B543B29B-42F5-4357-B9C3-3F1F0F453D9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C37AFB45-21FF-46AD-BF45-A5F34ED987F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C68FDA98-347E-47F7-B8D1-50041F1718AE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D15A6E61-9FAF-4793-8E6C-F34C89207ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E212C0CD-1FEE-4D0A-8389-B127AE06EE36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6557B76-F066-438C-A5B0-6FD475E101EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD92E1A7-E250-4468-96F8-3E4530229813}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{01D86FE4-9AB6-4FDD-A29D-BB7C91E545FE}C:\program files (x86)\battleping\battleping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battleping\battleping.exe |
"TCP Query User{1E1F97D1-D5FC-4C39-BD24-763E738BBCFD}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{1EC56F8E-7A9D-43D4-87BB-63BED4C6E454}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{2E6E9E88-0211-4E06-877F-C5497006376C}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{4C79F657-00BC-4330-8D2F-BF6EC2D352CD}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{4D27DF8C-0341-48CD-AF9A-842929253EED}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{4F347319-F20F-4F48-B95E-03EB5768DA27}C:\users\nawaf\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\nawaf\appdata\local\temp\gw2.exe |
"TCP Query User{638E84CF-A993-47F4-8828-6D185E2C7629}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"TCP Query User{6CF83C2B-470A-4FB7-8CE1-142472CCFE28}J:\nawaf\tera\tera-launcher.exe" = protocol=6 | dir=in | app=j:\nawaf\tera\tera-launcher.exe |
"TCP Query User{7930B67E-1C6F-4D11-9469-6CB52EDEF34F}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"TCP Query User{950D54C0-8090-4DD0-B01B-A27C2B6E35FB}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{BC822F52-37CD-4D49-A679-DE60E3E6CF0F}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{CAB2DAE3-B711-4709-A7AF-2AAC36A9AAA6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{D20F0DCD-26A8-44B2-A654-0A6E3B5B72B5}C:\users\nawaf\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\nawaf\guild wars 2\gw2.exe |
"TCP Query User{F20AA6ED-7569-4E70-8407-6F1A14EF3DE0}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{FACE7CAD-FC63-46CA-9BA1-0200936093CB}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{FE1F37EC-C866-4242-8B05-98DAC757BB2E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{00380F52-3E0B-4185-A31F-40C98DFAF6C8}C:\program files (x86)\battleping\battleping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battleping\battleping.exe |
"UDP Query User{091F2CBB-5541-4EF2-B89E-84DF8AF8E753}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{27BD4F0A-390E-4F81-935C-EE9ADCB5BED6}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{2A2316E8-8560-47FE-9A1B-6244376710BF}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{301022DD-4AD5-4AE7-A6B3-0EC35B09F771}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"UDP Query User{4140BC3B-C3D6-4156-9EAD-E11885E02122}C:\users\nawaf\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\nawaf\appdata\local\temp\gw2.exe |
"UDP Query User{4A84DE2C-9F30-42BB-81C3-A5415C8A3ADF}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{55091737-8F87-491D-94FD-16F732AA1C0F}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"UDP Query User{5552DE1B-30E5-4C5B-B243-7862BC14C3BA}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{59938451-9FFD-45BD-9317-3779BBDF749F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{59C0EA53-DEB8-416C-9ADA-44C2619BFE0E}C:\users\nawaf\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\nawaf\guild wars 2\gw2.exe |
"UDP Query User{725CCE8E-66EA-46C7-B49C-AB47665E6158}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"UDP Query User{77E0D463-2294-4002-9654-D06599016E03}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{9B4F4F17-98F5-44FE-B518-241F0A384301}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{A8754207-66A2-4DFB-9B1C-7BCB66D6FA7B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{E3D37998-55E3-4D54-9FBF-C2A698A184AC}J:\nawaf\tera\tera-launcher.exe" = protocol=17 | dir=in | app=j:\nawaf\tera\tera-launcher.exe |
"UDP Query User{E5C2D97B-EB31-4692-8400-C379162D9EBB}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java 7 Update 5 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.POWERPOINT_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.POWERPOINT_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.17.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"044456F7BA1F8BD283F89F4015EFB51DEA216A39" = Windows Driver Package - SteelSeries (HidUsb) HIDClass (11/19/2010 1.2.4.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"WinRAR archiver" = WinRAR 4.00 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link RangeBooster N DWA-140
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BattlePing" = BattlePing 1.3.0.9
"BSPlayerf" = BS.Player FREE
"Cisco Connect" = Cisco Connect
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Device Doctor_is1" = Device Doctor v2.1
"EasyBits Magic Desktop" = Magic Desktop
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.3.5
"Guild Wars 2" = Guild Wars 2
"HotspotShield" = Hotspot Shield 2.67
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Internet Download Manager" = Internet Download Manager
"LowerPing" = LowerPing 2.6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF Complete" = PDF Complete Special Edition
"PowerISO" = PowerISO
"Rainmeter" = Rainmeter
"RocketDock_is1" = RocketDock 1.3.5
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/31/2012 9:37:51 PM | Computer Name = Nawaf-HP | Source = Application Hang | ID = 1002
Description = The program TERA.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1760 Start Time:
01cd6f863e1212d4 Termination Time: 4 Application Path: C:\Program Files (x86)\TERACOPYED\Client\Binaries\TERA.exe
Report
Id: 800f7a0c-db79-11e1-bd42-e06995b76a0e
Error - 8/1/2012 12:23:51 AM | Computer Name = Nawaf-HP | Source = Application Hang | ID = 1002
Description = The program TERA.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 16d0 Start Time:
01cd6f9d5c231a4d Termination Time: 10122 Application Path: C:\Program Files (x86)\TERACOPYED\Client\Binaries\TERA.exe
Report
Id: a8d1a1a9-db90-11e1-bd42-e06995b76a0e
Error - 8/1/2012 1:20:58 AM | Computer Name = Nawaf-HP | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3555.308, time
stamp: 0x4f596cbb Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting
process id: 0xe08 Faulting application start time: 0x01cd6fa332f4569f Faulting application
path: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Faulting module
path: C:\Windows\syswow64\KERNELBASE.dll Report Id: ac82178c-db98-11e1-827c-e06995b76a0e
Error - 8/4/2012 8:45:44 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 3038
Description =
Error - 8/4/2012 8:45:44 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 7040
Description =
Error - 8/4/2012 8:45:44 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 7042
Description =
Error - 8/4/2012 8:45:48 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 3028
Description =
Error - 8/4/2012 8:45:48 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 3058
Description =
Error - 8/4/2012 8:45:48 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 7010
Description =
Error - 8/14/2012 12:49:38 PM | Computer Name = Nawaf-HP | Source = Application Error | ID = 1000
Description = Faulting application name: TERA.exe, version: 0.0.0.0, time stamp:
0x5019dff2 Faulting module name: TERA.exe, version: 0.0.0.0, time stamp: 0x5019dff2
Exception
code: 0xc0000005 Fault offset: 0x01e752ce Faulting process id: 0x78c Faulting application
start time: 0x01cd7a3c154ffae4 Faulting application path: C:\Program Files\TERA\Client\Binaries\TERA.exe
Faulting
module path: C:\Program Files\TERA\Client\Binaries\TERA.exe Report Id: 08df7547-e630-11e1-9350-e06995b76a0e
[ System Events ]
Error - 8/5/2012 2:52:24 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 8/5/2012 4:49:29 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7030
Description = The Hotspot Shield Service service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.
Error - 8/5/2012 4:49:30 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7034
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 8/5/2012 6:16:30 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7034
Description = The AdvancedSystemCareAntivirus service terminated unexpectedly.
It has done this 1 time(s).
Error - 8/5/2012 6:16:42 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7030
Description = The Advanced SystemCare Service 5 service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.
Error - 8/8/2012 12:22:19 PM | Computer Name = Nawaf-HP | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 8/14/2012 11:01:40 AM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7030
Description = The WinTab Service service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 8/14/2012 11:02:28 AM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7030
Description = The WinTab Service service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 8/16/2012 9:00:15 AM | Computer Name = Nawaf-HP | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 8/19/2012 12:55:10 PM | Computer Name = Nawaf-HP | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.
< End of report >