Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet disconnecting, possibility of infection


  • Please log in to reply

#1
phantomsx

phantomsx

    Member

  • Member
  • PipPip
  • 12 posts
for more than a month now my internet randomly disconnects from time to time giving me a DNS not responding error, tried placing my ISP's dns into the Ipv4 network adapter etc with no use. i starting to notice that the problem happens mostly at night and maybe at fixed times. talked with my isp and the current possibility is that there is an infection causing my DNS to be rejected, blocked or something of that kind. i dont really understand how to identify if theres a malware from the OTL scan so ill just post the scan results i obtained here, if its not needed you can tell me to edit and remove the logs.
when the internet disconnects it happens to all the pcs connected to it (just 2 to be specific) i experienced the disconnecting a few hours ago with only my PC on which might rule out some possibilities that the other pc is the cause.

OTL logfile created on: 8/26/2012 6:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\Nawaf\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 4.93 Gb Available Physical Memory | 61.71% Memory free
15.96 Gb Paging File | 12.33 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.71 Gb Total Space | 1576.11 Gb Free Space | 85.21% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.59 Gb Free Space | 12.07% Space Free | Partition Type: NTFS

Computer Name: NAWAF-HP | User Name: Nawaf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/08/26 06:38:43 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Nawaf\Downloads\OTL.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/08/03 04:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
PRC - [2012/08/03 04:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/08/03 04:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/06/29 06:37:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/06/28 17:44:30 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/06/07 12:40:40 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/06/07 12:26:44 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe
PRC - [2011/12/20 16:06:00 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.196\deploy\LolClient.exe
PRC - [2011/12/20 15:24:22 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/08/19 11:11:26 | 002,548,224 | ---- | M] (SteelSeries) -- C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
PRC - [2011/08/18 11:36:54 | 001,993,216 | ---- | M] (SteelSeries) -- C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/10/05 17:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 17:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/28 18:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/05/25 15:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/09/18 10:24:08 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2009/08/21 09:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/08/19 21:24:24 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe
PRC - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2009/05/09 02:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/09 02:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/28 05:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/18 01:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/18 01:28:54 | 012,236,824 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012/08/18 01:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/18 01:27:36 | 000,526,872 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll
MOD - [2012/08/18 01:27:35 | 000,104,984 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll
MOD - [2012/08/18 01:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/18 01:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/18 01:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/06/07 12:28:09 | 004,770,176 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.196\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/06/07 12:26:44 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/20 15:24:22 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/04/11 13:58:21 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll
MOD - [2011/04/11 13:58:17 | 000,370,688 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll
MOD - [2009/09/11 13:10:04 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\WinTab32.dll
MOD - [2009/07/07 18:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
MOD - [2009/02/28 05:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/20 03:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/24 02:23:14 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/08/06 05:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/09/23 17:34:06 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/08/25 06:39:14 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/08/03 04:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/08/03 04:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2012/08/03 04:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/08/03 04:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/29 06:37:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/06/28 17:44:30 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/06/23 00:18:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/31 11:51:32 | 003,272,704 | ---- | M] (LowerPing) [On_Demand | Stopped] -- C:\Program Files (x86)\LowerPing\LowerP.EXE -- (LOWERP)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/26 06:20:28 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/10/05 17:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 17:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/28 18:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/19 04:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/13 18:24:20 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/25 14:53:54 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/07/24 23:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/07/24 23:11:52 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/05/25 19:38:48 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/05/21 16:10:51 | 000,188,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/23 14:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/09 18:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 11:55:30 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/12/17 15:25:44 | 000,023,040 | ---- | M] (Sagatek Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MO3v2Driver.sys -- (SSMO3v2Filter)
DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/13 16:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/12 11:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 14:42:36 | 000,022,696 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2009/06/18 14:42:18 | 000,027,304 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2009/06/18 14:42:00 | 000,017,064 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2009/06/18 14:41:48 | 000,027,304 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/13
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.animetake.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nawaf\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nawaf\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/08/26 06:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 00:18:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Nawaf\AppData\Roaming\IDM\idmmzcc5 [2012/06/07 12:39:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 00:18:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Nawaf\AppData\Roaming\IDM\idmmzcc5 [2012/06/07 12:39:33 | 000,000,000 | ---D | M]

[2012/06/07 12:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nawaf\AppData\Roaming\Mozilla\Extensions
[2012/06/08 12:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nawaf\AppData\Roaming\Mozilla\Firefox\Profiles\2j07ydun.default\extensions
[2012/08/03 22:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 22:06:16 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/07 12:39:33 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\NAWAF\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/06/23 00:18:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 18:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 18:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.animetake.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.animetake.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: Azusa Nakano = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\miemcinalacnaglobiaokemajdehgllg\1_0\
CHR - Extension: Gmail = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)
O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [Device Doctor] C:\Program Files (x86)\Device Doctor\DDLauncher.exe (Device Doctor Software Inc.)
O4 - HKCU..\Run: [IDMan] c:\program files (x86)\internet download manager\idman.exe (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 196.1.69.98 196.1.69.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}: DhcpNameServer = 196.1.69.98 196.1.69.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C48336A-913C-468B-A877-EEA2F9533482}: DhcpNameServer = 10.85.88.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7227B5F1-88BD-4B98-A72C-661324A43424}: DhcpNameServer = 196.1.69.98 196.1.69.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7227B5F1-88BD-4B98-A72C-661324A43424}: NameServer = 196.1.69.98,196.1.69.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 06:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2012/08/26 06:40:00 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2012/08/26 06:39:15 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012/08/26 06:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/08/26 06:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/08/26 06:39:08 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/08/26 06:39:08 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012/08/26 06:34:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/26 03:43:31 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/08/26 03:42:16 | 026,226,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/08/26 03:42:16 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/08/26 03:42:16 | 019,828,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/08/26 03:42:16 | 018,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/08/26 03:42:16 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/08/26 03:42:16 | 009,164,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/08/26 03:42:16 | 007,699,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/08/26 03:42:16 | 002,744,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/08/26 03:42:16 | 002,573,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/08/26 03:42:16 | 002,422,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/08/26 03:42:16 | 002,216,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/08/26 03:42:16 | 001,865,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/08/26 03:42:16 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012/08/26 03:42:16 | 000,828,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/08/26 03:42:16 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/08/26 03:42:16 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/08/26 03:42:16 | 000,188,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/08/26 03:42:16 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/08/26 02:39:38 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\Guild Wars 2
[2012/08/25 18:48:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{84215494-4B30-40E6-BBEE-C8816D521904}
[2012/08/25 10:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/08/25 10:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012/08/25 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\Documents\Guild Wars 2
[2012/08/25 06:47:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9E2A0723-A069-4352-9099-54AD2ABF46A2}
[2012/08/25 06:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/25 04:18:43 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Malwarebytes
[2012/08/25 04:18:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/25 04:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/25 04:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/25 04:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/25 04:14:00 | 059,884,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/08/24 18:47:33 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B3CB3E71-743C-46E8-9247-AB6E31773AAE}
[2012/08/23 20:01:06 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{73EBA53C-D5A6-4257-877C-A975ACBBD9B9}
[2012/08/23 08:00:42 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{77A07170-5EB6-4B2A-B8F8-D73D995EE895}
[2012/08/22 18:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/22 18:22:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/22 18:22:29 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/22 18:22:29 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/22 18:22:29 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/22 16:53:32 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{582888AF-D1E7-4487-BB15-A86C0ECC0AB9}
[2012/08/21 16:52:56 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E404A768-3623-4495-84A6-4551128DFE77}
[2012/08/21 00:21:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{A2A82F1C-E9F0-4B69-B8EF-C3CE34CFDE1E}
[2012/08/20 07:21:25 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{190955FC-27C3-4FCC-8C54-FD1541A75A7B}
[2012/08/19 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Reviversoft
[2012/08/19 17:36:36 | 000,018,240 | ---- | C] (ReviverSoft) -- C:\Windows\SysNative\roboot64.exe
[2012/08/19 17:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2012/08/19 17:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reviversoft
[2012/08/19 17:31:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2012/08/19 17:31:46 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\PackageAware
[2012/08/19 17:24:30 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Uniblue
[2012/08/19 17:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/08/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012/08/19 17:01:51 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/19 17:01:50 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/19 17:01:50 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/19 17:01:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/19 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D90EF747-337B-46C0-8502-C7537796F995}
[2012/08/18 19:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/08/18 19:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012/08/18 13:56:25 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3058724F-F615-4CC9-B5D6-958B24F0BC84}
[2012/08/18 13:56:14 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{264BDDE6-81BE-4A07-9B2B-39580C0ED345}
[2012/08/18 01:48:35 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{C36174C3-177B-419B-AEA2-0E56881D1185}
[2012/08/18 01:48:23 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B0FCE5E2-31D2-4E93-9EE1-7E0F8E624FBA}
[2012/08/17 13:47:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{FBBAA717-F0A2-48A6-B80A-C3CE64E40068}
[2012/08/17 13:47:45 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{13CA0861-0FE6-4CD2-BF7B-737E191AF79D}
[2012/08/17 01:25:37 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{640C0543-F045-4850-865C-2FB84B9AFE70}
[2012/08/17 01:25:26 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{493F6D4F-2839-44D2-9260-D957252BC786}
[2012/08/16 13:25:00 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{58824C71-A113-40D7-8FD4-F2F16A36CE32}
[2012/08/16 13:24:47 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{AFCBED33-46B0-449C-9D32-4DC7EFF18F81}
[2012/08/16 03:12:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 03:12:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 03:12:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 03:12:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 03:12:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 03:12:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 03:12:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 03:12:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 03:12:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 03:12:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 03:12:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 03:12:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 03:12:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/16 03:09:01 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/16 03:09:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/16 03:09:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/16 03:09:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/16 01:24:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{A25665BC-07AD-4AEF-88CC-58FD2472248D}
[2012/08/16 01:24:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3817A034-0E3F-497A-A1D8-7CBA37DD1BC9}
[2012/08/15 13:23:44 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3FA2AF25-0B8F-4EB5-ABE2-4AB757D85DD8}
[2012/08/15 13:23:33 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3D59609B-A80B-4DDF-8AC7-D1EC1F894F30}
[2012/08/15 01:23:07 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{7A984788-79B6-42A7-8B9D-7B7681C1A770}
[2012/08/15 01:22:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{06FCFE14-D950-48DC-8F31-5EA723B2DDCF}
[2012/08/14 18:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pen Tablet
[2012/08/14 18:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PEN TABLET
[2012/08/14 18:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet Software
[2012/08/14 18:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TABLET SOFTWARE
[2012/08/14 17:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2012/08/14 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
[2012/08/14 17:36:13 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Downloaded Installations
[2012/08/14 16:15:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Mumble
[2012/08/14 16:15:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\Mumble
[2012/08/14 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{306B6760-CA5E-4829-89EB-FB907B5CC4E7}
[2012/08/14 13:22:19 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{4A007076-463F-44A2-AF6C-045E4D6F577B}
[2012/08/14 01:07:22 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D5BB0A97-F69B-48DF-A169-BD90BBA01934}
[2012/08/14 01:07:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D8524266-151B-48BE-BEF7-288E6EB9A95B}
[2012/08/13 16:49:40 | 000,178,008 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kneps.sys
[2012/08/13 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{7732D333-FCE6-4CAF-801A-0DDE4FD586AC}
[2012/08/13 01:06:19 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B78C161A-A2FE-4445-BB31-B9661C10431A}
[2012/08/12 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9F09FF44-D037-4D1D-9BF6-0040086BCDE9}
[2012/08/12 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{EF91DED0-3480-49B1-B701-5CCE067A8D16}
[2012/08/12 01:05:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{06EA2F0E-A22C-4B83-8C6D-D1109014C1E1}
[2012/08/12 01:04:59 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{91FA2DBF-E6F2-4D2B-8D07-9F903B579E38}
[2012/08/11 13:11:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
[2012/08/11 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{55D87EF6-0B10-43B8-9256-137DCA9B611A}
[2012/08/11 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D1CAEB55-03DA-46D1-B255-DB50474203E4}
[2012/08/10 23:27:39 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F4A17F0C-007D-4C1C-97D5-5B87ED8097C2}
[2012/08/10 23:27:28 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B3E135C0-10C6-42B0-A423-619F4038929E}
[2012/08/10 11:27:01 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{269307A1-8153-4567-A245-9F458AFCF6BB}
[2012/08/10 11:26:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{1A35121F-FCC7-4F26-A145-0CD1443BCA0B}
[2012/08/09 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9BED4E36-00C7-4CF2-B8C9-B5335A7D02B8}
[2012/08/09 23:26:11 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{82069978-209B-45DB-8A50-C317E96FF85C}
[2012/08/09 07:33:42 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9FDD522E-E729-4F39-B453-B2D3668AF216}
[2012/08/09 07:33:30 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{327F8DE2-7B70-4432-9169-2AC739BF0995}
[2012/08/08 19:33:03 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B3EE49FD-222F-4594-BD37-887C548081AC}
[2012/08/08 19:32:52 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{678B0AD1-FADC-4C52-9D02-E0558E0A6565}
[2012/08/08 07:32:26 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{AA5D6B82-8CA4-489A-AB1D-48C88F31207C}
[2012/08/07 19:32:01 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3166C3C8-0E62-4C97-B721-F1B683B662CF}
[2012/08/07 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{58D716E8-3770-4D56-93D5-FF827C507032}
[2012/08/07 07:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012/08/07 07:31:22 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{6527EA24-2C29-4979-8398-E5424CD24F18}
[2012/08/06 19:30:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E3009958-8913-4D94-AD09-4C34244FE4DD}
[2012/08/06 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{4CFF4802-7550-49FF-BDFE-049507EEEF1F}
[2012/08/05 22:06:08 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{41C1844D-147F-4E35-922C-16ACC1541CD8}
[2012/08/05 22:05:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E5D2DDC3-0477-41E3-B143-7752692EAA9E}
[2012/08/05 04:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012/08/04 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{AE1D2F94-CC9C-4210-B532-A792FAE81BA0}
[2012/08/04 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{39369D2B-C919-45B5-A832-7626990041B5}
[2012/08/04 10:50:29 | 000,024,448 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2012/08/04 10:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2012/08/04 10:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
[2012/08/04 10:32:13 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\IObit
[2012/08/04 10:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/08/04 10:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\iobit
[2012/08/04 09:58:15 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/04 09:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/04 09:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/08/04 09:53:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/04 09:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/04 09:08:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{2899EB0C-0213-4F11-91DC-BA26938F7510}
[2012/08/04 02:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/08/04 02:53:15 | 001,468,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/08/04 02:53:14 | 015,290,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/08/04 02:53:14 | 012,388,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/08/04 02:53:14 | 000,969,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/08/04 02:53:14 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/08/04 02:53:14 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/08/04 01:53:04 | 001,758,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/08/04 01:53:04 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/08/04 01:53:04 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2012/08/04 01:53:04 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/08/04 01:53:04 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/08/04 01:51:58 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/08/04 01:44:33 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/08/04 01:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/08/04 01:37:46 | 001,547,616 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2012/08/04 01:37:46 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012/08/04 01:34:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\WinRAR
[2012/08/04 01:31:30 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Device Doctor
[2012/08/04 01:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor
[2012/08/04 01:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Device Doctor
[2012/08/03 22:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2012/08/03 22:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2012/08/03 22:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2012/08/03 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{5D695209-6EA1-4F48-922D-0E2306E1C05E}
[2012/08/03 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{6E253845-CEA7-4BE8-9BD2-29A50CA534FE}
[2012/08/03 16:38:52 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E5AFE105-F826-4CC5-8677-A36F13B8BEC5}
[2012/08/02 22:43:00 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/02 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/02 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/08/02 17:50:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F0046B75-1A90-450D-9E4E-B85DC2154731}
[2012/08/02 17:50:04 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9C203CB5-BE5B-48D3-A4A4-4397FBFD39BB}
[2012/08/02 15:09:34 | 000,028,504 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2012/08/02 04:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012/08/02 04:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2012/08/02 03:03:37 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{90D9B343-A6EE-487F-A0C6-CAF6A34EB64C}
[2012/08/02 03:03:26 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{587C944F-7B6B-43CC-9C89-547C6B9AF604}
[2012/08/01 15:03:00 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{88C6DEBC-E7C8-4FD1-A79D-5E025FF498EA}
[2012/08/01 15:02:49 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{934B1B52-B051-40AD-8C04-38F065321DB1}
[2012/08/01 09:40:53 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\TERA-Diagnostic
[2012/08/01 08:19:29 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/08/01 08:19:26 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/08/01 08:19:26 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/08/01 08:07:03 | 000,000,000 | -HSD | C] -- C:\Users\Nawaf\AppData\Local\ms-drivers
[2012/08/01 08:06:54 | 000,000,000 | -HSD | C] -- C:\Users\Nawaf\AppData\Local\icsxml
[2012/08/01 07:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\TERA
[2012/08/01 07:20:57 | 000,307,088 | ---- | C] (Network Tunnel Lab) -- C:\Windows\SysWow64\networkdlllsp.dll
[2012/08/01 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\BattlePing
[2012/08/01 07:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BattlePing
[2012/08/01 07:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BattlePing
[2012/07/31 22:43:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{DAB6EE53-1362-4048-B3F2-36BFE2FCED23}
[2012/07/31 22:43:03 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{51D23349-7681-41DB-8A72-B408650E34DB}
[2012/07/31 10:42:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{04094001-CD76-4F69-B27D-BDE38C356331}
[2012/07/31 10:42:04 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{76ADA4A4-A144-401F-982A-9C20E9D0DF62}
[2012/07/30 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{6AA3AC9A-49DE-4D4A-BF39-52C04F4D2EE7}
[2012/07/30 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{72C95815-4052-4455-9B3D-30EF60BAE711}
[2012/07/30 17:56:05 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{4197CD3B-1BA4-43B9-9E73-8C9F93A7E7CD}
[2012/07/30 00:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9EF09234-E61A-4510-8D83-80A836BA08B4}
[2012/07/30 00:28:28 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F3D85853-A5D4-4487-9438-E2E5EAEA6DA7}
[2012/07/29 13:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
[2012/07/29 13:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteelSeries
[2012/07/29 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{2B504156-22FD-42A4-AB3E-37921DF0A009}
[2012/07/29 12:27:51 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D7F32887-B32B-4077-827F-A882B17B83C1}
[2012/07/28 22:45:12 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/28 22:45:12 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/28 22:45:12 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/28 22:45:06 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/28 22:45:06 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/28 22:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 18:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012/07/28 18:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/07/28 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{BFBDACE5-6874-4D78-9996-9FE7F4533A64}
[2012/07/28 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{20C42F10-FDCB-4D51-B605-ABA1A9752006}
[2012/07/28 01:54:36 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{318CFBF6-53BD-4369-8CA2-556ED2AE0424}
[2012/07/28 01:54:25 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{0E1E4A6F-9B6C-4539-A00A-F56C1DB9D47F}
[2012/07/27 13:53:59 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{17318693-5B15-4C96-A56B-E8A247BEF579}
[2012/07/27 13:53:47 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D9D97365-CB4B-4141-ACFC-64E9F8DF28CB}
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/26 06:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3819528912-3924640605-2489132768-1000UA.job
[2012/08/26 06:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 05:57:53 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}
[2012/08/26 05:57:53 | 000,003,284 | ---- | M] () -- C:\Users\Nawaf\AppData\Roaming\ANIWZCS{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}
[2012/08/26 03:28:26 | 002,587,881 | ---- | M] () -- C:\Users\Nawaf\Desktop\reso.png
[2012/08/26 03:14:51 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 03:14:51 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 02:42:23 | 000,721,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/26 02:42:23 | 000,612,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/26 02:42:23 | 000,105,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/25 16:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3819528912-3924640605-2489132768-1000Core.job
[2012/08/25 06:39:14 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/25 06:39:14 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/25 06:35:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/25 06:35:31 | 2133,733,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/24 07:02:53 | 001,717,714 | ---- | M] () -- C:\Users\Nawaf\Desktop\DNS.png
[2012/08/22 18:22:25 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/22 18:22:25 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/22 18:22:25 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/22 18:22:25 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/22 18:22:25 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/22 18:22:25 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/20 07:19:45 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2012/08/19 17:36:36 | 000,001,280 | ---- | M] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Reviver.lnk
[2012/08/19 17:07:37 | 000,302,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/18 19:34:55 | 000,002,377 | ---- | M] () -- C:\Users\Nawaf\Documents\MumbleAutomaticCertificateBackup.p12
[2012/08/14 19:23:27 | 000,001,958 | ---- | M] () -- C:\Windows\Tablet8000x6000M.ini
[2012/08/14 18:03:00 | 000,000,142 | ---- | M] () -- C:\Windows\PenSign.INI
[2012/08/13 18:24:24 | 000,089,432 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012/08/13 18:24:20 | 000,611,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kneps.sys
[2012/08/08 21:20:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNAWAF-HP$.job
[2012/08/07 22:54:02 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNawaf.job
[2012/08/06 02:13:47 | 000,002,872 | ---- | M] () -- C:\Windows\SysWow64\LOWERP.ini
[2012/08/06 02:13:47 | 000,001,544 | ---- | M] () -- C:\Windows\SysWow64\LPOff.ini
[2012/08/06 02:13:47 | 000,001,544 | ---- | M] () -- C:\Windows\SysNative\LPOff.ini
[2012/08/04 10:13:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/04 01:50:08 | 000,014,416 | ---- | M] () -- C:\Users\Nawaf\Documents\cc_20120804_015004.reg
[2012/08/03 04:46:56 | 059,884,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2012/08/02 04:20:12 | 000,001,844 | ---- | M] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\TERA.lnk
[2012/08/01 07:20:53 | 000,000,037 | -HS- | M] () -- C:\Users\Nawaf\AppData\Local\1754111884ee9ab5277ca00.95260103
[2012/07/28 22:45:00 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/28 22:45:00 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/28 22:45:00 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/28 22:44:59 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/28 22:44:59 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/26 03:42:16 | 000,016,048 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/08/26 03:28:26 | 002,587,881 | ---- | C] () -- C:\Users\Nawaf\Desktop\reso.png
[2012/08/24 07:02:53 | 001,717,714 | ---- | C] () -- C:\Users\Nawaf\Desktop\DNS.png
[2012/08/19 17:41:38 | 000,002,400 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2012/08/19 17:36:36 | 000,001,280 | ---- | C] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Reviver.lnk
[2012/08/18 19:34:55 | 000,002,377 | ---- | C] () -- C:\Users\Nawaf\Documents\MumbleAutomaticCertificateBackup.p12
[2012/08/14 19:23:27 | 000,001,958 | ---- | C] () -- C:\Windows\Tablet8000x6000M.ini
[2012/08/14 18:03:00 | 000,000,142 | ---- | C] () -- C:\Windows\PenSign.INI
[2012/08/04 02:53:52 | 002,667,062 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/08/04 01:50:05 | 000,014,416 | ---- | C] () -- C:\Users\Nawaf\Documents\cc_20120804_015004.reg
[2012/08/04 01:44:33 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/08/04 01:37:46 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012/08/02 04:20:12 | 000,001,844 | ---- | C] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\TERA.lnk
[2012/08/01 08:20:47 | 000,001,637 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT Audio Control Panel.lnk
[2012/08/01 07:20:53 | 000,000,037 | -HS- | C] () -- C:\Users\Nawaf\AppData\Local\1754111884ee9ab5277ca00.95260103
[2012/07/28 18:49:05 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/06/28 17:44:42 | 000,428,904 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/06/18 22:15:53 | 000,000,600 | ---- | C] () -- C:\Users\Nawaf\AppData\Local\PUTTY.RND
[2012/06/07 13:47:06 | 000,003,284 | ---- | C] () -- C:\Users\Nawaf\AppData\Roaming\ANIWZCS{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}
[2012/06/07 13:43:19 | 000,000,253 | ---- | C] () -- C:\Users\Nawaf\AppData\Roaming\ANICONFIG_{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}.ini
[2012/06/07 12:31:59 | 002,246,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/07 12:14:38 | 000,002,872 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2012/06/07 12:14:38 | 000,001,544 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2012/06/07 12:04:22 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2012/06/07 12:04:11 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2012/06/07 12:04:11 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2012/06/07 12:04:11 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2012/06/07 12:04:11 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2012/06/07 12:03:47 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2012/06/07 12:03:21 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2012/06/07 12:03:21 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012/06/07 12:03:21 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2012/06/07 11:42:47 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/07/29 18:07:58 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/07/29 17:57:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/09/21 20:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

< End of report >
thank you in advance for any effort placed into trying to find if there is or not a problem as this is just a possibility not 100% sure its an infection. below is the notepad labeled as Extras from the OTL scan:
OTL Extras logfile created on: 8/26/2012 6:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\Nawaf\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 4.93 Gb Available Physical Memory | 61.71% Memory free
15.96 Gb Paging File | 12.33 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.71 Gb Total Space | 1576.11 Gb Free Space | 85.21% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.59 Gb Free Space | 12.07% Space Free | Partition Type: NTFS

Computer Name: NAWAF-HP | User Name: Nawaf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCEB974-E08B-46D0-8026-F4CDE7F3B643}" = lport=138 | protocol=17 | dir=in | app=system |
"{14B7699A-26ED-412D-99B9-C8A3975D9B43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F220161-607E-41DE-8637-85E3604D5E80}" = rport=445 | protocol=6 | dir=out | app=system |
"{4171D3C5-7E65-4163-93BE-0EAB6E1EF08C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63FA8600-CB18-4DD8-86EA-C2737EDDB473}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{827FEBD8-5955-4070-96FB-81DBF1F49ADD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{89202623-58C9-4561-B84A-AC506CFC574E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B7F5C6E-8ACF-49EE-BCA8-43F4D849B22D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8CEE94F2-0ECC-4A9E-820A-3557C1D9B8AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E9265EB-B920-4739-8271-AD3E37DFD444}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2AB44FB-F3EA-4BCC-B368-E08C8CE42D18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8078641-8A1A-4BC9-929D-52F5E2B8C5DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{AB137D11-047F-4447-8688-528295EBDC50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB6DD801-50F0-482E-89C2-BEBD85A0ACDD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB6A4CCA-CB51-492C-89E2-FB4350EC6652}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C39EAFC1-D8CD-49E8-A90F-26945B8EFA95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C890CC92-A44F-455E-8D41-EE3956FB12DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8BD30A2-7DFC-4233-892D-B5609C3F443E}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD2C3BD6-3B46-4FA9-A026-2E6A751F1AC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA7E9F1D-6E61-434D-B578-C0B25DFEAEF8}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED159205-E0E4-4073-8E6E-465D40F2AD6C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0974A94A-9488-40AE-A642-58F053B74BA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0CBEA380-C55A-4A60-AC77-D9B14005CA84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EC964BB-3659-4AE4-9CDE-1A0931480E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{23DC84F8-72B7-4798-91A1-CE38EFE4208D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28180917-61EF-449E-AB2F-023D8B0EE298}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30403458-9B68-424D-B468-2A3B3DA75A9F}" = protocol=1 | dir=out | [email protected],-28544 |
"{32D499D9-B4A2-41D0-A187-C35A5FC5E25E}" = protocol=6 | dir=out | app=system |
"{3561D65A-7F57-4345-865B-E295B1508441}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{453005F1-BF67-4FEE-A115-1C39189DEA13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B5232D4-A640-4749-8355-5D36383E1EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{562B9BFC-7BCA-4826-AE75-788C72C78F02}" = protocol=1 | dir=in | [email protected],-28543 |
"{654F60A2-2DA0-4AB3-9035-3F3BD27598A2}" = protocol=58 | dir=out | [email protected],-28546 |
"{74B81157-2886-43A7-9014-E5B00ED97A7A}" = protocol=58 | dir=in | [email protected],-28545 |
"{786B3C46-5880-4229-9FC6-14D867582F7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B903C1D-F940-44E7-8DAA-8C318A0B03B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA56CAD9-5666-4620-89C7-1FBCBA216E56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD99D847-5682-481D-AFDA-122752988D2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B543B29B-42F5-4357-B9C3-3F1F0F453D9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C37AFB45-21FF-46AD-BF45-A5F34ED987F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C68FDA98-347E-47F7-B8D1-50041F1718AE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D15A6E61-9FAF-4793-8E6C-F34C89207ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E212C0CD-1FEE-4D0A-8389-B127AE06EE36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6557B76-F066-438C-A5B0-6FD475E101EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD92E1A7-E250-4468-96F8-3E4530229813}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{01D86FE4-9AB6-4FDD-A29D-BB7C91E545FE}C:\program files (x86)\battleping\battleping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battleping\battleping.exe |
"TCP Query User{1E1F97D1-D5FC-4C39-BD24-763E738BBCFD}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{1EC56F8E-7A9D-43D4-87BB-63BED4C6E454}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{2E6E9E88-0211-4E06-877F-C5497006376C}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{4C79F657-00BC-4330-8D2F-BF6EC2D352CD}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{4D27DF8C-0341-48CD-AF9A-842929253EED}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{4F347319-F20F-4F48-B95E-03EB5768DA27}C:\users\nawaf\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\nawaf\appdata\local\temp\gw2.exe |
"TCP Query User{638E84CF-A993-47F4-8828-6D185E2C7629}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"TCP Query User{6CF83C2B-470A-4FB7-8CE1-142472CCFE28}J:\nawaf\tera\tera-launcher.exe" = protocol=6 | dir=in | app=j:\nawaf\tera\tera-launcher.exe |
"TCP Query User{7930B67E-1C6F-4D11-9469-6CB52EDEF34F}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"TCP Query User{950D54C0-8090-4DD0-B01B-A27C2B6E35FB}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{BC822F52-37CD-4D49-A679-DE60E3E6CF0F}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{CAB2DAE3-B711-4709-A7AF-2AAC36A9AAA6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{D20F0DCD-26A8-44B2-A654-0A6E3B5B72B5}C:\users\nawaf\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\nawaf\guild wars 2\gw2.exe |
"TCP Query User{F20AA6ED-7569-4E70-8407-6F1A14EF3DE0}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{FACE7CAD-FC63-46CA-9BA1-0200936093CB}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{FE1F37EC-C866-4242-8B05-98DAC757BB2E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{00380F52-3E0B-4185-A31F-40C98DFAF6C8}C:\program files (x86)\battleping\battleping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battleping\battleping.exe |
"UDP Query User{091F2CBB-5541-4EF2-B89E-84DF8AF8E753}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{27BD4F0A-390E-4F81-935C-EE9ADCB5BED6}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{2A2316E8-8560-47FE-9A1B-6244376710BF}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{301022DD-4AD5-4AE7-A6B3-0EC35B09F771}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"UDP Query User{4140BC3B-C3D6-4156-9EAD-E11885E02122}C:\users\nawaf\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\nawaf\appdata\local\temp\gw2.exe |
"UDP Query User{4A84DE2C-9F30-42BB-81C3-A5415C8A3ADF}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{55091737-8F87-491D-94FD-16F732AA1C0F}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"UDP Query User{5552DE1B-30E5-4C5B-B243-7862BC14C3BA}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{59938451-9FFD-45BD-9317-3779BBDF749F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{59C0EA53-DEB8-416C-9ADA-44C2619BFE0E}C:\users\nawaf\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\nawaf\guild wars 2\gw2.exe |
"UDP Query User{725CCE8E-66EA-46C7-B49C-AB47665E6158}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"UDP Query User{77E0D463-2294-4002-9654-D06599016E03}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{9B4F4F17-98F5-44FE-B518-241F0A384301}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{A8754207-66A2-4DFB-9B1C-7BCB66D6FA7B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{E3D37998-55E3-4D54-9FBF-C2A698A184AC}J:\nawaf\tera\tera-launcher.exe" = protocol=17 | dir=in | app=j:\nawaf\tera\tera-launcher.exe |
"UDP Query User{E5C2D97B-EB31-4692-8400-C379162D9EBB}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.POWERPOINT_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.POWERPOINT_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.17.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"044456F7BA1F8BD283F89F4015EFB51DEA216A39" = Windows Driver Package - SteelSeries (HidUsb) HIDClass (11/19/2010 1.2.4.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link RangeBooster N DWA-140
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BattlePing" = BattlePing 1.3.0.9
"BSPlayerf" = BS.Player FREE
"Cisco Connect" = Cisco Connect
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Device Doctor_is1" = Device Doctor v2.1
"EasyBits Magic Desktop" = Magic Desktop
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.3.5
"Guild Wars 2" = Guild Wars 2
"HotspotShield" = Hotspot Shield 2.67
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Internet Download Manager" = Internet Download Manager
"LowerPing" = LowerPing 2.6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF Complete" = PDF Complete Special Edition
"PowerISO" = PowerISO
"Rainmeter" = Rainmeter
"RocketDock_is1" = RocketDock 1.3.5
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2012 9:37:51 PM | Computer Name = Nawaf-HP | Source = Application Hang | ID = 1002
Description = The program TERA.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1760 Start Time:
01cd6f863e1212d4 Termination Time: 4 Application Path: C:\Program Files (x86)\TERACOPYED\Client\Binaries\TERA.exe

Report
Id: 800f7a0c-db79-11e1-bd42-e06995b76a0e

Error - 8/1/2012 12:23:51 AM | Computer Name = Nawaf-HP | Source = Application Hang | ID = 1002
Description = The program TERA.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 16d0 Start Time:
01cd6f9d5c231a4d Termination Time: 10122 Application Path: C:\Program Files (x86)\TERACOPYED\Client\Binaries\TERA.exe

Report
Id: a8d1a1a9-db90-11e1-bd42-e06995b76a0e

Error - 8/1/2012 1:20:58 AM | Computer Name = Nawaf-HP | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3555.308, time
stamp: 0x4f596cbb Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting
process id: 0xe08 Faulting application start time: 0x01cd6fa332f4569f Faulting application
path: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Faulting module
path: C:\Windows\syswow64\KERNELBASE.dll Report Id: ac82178c-db98-11e1-827c-e06995b76a0e

Error - 8/4/2012 8:45:44 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 3038
Description =

Error - 8/4/2012 8:45:44 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 7040
Description =

Error - 8/4/2012 8:45:44 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 7042
Description =

Error - 8/4/2012 8:45:48 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 3028
Description =

Error - 8/4/2012 8:45:48 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 3058
Description =

Error - 8/4/2012 8:45:48 PM | Computer Name = Nawaf-HP | Source = Windows Search Service | ID = 7010
Description =

Error - 8/14/2012 12:49:38 PM | Computer Name = Nawaf-HP | Source = Application Error | ID = 1000
Description = Faulting application name: TERA.exe, version: 0.0.0.0, time stamp:
0x5019dff2 Faulting module name: TERA.exe, version: 0.0.0.0, time stamp: 0x5019dff2
Exception
code: 0xc0000005 Fault offset: 0x01e752ce Faulting process id: 0x78c Faulting application
start time: 0x01cd7a3c154ffae4 Faulting application path: C:\Program Files\TERA\Client\Binaries\TERA.exe
Faulting
module path: C:\Program Files\TERA\Client\Binaries\TERA.exe Report Id: 08df7547-e630-11e1-9350-e06995b76a0e

[ System Events ]
Error - 8/5/2012 2:52:24 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 8/5/2012 4:49:29 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7030
Description = The Hotspot Shield Service service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 8/5/2012 4:49:30 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7034
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/5/2012 6:16:30 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7034
Description = The AdvancedSystemCareAntivirus service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/5/2012 6:16:42 PM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7030
Description = The Advanced SystemCare Service 5 service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 8/8/2012 12:22:19 PM | Computer Name = Nawaf-HP | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/14/2012 11:01:40 AM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7030
Description = The WinTab Service service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/14/2012 11:02:28 AM | Computer Name = Nawaf-HP | Source = Service Control Manager | ID = 7030
Description = The WinTab Service service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/16/2012 9:00:15 AM | Computer Name = Nawaf-HP | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/19/2012 12:55:10 PM | Computer Name = Nawaf-HP | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
I doubt it's malware - sounds more like an ISP issue. Malware tends to always be there. Doesn't wait until prime time to get active.

First let's just uninstall some stuff:


Hotspot Shield 2.67- Doesn't seem happy and could conceivably mess with your Internet.

Internet Download Manager - Junk
Messenger Plus! 5 - Usually comes with malware as a sponsor program. Supposedly they have reformed but I do not trust them.
µTorrent - if running can use up all bandwidth.

Now change your DNS to use:

8.8.8.8 and 4.2.2.1

Now while it is working let's run a traceroute to 8.8.8.8. This will show every step that a packet travels on its way to 8.8.8.8.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
tracert  -d  8.8.8.8


You should get something like (Your IP numbers will vary):


Tracing route to 8.8.8.8 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 192.168.1.1 <== This is your router so if you get this far your wireless or Ethernet cable is good.
2 16 ms 14 ms 16 ms 192.168.0.1 <== This is the next step up the line. If you have a separate cable or dsl modem this is probably it. IF not then it's at your ISP.
3 16 ms 16 ms 15 ms 173.248.67.157 <==This is probably a router at your ISP
4 17 ms 16 ms 15 ms 206.51.69.141
5 65 ms 68 ms 69 ms 206.51.71.70
6 15 ms 17 ms 15 ms 209.85.249.32
7 21 ms 20 ms 17 ms 66.249.94.195
8 24 ms 24 ms 24 ms 216.239.46.200
9 25 ms 22 ms 24 ms 216.239.48.165
10 * * * Request timed out. <==This was caused by something that does not respond to Traceroute. Probably a Firewall.
11 23 ms 23 ms 24 ms 8.8.8.8 <== This is Google's public DNS


When it is working. When the Internet stops working, run it again and it will probably look something like this:



Tracing route to 8.8.8.8 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 192.168.1.1
2 16 ms 14 ms 16 ms 192.168.0.1 <== You have connectivity to the Cable or DSL Modem
3 * * * Request timed out. <==Stars here mean this link is down for some reason.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
...
30. * * * Request timed out.

The problem will be the first step that returns 3 *'s so you want to keep the first one handy as a reference. And you probably want a copy of the bad one to show to your ISP.

To send the output to a text file:


tracert  -d  8.8.8.8  >  \junk.txt

notepad  \junk.txt

If you do it without the -d it will look up each IP address in the path using the DNS and will take much longer but sometimes the names will tell you who owns the router:


tracert 8.8.8.8

Gives me this on my PC:


Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:

1 2 ms 1 ms 1 ms 192.168.1.1
2 15 ms 17 ms 15 ms 192.168.0.1
3 15 ms 14 ms 14 ms 173-248-67-157.centurylink.net [173.248.67.157]
4 15 ms 15 ms 14 ms bb-sttlwawb-jx4-01-ae0.core.centurytel.net [206.51.69.141]
5 68 ms 66 ms 66 ms 206.51.71.70
6 15 ms 15 ms 15 ms 209.85.249.32
7 17 ms 17 ms 16 ms 66.249.94.195
8 22 ms 23 ms 24 ms 216.239.46.200
9 24 ms 23 ms 22 ms 216.239.48.165
10 * * * Request timed out.
11 23 ms 22 ms 27 ms google-public-dns-a.google.com [8.8.8.8]

Trace complete.


So you can see that I have a couple of Century Tel routers before I go into the Internet backbone. For those IP addresses which aren't in the DNS you can look them up at

http://whois.arin.net/ui/ Example 206.51.71.70 says it belongs to LightCore, A CenturyTel Company (C02040799)

You have one of the best anti-viruses so if it's not finding anything I doubt that there anything to find. If you really want to we can run through the usual battery of scans:


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
phantomsx

phantomsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i removed hotspot and msn plus 5, kept IDM as i dont know a good replacement for it at the moment., ill paste what i got currently.
trace router for when the internet is working i get :
Tracing route to 8.8.8.8 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.11.1
2 5 ms 5 ms 5 ms 80.184.14.1
3 * * * Request timed out.
4 95 ms 96 ms 95 ms 168.187.124.154
5 497 ms 407 ms 425 ms 168.187.0.202
6 96 ms 95 ms 95 ms 209.85.240.61
7 114 ms 97 ms 96 ms 209.85.253.94
8 102 ms 103 ms 102 ms 209.85.243.33
9 132 ms 132 ms 131 ms 216.239.49.28
10 105 ms 105 ms 108 ms 209.85.255.118
11 105 ms 105 ms 106 ms 8.8.8.8

Trace complete.

the internet mostly disconnects at midnight so its gonna take awhile for it to start messing up, there is still a chance it will disconnect so whenever i can ill get the trace for when its not working.

the results for aswMBR are :
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 11:07:25
-----------------------------
11:07:25.124 OS Version: Windows x64 6.1.7601 Service Pack 1
11:07:25.124 Number of processors: 8 586 0x2A07
11:07:25.124 ComputerName: NAWAF-HP UserName: Nawaf
11:07:30.631 Initialize success
11:07:30.755 AVAST engine defs: 12082501
11:07:49.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:07:49.023 Disk 0 Vendor: Hitachi_ JKAO Size: 1907729MB BusType: 3
11:07:49.085 Disk 0 MBR read successfully
11:07:49.085 Disk 0 MBR scan
11:07:49.085 Disk 0 unknown MBR code
11:07:49.085 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:07:49.101 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1894107 MB offset 206848
11:07:49.132 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13520 MB offset 3879337984
11:07:49.195 Disk 0 scanning C:\Windows\system32\drivers
11:07:54.436 Service scanning
11:08:03.079 Service Tablet2k C:\Windows\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123
11:08:06.121 Modules scanning
11:08:09.584 AVAST engine scan C:\Windows
11:08:15.387 AVAST engine scan C:\Windows\system32
11:09:37.770 AVAST engine scan C:\Windows\system32\drivers
11:09:46.522 AVAST engine scan C:\Users\Nawaf
11:12:07.639 Disk 0 MBR has been saved successfully to "C:\Users\Nawaf\Desktop\MBR.dat"
11:12:07.654 The log file has been saved successfully to "C:\Users\Nawaf\Desktop\aswMBR.txt"

Combofix:
ComboFix 12-08-25.04 - Nawaf 08/26/2012 11:17:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.965.1033.18.8175.6165 [GMT 3:00]
Running from: c:\users\Nawaf\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
C:\Thumbs.db
c:\windows\SysWow64\networkdlllsp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 08:03 . 2012-08-26 08:03 -------- d-----w- c:\users\Nawaf\AppData\Local\ElevatedDiagnostics
2012-08-26 05:06 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-26 05:06 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-26 05:06 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-26 05:06 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-26 05:06 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-26 05:06 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-26 05:06 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-26 05:06 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-08-26 05:06 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-26 05:06 . 2012-08-26 05:06 -------- d-----w- c:\programdata\AVAST Software
2012-08-26 05:06 . 2012-08-26 05:06 -------- d-----w- c:\program files\AVAST Software
2012-08-25 23:39 . 2012-08-26 02:31 -------- d-----w- c:\users\Nawaf\Guild Wars 2
2012-08-25 07:16 . 2012-08-25 07:16 -------- d-----w- c:\program files (x86)\Guild Wars 2
2012-08-25 01:18 . 2012-08-25 01:18 -------- d-----w- c:\users\Nawaf\AppData\Roaming\Malwarebytes
2012-08-25 01:18 . 2012-08-25 01:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-25 01:18 . 2012-08-25 01:18 -------- d-----w- c:\programdata\Malwarebytes
2012-08-25 01:18 . 2012-07-03 10:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 15:22 . 2012-08-22 15:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-22 15:22 . 2012-08-22 15:22 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-19 14:41 . 2012-08-20 04:19 2400 ----a-w- c:\windows\system32\ASOROSet.bin
2012-08-19 14:37 . 2012-08-19 14:37 -------- d-----w- c:\users\Nawaf\AppData\Roaming\Reviversoft
2012-08-19 14:36 . 2012-08-19 14:36 -------- d-----w- c:\program files (x86)\Reviversoft
2012-08-19 14:36 . 2011-01-22 12:33 18240 ----a-w- c:\windows\system32\roboot64.exe
2012-08-19 14:31 . 2012-08-19 14:33 -------- dc-h--w- c:\programdata\~0
2012-08-19 14:31 . 2012-08-19 14:31 -------- d-----w- c:\users\Nawaf\AppData\Local\PackageAware
2012-08-19 14:24 . 2012-08-19 14:33 -------- d-----w- c:\users\Nawaf\AppData\Roaming\Uniblue
2012-08-19 14:24 . 2012-08-19 14:33 -------- d-----w- c:\program files (x86)\Uniblue
2012-08-19 14:01 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-19 14:01 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-19 14:01 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-19 14:01 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-19 14:01 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-19 14:01 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-18 16:33 . 2012-08-18 16:33 -------- d-----w- c:\program files (x86)\Mumble
2012-08-16 00:09 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-16 00:09 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 00:09 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-16 00:09 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 00:09 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-16 00:09 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 15:01 . 2012-08-14 15:02 -------- d-----w- c:\program files (x86)\PEN TABLET
2012-08-14 15:00 . 2012-08-14 15:00 -------- d-----w- c:\program files (x86)\TABLET SOFTWARE
2012-08-14 14:36 . 2012-08-24 17:56 -------- d-----w- c:\program files (x86)\osu!
2012-08-14 14:36 . 2012-08-14 14:36 -------- d-----w- c:\users\Nawaf\AppData\Roaming\Downloaded Installations
2012-08-14 13:15 . 2012-08-25 00:31 -------- d-----w- c:\users\Nawaf\AppData\Roaming\Mumble
2012-08-14 13:15 . 2012-08-14 13:15 -------- d-----w- c:\users\Nawaf\AppData\Local\Mumble
2012-08-11 10:11 . 2012-08-11 10:11 -------- d-----w- c:\windows\SysWow64\Hotspot Shield
2012-08-07 04:47 . 2012-08-17 13:26 -------- d-----w- c:\program files (x86)\OpenVPN
2012-08-04 07:51 . 2012-07-15 23:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18686DE4-92DB-49B3-A174-2DE88A6569AB}\mpengine.dll
2012-08-04 07:50 . 2012-06-19 11:46 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-08-04 07:32 . 2012-08-04 07:32 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2012-08-04 07:32 . 2012-08-04 07:32 -------- d-----w- c:\programdata\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
2012-08-04 07:32 . 2012-08-04 07:45 -------- d-----w- c:\users\Nawaf\AppData\Roaming\IObit
2012-08-04 07:32 . 2012-08-05 22:16 -------- d-----w- c:\program files (x86)\IObit
2012-08-04 07:32 . 2012-08-04 07:32 -------- d-----w- c:\programdata\iobit
2012-08-04 06:58 . 2012-08-26 03:34 -------- d-----w- C:\$AVG
2012-08-04 06:58 . 2012-08-26 04:04 -------- d-----w- c:\programdata\AVG2012
2012-08-04 06:57 . 2012-08-04 06:57 -------- d-----w- c:\program files (x86)\AVG
2012-08-04 06:53 . 2012-08-26 03:34 -------- d-----w- c:\programdata\MFAData
2012-08-04 06:53 . 2012-08-04 06:53 -------- d--h--w- c:\programdata\Common Files
2012-08-03 23:53 . 2012-06-28 23:56 2667062 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-03 23:53 . 2012-05-21 07:34 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-08-03 23:53 . 2012-06-29 03:37 969064 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-03 23:53 . 2012-06-29 03:37 15290216 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-03 23:53 . 2012-06-29 03:37 12388712 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-03 23:53 . 2012-05-15 10:48 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-08-03 23:53 . 2012-05-15 10:48 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-08-03 22:53 . 2012-08-26 00:47 -------- d-----w- c:\users\UpdatusUser
2012-08-03 22:53 . 2012-06-29 03:37 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-03 22:53 . 2012-06-29 03:37 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-08-03 22:53 . 2012-06-29 03:37 1758056 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-03 22:53 . 2012-05-15 10:48 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-08-03 22:53 . 2011-07-07 23:21 1452648 ----a-w- c:\windows\system32\nvhdagenco6420102.dll
2012-08-03 22:51 . 2012-08-03 22:51 -------- d-----w- C:\NVIDIA
2012-08-03 22:44 . 2011-08-23 18:57 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-08-03 22:44 . 2011-08-23 18:57 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-08-03 22:44 . 2012-08-03 22:44 -------- d-----w- c:\program files (x86)\Realtek
2012-08-03 22:37 . 2010-12-29 08:55 1547616 ----a-w- c:\windows\system32\drivers\netr28ux.sys
2012-08-03 22:37 . 2010-12-29 08:43 327008 ----a-w- c:\windows\system32\RaCoInstx.dll
2012-08-03 22:31 . 2012-08-03 22:31 -------- d-----w- c:\users\Nawaf\AppData\Roaming\Device Doctor
2012-08-03 22:31 . 2012-08-03 22:31 -------- d-----w- c:\program files (x86)\Device Doctor
2012-08-02 19:42 . 2012-08-02 19:43 -------- d-----w- c:\program files\WinRAR
2012-08-02 01:20 . 2012-08-02 21:20 -------- d-----w- c:\program files (x86)\TERA
2012-08-01 06:40 . 2012-08-04 05:25 -------- d-----w- c:\users\Nawaf\AppData\Local\TERA-Diagnostic
2012-08-01 05:19 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-01 05:19 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-01 05:19 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-08-01 05:19 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-01 05:19 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-01 05:07 . 2012-08-01 05:07 -------- d-sh--w- c:\users\Nawaf\AppData\Local\ms-drivers
2012-08-01 05:06 . 2012-08-01 05:08 -------- d-sh--w- c:\users\Nawaf\AppData\Local\icsxml
2012-08-01 04:29 . 2012-08-02 23:54 -------- d-----w- c:\program files\TERA
2012-08-01 04:20 . 2012-08-01 04:20 -------- d-----w- c:\users\Nawaf\AppData\Local\BattlePing
2012-08-01 04:20 . 2012-08-01 04:20 -------- d-----w- c:\program files (x86)\BattlePing
2012-07-29 10:36 . 2012-07-29 10:36 -------- d-----w- c:\program files (x86)\SteelSeries
2012-07-28 19:45 . 2012-07-28 19:45 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-28 19:45 . 2012-07-28 19:44 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-28 19:45 . 2012-07-28 19:44 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-28 19:45 . 2012-07-28 19:45 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-28 19:45 . 2012-07-28 19:45 188912 ----a-w- c:\windows\system32\java.exe
2012-07-28 19:44 . 2012-07-28 19:44 -------- d-----w- c:\program files\Java
2012-07-28 15:48 . 2012-07-28 15:48 -------- d-----w- c:\program files (x86)\Cisco Systems
2012-07-28 15:47 . 2012-07-28 15:47 -------- d-----w- c:\programdata\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 03:39 . 2012-06-07 09:06 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 03:39 . 2012-06-07 09:06 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 15:22 . 2012-07-12 23:06 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-22 15:22 . 2012-07-12 23:06 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-16 00:10 . 2012-06-07 11:20 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-24 20:11 . 2012-07-24 20:11 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-07-24 20:11 . 2012-07-24 20:11 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-06-29 03:37 . 2011-07-29 15:48 14806376 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-06-29 03:37 . 2011-07-29 15:48 2723688 ----a-w- c:\windows\system32\nvapi64.dll
2012-06-28 23:55 . 2010-08-09 06:12 3266408 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-28 23:55 . 2010-08-09 06:12 6193000 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-28 23:55 . 2010-08-09 06:12 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-28 23:55 . 2010-08-09 06:12 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-28 23:55 . 2010-08-09 06:12 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-06-28 14:44 . 2012-06-28 14:44 428904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-06-10 12:34 . 2010-06-24 18:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-09 14:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-09 14:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-09 05:43 . 2012-07-12 23:09 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 15:32 . 2012-06-07 15:32 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-07 15:32 . 2012-06-07 15:32 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-07 15:32 . 2012-06-07 15:32 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-07 15:32 . 2012-06-07 15:32 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-07 15:32 . 2012-06-07 15:32 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-07 15:32 . 2012-06-07 15:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-07 15:32 . 2012-06-07 15:32 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-07 15:32 . 2012-06-07 15:32 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-07 15:32 . 2012-06-07 15:32 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-07 15:32 . 2012-06-07 15:32 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-07 15:32 . 2012-06-07 15:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-07 15:32 . 2012-06-07 15:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-07 15:32 . 2012-06-07 15:32 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-07 15:32 . 2012-06-07 15:32 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-07 15:32 . 2012-06-07 15:32 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-07 15:32 . 2012-06-07 15:32 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-07 15:32 . 2012-06-07 15:32 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-07 15:32 . 2012-06-07 15:32 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-07 15:32 . 2012-06-07 15:32 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-07 15:32 . 2012-06-07 15:32 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-07 15:32 . 2012-06-07 15:32 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-07 15:32 . 2012-06-07 15:32 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-07 15:32 . 2012-06-07 15:32 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-07 15:32 . 2012-06-07 15:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-07 15:32 . 2012-06-07 15:32 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-07 15:32 . 2012-06-07 15:32 448512 ----a-w- c:\windows\system32\html.iec
2012-06-07 15:32 . 2012-06-07 15:32 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-07 15:32 . 2012-06-07 15:32 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-07 15:32 . 2012-06-07 15:32 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-07 15:32 . 2012-06-07 15:32 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-07 15:32 . 2012-06-07 15:32 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-07 15:32 . 2012-06-07 15:32 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-07 15:32 . 2012-06-07 15:32 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-07 15:32 . 2012-06-07 15:32 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-07 15:32 . 2012-06-07 15:32 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-07 15:32 . 2012-06-07 15:32 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-07 15:32 . 2012-06-07 15:32 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-07 15:32 . 2012-06-07 15:32 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-07 15:32 . 2012-06-07 15:32 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-07 15:32 . 2012-06-07 15:32 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-07 15:32 . 2012-06-07 15:32 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-07 15:32 . 2012-06-07 15:32 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-07 15:32 . 2012-06-07 15:32 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-07 15:32 . 2012-06-07 15:32 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-07 15:32 . 2012-06-07 15:32 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-07 15:32 . 2012-06-07 15:32 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-07 15:32 . 2012-06-07 15:32 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-07 15:32 . 2012-06-07 15:32 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-07 15:32 . 2012-06-07 15:32 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-07 15:32 . 2012-06-07 15:32 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-07 15:32 . 2012-06-07 15:32 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-07 15:32 . 2012-06-07 15:32 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-06 06:06 . 2012-07-12 23:09 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-12 23:09 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-12 23:09 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-12 23:09 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-12 23:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-12 23:09 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 12:24 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 12:24 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:24 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:24 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 12:24 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 12:24 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-21 12:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:15 . 2012-06-21 12:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-12 23:09 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-12 23:09 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-12 23:09 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-12 23:09 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-12 23:09 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-12 23:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-12 23:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-12 23:09 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-12 23:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 09:25 . 2012-06-07 09:37 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Device Doctor"="c:\program files (x86)\Device Doctor\DDLauncher.exe" [2012-01-02 80016]
"IDMan"="c:\program files (x86)\internet download manager\idman.exe" [2012-06-07 3487128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files (x86)\D-Link\DWA-140 revB\AirNCFG.exe" [2009-09-18 1708032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse"="c:\program files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [2011-08-18 1993216]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/07/29 08:04;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-11-26 245232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 250568]
R3 LOWERP;LOWERP;c:\program files (x86)\LowerPing\LowerP.EXE [2011-10-31 3272704]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-12-29 1547616]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-18 17064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-07 1255736]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-06 15872]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 41704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-28 382312]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [2010-12-17 23040]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 03:39]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3819528912-3924640605-2489132768-1000Core.job
- c:\users\Nawaf\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-07 09:15]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3819528912-3924640605-2489132768-1000UA.job
- c:\users\Nawaf\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-07 09:15]
.
2012-08-08 c:\windows\Tasks\HPCeeScheduleForNAWAF-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-08-07 c:\windows\Tasks\HPCeeScheduleForNawaf.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-23 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Free YouTube Download - c:\users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{7227B5F1-88BD-4B98-A72C-661324A43424}: NameServer = 8.8.8.8,4.2.2.1
FF - ProfilePath - c:\users\Nawaf\AppData\Roaming\Mozilla\Firefox\Profiles\2j07ydun.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3819528912-3924640605-2489132768-1000_Classes\Wow6432Node\CLSID\{0c7819f5-0058-4e3c-93bc-2537d48c749b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000dc
"Therad"=dword:00000007
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3819528912-3924640605-2489132768-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f2,21,a2,48,ac,99,54,a8,14,75,bd,cb,b2,5d,f1,bd,4c,7d,6e,cc,35,
79,2f,1f,5b,34,12,3a,16,5f,1b,15,aa,91,e5,ed,9a,ef,87,0c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\ANIWConnService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\SysWOW64\WTClient.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-26 11:27:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 08:27
.
Pre-Run: 1,691,671,080,960 bytes free
Post-Run: 1,691,342,508,032 bytes free
.
- - End Of File - - B4DBC950EA7D76B0B5A05E36206C4CBD

TDSSKiller:

11:33:00.0645 4800 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:33:00.0942 4800 ============================================================
11:33:00.0942 4800 Current date / time: 2012/08/26 11:33:00.0942
11:33:00.0942 4800 SystemInfo:
11:33:00.0942 4800
11:33:00.0942 4800 OS Version: 6.1.7601 ServicePack: 1.0
11:33:00.0942 4800 Product type: Workstation
11:33:00.0942 4800 ComputerName: NAWAF-HP
11:33:00.0942 4800 UserName: Nawaf
11:33:00.0942 4800 Windows directory: C:\Windows
11:33:00.0942 4800 System windows directory: C:\Windows
11:33:00.0942 4800 Running under WOW64
11:33:00.0942 4800 Processor architecture: Intel x64
11:33:00.0942 4800 Number of processors: 8
11:33:00.0942 4800 Page size: 0x1000
11:33:00.0942 4800 Boot type: Normal boot
11:33:00.0942 4800 ============================================================
11:33:02.0018 4800 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:33:02.0049 4800 ============================================================
11:33:02.0049 4800 \Device\Harddisk0\DR0:
11:33:02.0049 4800 MBR partitions:
11:33:02.0049 4800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:33:02.0049 4800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE736D800
11:33:02.0049 4800 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE73A0000, BlocksNum 0x1A68000
11:33:02.0049 4800 ============================================================
11:33:02.0081 4800 C: <-> \Device\Harddisk0\DR0\Partition2
11:33:02.0127 4800 D: <-> \Device\Harddisk0\DR0\Partition3
11:33:02.0127 4800 ============================================================
11:33:02.0127 4800 Initialize success
11:33:02.0127 4800 ============================================================
11:33:36.0590 4004 ============================================================
11:33:36.0590 4004 Scan started
11:33:36.0590 4004 Mode: Manual; SigCheck; TDLFS;
11:33:36.0590 4004 ============================================================
11:33:37.0183 4004 ================ Scan system memory ========================
11:33:37.0183 4004 System memory - ok
11:33:37.0183 4004 ================ Scan services =============================
11:33:37.0355 4004 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:33:37.0495 4004 1394ohci - ok
11:33:37.0542 4004 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:33:37.0573 4004 ACPI - ok
11:33:37.0589 4004 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:33:37.0620 4004 AcpiPmi - ok
11:33:37.0713 4004 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:33:37.0729 4004 AdobeFlashPlayerUpdateSvc - ok
11:33:37.0760 4004 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:33:37.0776 4004 adp94xx - ok
11:33:37.0791 4004 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:33:37.0807 4004 adpahci - ok
11:33:37.0807 4004 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:33:37.0823 4004 adpu320 - ok
11:33:37.0838 4004 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:33:37.0869 4004 AeLookupSvc - ok
11:33:37.0932 4004 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
11:33:37.0979 4004 AESTFilters - ok
11:33:37.0994 4004 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:33:38.0041 4004 AFD - ok
11:33:38.0057 4004 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:33:38.0072 4004 agp440 - ok
11:33:38.0088 4004 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:33:38.0119 4004 ALG - ok
11:33:38.0150 4004 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:33:38.0166 4004 aliide - ok
11:33:38.0181 4004 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:33:38.0197 4004 amdide - ok
11:33:38.0213 4004 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:33:38.0228 4004 AmdK8 - ok
11:33:38.0228 4004 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:33:38.0259 4004 AmdPPM - ok
11:33:38.0291 4004 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:33:38.0306 4004 amdsata - ok
11:33:38.0322 4004 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:33:38.0337 4004 amdsbs - ok
11:33:38.0353 4004 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:33:38.0353 4004 amdxata - ok
11:33:38.0369 4004 ANIWConnService - ok
11:33:38.0384 4004 [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf C:\Windows\system32\DRIVERS\anodlwfx.sys
11:33:38.0400 4004 anodlwf - ok
11:33:38.0431 4004 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:33:38.0478 4004 AppID - ok
11:33:38.0493 4004 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:33:38.0540 4004 AppIDSvc - ok
11:33:38.0571 4004 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:33:38.0618 4004 Appinfo - ok
11:33:38.0681 4004 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:33:38.0696 4004 Apple Mobile Device - ok
11:33:38.0727 4004 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:33:38.0743 4004 arc - ok
11:33:38.0743 4004 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:33:38.0759 4004 arcsas - ok
11:33:38.0774 4004 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
11:33:38.0805 4004 aswFsBlk - ok
11:33:38.0805 4004 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
11:33:38.0821 4004 aswMonFlt - ok
11:33:38.0837 4004 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
11:33:38.0837 4004 aswRdr - ok
11:33:38.0868 4004 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
11:33:38.0883 4004 aswSnx - ok
11:33:38.0915 4004 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
11:33:38.0915 4004 aswSP - ok
11:33:38.0930 4004 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
11:33:38.0930 4004 aswTdi - ok
11:33:38.0930 4004 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:33:38.0977 4004 AsyncMac - ok
11:33:38.0993 4004 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:33:39.0008 4004 atapi - ok
11:33:39.0024 4004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:33:39.0071 4004 AudioEndpointBuilder - ok
11:33:39.0086 4004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:33:39.0102 4004 AudioSrv - ok
11:33:39.0149 4004 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:33:39.0164 4004 avast! Antivirus - ok
11:33:39.0195 4004 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:33:39.0242 4004 AxInstSV - ok
11:33:39.0258 4004 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:33:39.0289 4004 b06bdrv - ok
11:33:39.0305 4004 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:33:39.0336 4004 b57nd60a - ok
11:33:39.0351 4004 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:33:39.0367 4004 BDESVC - ok
11:33:39.0383 4004 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:33:39.0414 4004 Beep - ok
11:33:39.0445 4004 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:33:39.0476 4004 BFE - ok
11:33:39.0523 4004 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:33:39.0585 4004 BITS - ok
11:33:39.0601 4004 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:33:39.0617 4004 blbdrive - ok
11:33:39.0663 4004 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:33:39.0679 4004 Bonjour Service - ok
11:33:39.0695 4004 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:33:39.0710 4004 bowser - ok
11:33:39.0741 4004 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:33:39.0773 4004 BrFiltLo - ok
11:33:39.0788 4004 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:33:39.0804 4004 BrFiltUp - ok
11:33:39.0804 4004 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:33:39.0835 4004 BridgeMP - ok
11:33:39.0866 4004 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:33:39.0897 4004 Browser - ok
11:33:39.0913 4004 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:33:39.0944 4004 Brserid - ok
11:33:39.0944 4004 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:33:39.0975 4004 BrSerWdm - ok
11:33:39.0975 4004 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:33:39.0991 4004 BrUsbMdm - ok
11:33:39.0991 4004 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:33:40.0007 4004 BrUsbSer - ok
11:33:40.0007 4004 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:33:40.0022 4004 BTHMODEM - ok
11:33:40.0038 4004 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:33:40.0069 4004 bthserv - ok
11:33:40.0069 4004 catchme - ok
11:33:40.0085 4004 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:33:40.0116 4004 cdfs - ok
11:33:40.0147 4004 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:33:40.0178 4004 cdrom - ok
11:33:40.0194 4004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:33:40.0241 4004 CertPropSvc - ok
11:33:40.0256 4004 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:33:40.0272 4004 circlass - ok
11:33:40.0287 4004 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:33:40.0303 4004 CLFS - ok
11:33:40.0365 4004 [ DEDE5EC7DC09D840D5D74E06FF4DE127 ] CLKMSVC10_C6F09094 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
11:33:40.0397 4004 CLKMSVC10_C6F09094 - ok
11:33:40.0443 4004 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:33:40.0459 4004 clr_optimization_v2.0.50727_32 - ok
11:33:40.0506 4004 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:33:40.0521 4004 clr_optimization_v2.0.50727_64 - ok
11:33:40.0553 4004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:33:40.0584 4004 clr_optimization_v4.0.30319_32 - ok
11:33:40.0615 4004 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:33:40.0631 4004 clr_optimization_v4.0.30319_64 - ok
11:33:40.0646 4004 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:33:40.0677 4004 CmBatt - ok
11:33:40.0709 4004 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:33:40.0724 4004 cmdide - ok
11:33:40.0740 4004 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:33:40.0787 4004 CNG - ok
11:33:40.0818 4004 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:33:40.0833 4004 Compbatt - ok
11:33:40.0833 4004 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:33:40.0865 4004 CompositeBus - ok
11:33:40.0880 4004 COMSysApp - ok
11:33:40.0880 4004 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:33:40.0896 4004 crcdisk - ok
11:33:40.0911 4004 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:33:40.0927 4004 CryptSvc - ok
11:33:40.0958 4004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:33:41.0005 4004 DcomLaunch - ok
11:33:41.0021 4004 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:33:41.0067 4004 defragsvc - ok
11:33:41.0099 4004 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:33:41.0161 4004 DfsC - ok
11:33:41.0177 4004 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:33:41.0223 4004 Dhcp - ok
11:33:41.0255 4004 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:33:41.0286 4004 discache - ok
11:33:41.0301 4004 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:33:41.0317 4004 Disk - ok
11:33:41.0333 4004 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:33:41.0348 4004 Dnscache - ok
11:33:41.0379 4004 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:33:41.0426 4004 dot3svc - ok
11:33:41.0442 4004 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:33:41.0473 4004 DPS - ok
11:33:41.0504 4004 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:33:41.0520 4004 drmkaud - ok
11:33:41.0551 4004 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:33:41.0567 4004 DXGKrnl - ok
11:33:41.0582 4004 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:33:41.0613 4004 EapHost - ok
11:33:41.0691 4004 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:33:41.0754 4004 ebdrv - ok
11:33:41.0769 4004 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:33:41.0816 4004 EFS - ok
11:33:41.0847 4004 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:33:41.0910 4004 ehRecvr - ok
11:33:41.0925 4004 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:33:41.0957 4004 ehSched - ok
11:33:41.0988 4004 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:33:42.0003 4004 elxstor - ok
11:33:42.0019 4004 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:33:42.0035 4004 ErrDev - ok
11:33:42.0066 4004 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:33:42.0113 4004 EventSystem - ok
11:33:42.0113 4004 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:33:42.0144 4004 exfat - ok
11:33:42.0144 4004 ezSharedSvc - ok
11:33:42.0159 4004 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:33:42.0222 4004 fastfat - ok
11:33:42.0253 4004 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:33:42.0269 4004 Fax - ok
11:33:42.0284 4004 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:33:42.0300 4004 fdc - ok
11:33:42.0315 4004 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:33:42.0331 4004 fdPHost - ok
11:33:42.0362 4004 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:33:42.0425 4004 FDResPub - ok
11:33:42.0456 4004 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:33:42.0456 4004 FileInfo - ok
11:33:42.0471 4004 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:33:42.0518 4004 Filetrace - ok
11:33:42.0534 4004 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:33:42.0549 4004 flpydisk - ok
11:33:42.0581 4004 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:33:42.0581 4004 FltMgr - ok
11:33:42.0612 4004 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:33:42.0659 4004 FontCache - ok
11:33:42.0705 4004 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:33:42.0721 4004 FontCache3.0.0.0 - ok
11:33:42.0737 4004 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:33:42.0752 4004 FsDepends - ok
11:33:42.0783 4004 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:33:42.0799 4004 Fs_Rec - ok
11:33:42.0815 4004 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:33:42.0830 4004 fvevol - ok
11:33:42.0846 4004 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:33:42.0846 4004 gagp30kx - ok
11:33:42.0893 4004 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:33:42.0893 4004 GameConsoleService - ok
11:33:42.0908 4004 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:33:42.0924 4004 GEARAspiWDM - ok
11:33:42.0955 4004 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:33:42.0986 4004 gpsvc - ok
11:33:43.0002 4004 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:33:43.0017 4004 hcw85cir - ok
11:33:43.0049 4004 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:33:43.0111 4004 HdAudAddService - ok
11:33:43.0127 4004 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:33:43.0158 4004 HDAudBus - ok
11:33:43.0173 4004 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:33:43.0205 4004 HidBatt - ok
11:33:43.0205 4004 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:33:43.0236 4004 HidBth - ok
11:33:43.0251 4004 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:33:43.0283 4004 HidIr - ok
11:33:43.0314 4004 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:33:43.0361 4004 hidserv - ok
11:33:43.0376 4004 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:33:43.0392 4004 HidUsb - ok
11:33:43.0423 4004 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:33:43.0454 4004 hkmsvc - ok
11:33:43.0470 4004 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:33:43.0485 4004 HomeGroupListener - ok
11:33:43.0501 4004 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:33:43.0517 4004 HomeGroupProvider - ok
11:33:43.0563 4004 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:33:43.0579 4004 HP Support Assistant Service - ok
11:33:43.0626 4004 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:33:43.0641 4004 HPClientSvc - ok
11:33:43.0657 4004 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:33:43.0657 4004 HPDrvMntSvc.exe - ok
11:33:43.0704 4004 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:33:43.0719 4004 hpqwmiex - ok
11:33:43.0751 4004 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:33:43.0766 4004 HpSAMD - ok
11:33:43.0782 4004 [ BBC89DA4065BDCE34257BE95B2F636EE ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
11:33:43.0797 4004 HssDRV6 - ok
11:33:43.0829 4004 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:33:43.0875 4004 HTTP - ok
11:33:43.0891 4004 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:33:43.0891 4004 hwpolicy - ok
11:33:43.0907 4004 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:33:43.0922 4004 i8042prt - ok
11:33:43.0938 4004 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:33:43.0953 4004 iaStor - ok
11:33:43.0985 4004 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:33:43.0985 4004 iaStorV - ok
11:33:44.0016 4004 [ 2A63036283B36B3B68CDC6F85A7D53ED ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
11:33:44.0031 4004 IDMWFP - ok
11:33:44.0063 4004 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:33:44.0094 4004 idsvc - ok
11:33:44.0109 4004 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:33:44.0125 4004 iirsp - ok
11:33:44.0156 4004 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:33:44.0234 4004 IKEEXT - ok
11:33:44.0234 4004 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:33:44.0250 4004 intelide - ok
11:33:44.0250 4004 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:33:44.0265 4004 intelppm - ok
11:33:44.0297 4004 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:33:44.0359 4004 IPBusEnum - ok
11:33:44.0375 4004 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:33:44.0406 4004 IpFilterDriver - ok
11:33:44.0421 4004 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:33:44.0468 4004 iphlpsvc - ok
11:33:44.0484 4004 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:33:44.0515 4004 IPMIDRV - ok
11:33:44.0546 4004 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:33:44.0593 4004 IPNAT - ok
11:33:44.0624 4004 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:33:44.0640 4004 iPod Service - ok
11:33:44.0655 4004 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:33:44.0671 4004 IRENUM - ok
11:33:44.0687 4004 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:33:44.0687 4004 isapnp - ok
11:33:44.0702 4004 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:33:44.0718 4004 iScsiPrt - ok
11:33:44.0718 4004 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:33:44.0733 4004 kbdclass - ok
11:33:44.0749 4004 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:33:44.0765 4004 kbdhid - ok
11:33:44.0796 4004 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:33:44.0811 4004 KeyIso - ok
11:33:44.0827 4004 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:33:44.0843 4004 KSecDD - ok
11:33:44.0858 4004 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:33:44.0874 4004 KSecPkg - ok
11:33:44.0889 4004 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:33:44.0952 4004 ksthunk - ok
11:33:44.0967 4004 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:33:45.0014 4004 KtmRm - ok
11:33:45.0030 4004 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:33:45.0061 4004 LanmanServer - ok
11:33:45.0092 4004 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:33:45.0139 4004 LanmanWorkstation - ok
11:33:45.0170 4004 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:33:45.0186 4004 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
11:33:45.0186 4004 LightScribeService - detected UnsignedFile.Multi.Generic (1)
11:33:45.0201 4004 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:33:45.0264 4004 lltdio - ok
11:33:45.0279 4004 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:33:45.0326 4004 lltdsvc - ok
11:33:45.0342 4004 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:33:45.0373 4004 lmhosts - ok
11:33:45.0404 4004 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:33:45.0420 4004 LMS - ok
11:33:45.0482 4004 [ F455FDACB5C7921947A65BF2850DE1A9 ] LOWERP C:\Program Files (x86)\LowerPing\LowerP.EXE
11:33:45.0529 4004 LOWERP ( UnsignedFile.Multi.Generic ) - warning
11:33:45.0529 4004 LOWERP - detected UnsignedFile.Multi.Generic (1)
11:33:45.0560 4004 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:33:45.0576 4004 LSI_FC - ok
11:33:45.0576 4004 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:33:45.0576 4004 LSI_SAS - ok
11:33:45.0591 4004 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:33:45.0591 4004 LSI_SAS2 - ok
11:33:45.0591 4004 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:33:45.0607 4004 LSI_SCSI - ok
11:33:45.0623 4004 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:33:45.0669 4004 luafv - ok
11:33:45.0685 4004 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:33:45.0716 4004 Mcx2Svc - ok
11:33:45.0716 4004 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:33:45.0732 4004 megasas - ok
11:33:45.0732 4004 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:33:45.0747 4004 MegaSR - ok
11:33:45.0763 4004 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:33:45.0763 4004 MEIx64 - ok
11:33:45.0794 4004 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:33:45.0825 4004 MMCSS - ok
11:33:45.0825 4004 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:33:45.0857 4004 Modem - ok
11:33:45.0872 4004 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:33:45.0888 4004 monitor - ok
11:33:45.0903 4004 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:33:45.0903 4004 mouclass - ok
11:33:45.0919 4004 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:33:45.0935 4004 mouhid - ok
11:33:45.0966 4004 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:33:45.0981 4004 mountmgr - ok
11:33:46.0013 4004 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:33:46.0028 4004 MozillaMaintenance - ok
11:33:46.0044 4004 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:33:46.0059 4004 mpio - ok
11:33:46.0075 4004 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:33:46.0122 4004 mpsdrv - ok
11:33:46.0153 4004 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:33:46.0200 4004 MpsSvc - ok
11:33:46.0215 4004 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:33:46.0231 4004 MRxDAV - ok
11:33:46.0262 4004 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:33:46.0278 4004 mrxsmb - ok
11:33:46.0309 4004 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:33:46.0340 4004 mrxsmb10 - ok
11:33:46.0356 4004 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:33:46.0387 4004 mrxsmb20 - ok
11:33:46.0418 4004 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:33:46.0434 4004 msahci - ok
11:33:46.0434 4004 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:33:46.0449 4004 msdsm - ok
11:33:46.0481 4004 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:33:46.0496 4004 MSDTC - ok
11:33:46.0527 4004 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:33:46.0559 4004 Msfs - ok
11:33:46.0574 4004 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:33:46.0605 4004 mshidkmdf - ok
11:33:46.0605 4004 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:33:46.0605 4004 msisadrv - ok
11:33:46.0637 4004 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:33:46.0652 4004 MSiSCSI - ok
11:33:46.0668 4004 msiserver - ok
11:33:46.0668 4004 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:33:46.0699 4004 MSKSSRV - ok
11:33:46.0699 4004 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:33:46.0715 4004 MSPCLOCK - ok
11:33:46.0715 4004 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:33:46.0746 4004 MSPQM - ok
11:33:46.0777 4004 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:33:46.0777 4004 MsRPC - ok
11:33:46.0793 4004 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:33:46.0793 4004 mssmbios - ok
11:33:46.0808 4004 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:33:46.0839 4004 MSTEE - ok
11:33:46.0839 4004 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:33:46.0855 4004 MTConfig - ok
11:33:46.0855 4004 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:33:46.0855 4004 Mup - ok
11:33:46.0886 4004 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:33:46.0917 4004 napagent - ok
11:33:46.0933 4004 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:33:46.0964 4004 NativeWifiP - ok
11:33:46.0980 4004 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:33:46.0995 4004 NDIS - ok
11:33:47.0011 4004 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:33:47.0058 4004 NdisCap - ok
11:33:47.0058 4004 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:33:47.0089 4004 NdisTapi - ok
11:33:47.0120 4004 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:33:47.0167 4004 Ndisuio - ok
11:33:47.0183 4004 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:33:47.0229 4004 NdisWan - ok
11:33:47.0245 4004 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:33:47.0292 4004 NDProxy - ok
11:33:47.0307 4004 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
11:33:47.0323 4004 Netaapl - ok
11:33:47.0339 4004 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:33:47.0370 4004 NetBIOS - ok
11:33:47.0385 4004 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:33:47.0401 4004 NetBT - ok
11:33:47.0401 4004 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:33:47.0417 4004 Netlogon - ok
11:33:47.0432 4004 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:33:47.0463 4004 Netman - ok
11:33:47.0479 4004 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:33:47.0510 4004 netprofm - ok
11:33:47.0557 4004 [ 53D7442AA919C91D055DBD44635F32B1 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
11:33:47.0588 4004 netr28ux - ok
11:33:47.0619 4004 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:33:47.0619 4004 NetTcpPortSharing - ok
11:33:47.0635 4004 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:33:47.0651 4004 nfrd960 - ok
11:33:47.0666 4004 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:33:47.0713 4004 NlaSvc - ok
11:33:47.0791 4004 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
11:33:47.0838 4004 NOBU - ok
11:33:47.0853 4004 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:33:47.0869 4004 Npfs - ok
11:33:47.0900 4004 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:33:47.0931 4004 nsi - ok
11:33:47.0947 4004 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:33:47.0963 4004 nsiproxy - ok
11:33:48.0009 4004 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:33:48.0041 4004 Ntfs - ok
11:33:48.0056 4004 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:33:48.0134 4004 Null - ok
11:33:48.0165 4004 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:33:48.0181 4004 NVHDA - ok
11:33:48.0680 4004 [ 39DEFE644321F9A4B7F527664F628DEA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:33:48.0805 4004 nvlddmkm - ok
11:33:48.0821 4004 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:33:48.0836 4004 nvraid - ok
11:33:48.0836 4004 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:33:48.0852 4004 nvstor - ok
11:33:48.0883 4004 [ A8BD627C6B78745CE8D591E9636E533F ] nvsvc C:\Windows\system32\nvvsvc.exe
11:33:48.0899 4004 nvsvc - ok
11:33:48.0930 4004 [ ABF9218BC7B87ED93C0B5DEAD9E2F7E9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:33:48.0945 4004 nvUpdatusService - ok
11:33:48.0961 4004 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:33:48.0977 4004 nv_agp - ok
11:33:48.0992 4004 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:33:48.0992 4004 ohci1394 - ok
11:33:49.0023 4004 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:33:49.0039 4004 ose64 - ok
11:33:49.0133 4004 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:33:49.0226 4004 osppsvc - ok
11:33:49.0242 4004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:33:49.0273 4004 p2pimsvc - ok
11:33:49.0289 4004 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:33:49.0304 4004 p2psvc - ok
11:33:49.0320 4004 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:33:49.0320 4004 Parport - ok
11:33:49.0351 4004 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:33:49.0351 4004 partmgr - ok
11:33:49.0382 4004 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:33:49.0413 4004 PcaSvc - ok
11:33:49.0429 4004 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:33:49.0445 4004 pci - ok
11:33:49.0460 4004 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:33:49.0476 4004 pciide - ok
11:33:49.0476 4004 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:33:49.0491 4004 pcmcia - ok
11:33:49.0507 4004 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:33:49.0507 4004 pcw - ok
11:33:49.0538 4004 pdfcDispatcher - ok
11:33:49.0538 4004 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:33:49.0585 4004 PEAUTH - ok
11:33:49.0663 4004 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:33:49.0694 4004 PerfHost - ok
11:33:49.0741 4004 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:33:49.0819 4004 pla - ok
11:33:49.0835 4004 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:33:49.0866 4004 PlugPlay - ok
11:33:49.0881 4004 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:33:49.0913 4004 PNRPAutoReg - ok
11:33:49.0944 4004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:33:49.0959 4004 PNRPsvc - ok
11:33:49.0975 4004 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:33:50.0022 4004 PolicyAgent - ok
11:33:50.0037 4004 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:33:50.0084 4004 Power - ok
11:33:50.0115 4004 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:33:50.0147 4004 PptpMiniport - ok
11:33:50.0178 4004 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:33:50.0209 4004 Processor - ok
11:33:50.0240 4004 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:33:50.0256 4004 ProfSvc - ok
11:33:50.0271 4004 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:33:50.0271 4004 ProtectedStorage - ok
11:33:50.0287 4004 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:33:50.0318 4004 Psched - ok
11:33:50.0334 4004 [ 225D3660F926FE761BC8CE10C512AA02 ] PTSimBus C:\Windows\system32\DRIVERS\PTSimBus.sys
11:33:50.0365 4004 PTSimBus - ok
11:33:50.0396 4004 [ BD2194786ABAF4860F41118C0C103E7B ] PTSimHid C:\Windows\system32\DRIVERS\PTSimHid.sys
11:33:50.0427 4004 PTSimHid - ok
11:33:50.0459 4004 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:33:50.0505 4004 ql2300 - ok
11:33:50.0521 4004 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:33:50.0521 4004 ql40xx - ok
11:33:50.0552 4004 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:33:50.0568 4004 QWAVE - ok
11:33:50.0568 4004 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:33:50.0583 4004 QWAVEdrv - ok
11:33:50.0599 4004 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:33:50.0615 4004 RasAcd - ok
11:33:50.0630 4004 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:33:50.0677 4004 RasAgileVpn - ok
11:33:50.0693 4004 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:33:50.0739 4004 RasAuto - ok
11:33:50.0755 4004 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:33:50.0786 4004 Rasl2tp - ok
11:33:50.0786 4004 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:33:50.0817 4004 RasMan - ok
11:33:50.0833 4004 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:33:50.0895 4004 RasPppoe - ok
11:33:50.0895 4004 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:33:50.0927 4004 RasSstp - ok
11:33:50.0942 4004 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:33:50.0973 4004 rdbss - ok
11:33:50.0989 4004 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:33:51.0005 4004 rdpbus - ok
11:33:51.0020 4004 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:33:51.0036 4004 RDPCDD - ok
11:33:51.0036 4004 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:33:51.0067 4004 RDPENCDD - ok
11:33:51.0083 4004 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:33:51.0098 4004 RDPREFMP - ok
11:33:51.0129 4004 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:33:51.0145 4004 RDPWD - ok
11:33:51.0161 4004 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:33:51.0176 4004 rdyboost - ok
11:33:51.0207 4004 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:33:51.0254 4004 RemoteAccess - ok
11:33:51.0270 4004 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:33:51.0285 4004 RemoteRegistry - ok
11:33:51.0301 4004 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:33:51.0348 4004 RpcEptMapper - ok
11:33:51.0363 4004 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:33:51.0379 4004 RpcLocator - ok
11:33:51.0410 4004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
11:33:51.0441 4004 RpcSs - ok
11:33:51.0457 4004 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:33:51.0473 4004 rspndr - ok
11:33:51.0488 4004 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:33:51.0504 4004 RTL8167 - ok
11:33:51.0519 4004 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:33:51.0535 4004 SamSs - ok
11:33:51.0551 4004 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:33:51.0566 4004 sbp2port - ok
11:33:51.0582 4004 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:33:51.0644 4004 SCardSvr - ok
11:33:51.0675 4004 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
11:33:51.0691 4004 SCDEmu - ok
11:33:51.0707 4004 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:33:51.0769 4004 scfilter - ok
11:33:51.0785 4004 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:33:51.0831 4004 Schedule - ok
11:33:51.0847 4004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:33:51.0863 4004 SCPolicySvc - ok
11:33:51.0878 4004 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:33:51.0894 4004 SDRSVC - ok
11:33:51.0909 4004 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:33:51.0941 4004 secdrv - ok
11:33:51.0956 4004 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:33:51.0987 4004 seclogon - ok
11:33:52.0019 4004 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:33:52.0065 4004 SENS - ok
11:33:52.0065 4004 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:33:52.0081 4004 SensrSvc - ok
11:33:52.0097 4004 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:33:52.0112 4004 Serenum - ok
11:33:52.0112 4004 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:33:52.0128 4004 Serial - ok
11:33:52.0128 4004 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:33:52.0159 4004 sermouse - ok
11:33:52.0175 4004 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:33:52.0221 4004 SessionEnv - ok
11:33:52.0237 4004 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:33:52.0253 4004 sffdisk - ok
11:33:52.0268 4004 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:33:52.0299 4004 sffp_mmc - ok
11:33:52.0315 4004 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:33:52.0346 4004 sffp_sd - ok
11:33:52.0346 4004 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:33:52.0377 4004 sfloppy - ok
11:33:52.0409 4004 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:33:52.0440 4004 SharedAccess - ok
11:33:52.0455 4004 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:33:52.0487 4004 ShellHWDetection - ok
11:33:52.0502 4004 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:33:52.0518 4004 SiSRaid2 - ok
11:33:52.0518 4004 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:33:52.0518 4004 SiSRaid4 - ok
11:33:52.0565 4004 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:33:52.0565 4004 SkypeUpdate - ok
11:33:52.0565 4004 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:33:52.0596 4004 Smb - ok
11:33:52.0627 4004 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:33:52.0643 4004 SNMPTRAP - ok
11:33:52.0658 4004 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:33:52.0658 4004 spldr - ok
11:33:52.0705 4004 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:33:52.0736 4004 Spooler - ok
11:33:52.0814 4004 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:33:52.0892 4004 sppsvc - ok
11:33:52.0892 4004 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:33:52.0939 4004 sppuinotify - ok
11:33:52.0955 4004 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:33:52.0970 4004 srv - ok
11:33:52.0986 4004 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:33:53.0001 4004 srv2 - ok
11:33:53.0001 4004 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:33:53.0017 4004 srvnet - ok
11:33:53.0017 4004 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:33:53.0064 4004 SSDPSRV - ok
11:33:53.0079 4004 [ D1E083D50F354A1840C9DF1C62437BC9 ] SSMO3v2Filter C:\Windows\system32\drivers\MO3v2Driver.sys
11:33:53.0095 4004 SSMO3v2Filter - ok
11:33:53.0111 4004 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:33:53.0142 4004 SstpSvc - ok
11:33:53.0173 4004 [ E942412186178B1331F8335E30FA076F ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
11:33:53.0204 4004 STacSV - ok
11:33:53.0251 4004 [ 2C25A72B53B28034BE260D81C4EA4955 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:33:53.0282 4004 Stereo Service - ok
11:33:53.0313 4004 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:33:53.0313 4004 stexstor - ok
11:33:53.0345 4004 [ DCC8845692DEA3477BCF6CE9D06C711F ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
11:33:53.0360 4004 STHDA - ok
11:33:53.0391 4004 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:33:53.0407 4004 stisvc - ok
11:33:53.0423 4004 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:33:53.0438 4004 swenum - ok
11:33:53.0454 4004 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:33:53.0501 4004 swprv - ok
11:33:53.0532 4004 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:33:53.0579 4004 SysMain - ok
11:33:53.0579 4004 Tablet2k - ok
11:33:53.0610 4004 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:33:53.0641 4004 TabletInputService - ok
11:33:53.0657 4004 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
11:33:53.0688 4004 tap0901 - ok
11:33:53.0719 4004 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
11:33:53.0719 4004 taphss - ok
11:33:53.0735 4004 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:33:53.0781 4004 TapiSrv - ok
11:33:53.0813 4004 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:33:53.0859 4004 TBS - ok
11:33:53.0891 4004 [ 530A7F0966493DD437E4342F12CCD63B ] TClass2k C:\Windows\system32\DRIVERS\TClass2k.sys
11:33:53.0922 4004 TClass2k - ok
11:33:53.0969 4004 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:33:54.0015 4004 Tcpip - ok
11:33:54.0031 4004 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:33:54.0062 4004 TCPIP6 - ok
11:33:54.0078 4004 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:33:54.0109 4004 tcpipreg - ok
11:33:54.0140 4004 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:33:54.0140 4004 TDPIPE - ok
11:33:54.0171 4004 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:33:54.0171 4004 TDTCP - ok
11:33:54.0187 4004 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:33:54.0218 4004 tdx - ok
11:33:54.0218 4004 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:33:54.0234 4004 TermDD - ok
11:33:54.0249 4004 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:33:54.0281 4004 TermService - ok
11:33:54.0296 4004 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:33:54.0327 4004 Themes - ok
11:33:54.0343 4004 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:33:54.0359 4004 THREADORDER - ok
11:33:54.0374 4004 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:33:54.0405 4004 TrkWks - ok
11:33:54.0452 4004 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:33:54.0468 4004 TrustedInstaller - ok
11:33:54.0483 4004 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:33:54.0515 4004 tssecsrv - ok
11:33:54.0530 4004 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:33:54.0546 4004 TsUsbFlt - ok
11:33:54.0561 4004 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:33:54.0593 4004 tunnel - ok
11:33:54.0624 4004 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:33:54.0624 4004 uagp35 - ok
11:33:54.0655 4004 [ 01662B4865FDB282677B11CF416757CE ] UCTblHid C:\Windows\system32\DRIVERS\UCTblHid.sys
11:33:54.0671 4004 UCTblHid - ok
11:33:54.0702 4004 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:33:54.0733 4004 udfs - ok
11:33:54.0749 4004 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:33:54.0764 4004 UI0Detect - ok
11:33:54.0780 4004 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:33:54.0780 4004 uliagpkx - ok
11:33:54.0811 4004 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:33:54.0827 4004 umbus - ok
11:33:54.0827 4004 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:33:54.0842 4004 UmPass - ok
11:33:54.0920 4004 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:33:54.0967 4004 UNS - ok
11:33:54.0983 4004 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:33:55.0014 4004 upnphost - ok
11:33:55.0029 4004 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:33:55.0045 4004 USBAAPL64 - ok
11:33:55.0061 4004 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:33:55.0076 4004 usbccgp - ok
11:33:55.0092 4004 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:33:55.0107 4004 usbcir - ok
11:33:55.0123 4004 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:33:55.0139 4004 usbehci - ok
11:33:55.0139 4004 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:33:55.0154 4004 usbhub - ok
11:33:55.0170 4004 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:33:55.0185 4004 usbohci - ok
11:33:55.0201 4004 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:33:55.0232 4004 usbprint - ok
11:33:55.0232 4004 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:33:55.0263 4004 USBSTOR - ok
11:33:55.0279 4004 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:33:55.0295 4004 usbuhci - ok
11:33:55.0310 4004 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:33:55.0341 4004 UxSms - ok
11:33:55.0357 4004 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:33:55.0357 4004 VaultSvc - ok
11:33:55.0373 4004 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:33:55.0373 4004 vdrvroot - ok
11:33:55.0404 4004 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:33:55.0435 4004 vds - ok
11:33:55.0466 4004 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:33:55.0466 4004 vga - ok
11:33:55.0482 4004 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:33:55.0513 4004 VgaSave - ok
11:33:55.0529 4004 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:33:55.0529 4004 vhdmp - ok
11:33:55.0544 4004 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:33:55.0560 4004 viaide - ok
11:33:55.0575 4004 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:33:55.0575 4004 volmgr - ok
11:33:55.0591 4004 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:33:55.0607 4004 volmgrx - ok
11:33:55.0622 4004 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:33:55.0638 4004 volsnap - ok
11:33:55.0653 4004 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:33:55.0653 4004 vsmraid - ok
11:33:55.0700 4004 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:33:55.0763 4004 VSS - ok
11:33:55.0763 4004 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:33:55.0794 4004 vwifibus - ok
11:33:55.0794 4004 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:33:55.0825 4004 vwififlt - ok
11:33:55.0856 4004 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:33:55.0887 4004 W32Time - ok
11:33:55.0903 4004 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:33:55.0919 4004 WacomPen - ok
11:33:55.0950 4004 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:33:55.0997 4004 WANARP - ok
11:33:56.0012 4004 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:33:56.0028 4004 Wanarpv6 - ok
11:33:56.0075 4004 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:33:56.0090 4004 WatAdminSvc - ok
11:33:56.0121 4004 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:33:56.0153 4004 wbengine - ok
11:33:56.0168 4004 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:33:56.0184 4004 WbioSrvc - ok
11:33:56.0215 4004 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:33:56.0231 4004 wcncsvc - ok
11:33:56.0246 4004 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:33:56.0262 4004 WcsPlugInService - ok
11:33:56.0293 4004 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:33:56.0293 4004 Wd - ok
11:33:56.0324 4004 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:33:56.0340 4004 Wdf01000 - ok
11:33:56.0340 4004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:33:56.0371 4004 WdiServiceHost - ok
11:33:56.0371 4004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:33:56.0387 4004 WdiSystemHost - ok
11:33:56.0418 4004 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:33:56.0449 4004 WebClient - ok
11:33:56.0465 4004 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:33:56.0527 4004 Wecsvc - ok
11:33:56.0543 4004 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:33:56.0574 4004 wercplsupport - ok
11:33:56.0589 4004 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:33:56.0605 4004 WerSvc - ok
11:33:56.0621 4004 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:33:56.0636 4004 WfpLwf - ok
11:33:56.0652 4004 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:33:56.0652 4004 WIMMount - ok
11:33:56.0667 4004 WinDefend - ok
11:33:56.0667 4004 WinHttpAutoProxySvc - ok
11:33:56.0714 4004 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:33:56.0777 4004 Winmgmt - ok
11:33:56.0823 4004 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:33:56.0870 4004 WinRM - ok
11:33:56.0886 4004 [ 935471EC43505CB23DA16600562EE19A ] WinTabService C:\Windows\System32\Drivers\WTSRV.EXE
11:33:56.0901 4004 WinTabService ( UnsignedFile.Multi.Generic ) - warning
11:33:56.0901 4004 WinTabService - detected UnsignedFile.Multi.Generic (1)
11:33:56.0933 4004 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:33:56.0979 4004 Wlansvc - ok
11:33:57.0073 4004 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:33:57.0104 4004 wlidsvc - ok
11:33:57.0135 4004 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:33:57.0151 4004 WmiAcpi - ok
11:33:57.0167 4004 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:33:57.0198 4004 wmiApSrv - ok
11:33:57.0213 4004 WMPNetworkSvc - ok
11:33:57.0245 4004 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:33:57.0260 4004 WPCSvc - ok
11:33:57.0276 4004 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:33:57.0291 4004 WPDBusEnum - ok
11:33:57.0307 4004 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:33:57.0369 4004 ws2ifsl - ok
11:33:57.0369 4004 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:33:57.0401 4004 wscsvc - ok
11:33:57.0401 4004 WSearch - ok
11:33:57.0447 4004 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:33:57.0479 4004 wuauserv - ok
11:33:57.0479 4004 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:33:57.0510 4004 WudfPf - ok
11:33:57.0541 4004 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:33:57.0557 4004 WUDFRd - ok
11:33:57.0572 4004 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:33:57.0603 4004 wudfsvc - ok
11:33:57.0619 4004 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:33:57.0650 4004 WwanSvc - ok
11:33:57.0650 4004 ================ Scan global ===============================
11:33:57.0681 4004 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:33:57.0713 4004 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:33:57.0713 4004 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:33:57.0728 4004 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:33:57.0744 4004 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:33:57.0759 4004 [Global] - ok
11:33:57.0759 4004 ================ Scan MBR ==================================
11:33:57.0759 4004 [ 68048B3B3313A19B3177D78C4E5707C1 ] \Device\Harddisk0\DR0
11:33:58.0040 4004 \Device\Harddisk0\DR0 - ok
11:33:58.0040 4004 ================ Scan VBR ==================================
11:33:58.0040 4004 [ F34109DBBE4A218FF03B85FD2C14D922 ] \Device\Harddisk0\DR0\Partition1
11:33:58.0040 4004 \Device\Harddisk0\DR0\Partition1 - ok
11:33:58.0087 4004 [ 3A3005A02ED4B67F43EF6C3E55C6B814 ] \Device\Harddisk0\DR0\Partition2
11:33:58.0087 4004 \Device\Harddisk0\DR0\Partition2 - ok
11:33:58.0118 4004 [ 254CEFB76C405B0747DDCD64AE479A8E ] \Device\Harddisk0\DR0\Partition3
11:33:58.0118 4004 \Device\Harddisk0\DR0\Partition3 - ok
11:33:58.0118 4004 ============================================================
11:33:58.0118 4004 Scan finished
11:33:58.0118 4004 ============================================================
11:33:58.0134 4068 Detected object count: 3
11:33:58.0134 4068 Actual detected object count: 3
11:34:25.0293 4068 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:34:25.0293 4068 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:34:25.0293 4068 LOWERP ( UnsignedFile.Multi.Generic ) - skipped by user
11:34:25.0293 4068 LOWERP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:34:25.0309 4068 WinTabService ( UnsignedFile.Multi.Generic ) - skipped by user
11:34:25.0309 4068 WinTabService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:34:28.0226 2492 Deinitialize success

Malwarebytes:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nawaf :: NAWAF-HP [administrator]

8/26/2012 11:35:06 AM
mbam-log-2012-08-26 (11-35-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215738
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#4
phantomsx

phantomsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
the sfc /scannow command gives me a no problem found result.
VEM couldnt run due to not being coded for my language (Arabic)
when i ran OTL the box custom scans/fixes was empty. pasting the 2 logs i get from OTL we get:
OTL:

OTL logfile created on: 8/26/2012 11:58:27 AM - Run 2
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\Nawaf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.09 Gb Available Physical Memory | 76.27% Memory free
15.96 Gb Paging File | 14.00 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.71 Gb Total Space | 1575.25 Gb Free Space | 85.16% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.59 Gb Free Space | 12.07% Space Free | Partition Type: NTFS

Computer Name: NAWAF-HP | User Name: Nawaf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/08/26 06:38:43 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Nawaf\Desktop\OTL.exe
PRC - [2012/08/21 12:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 12:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/29 06:37:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/06/28 17:44:30 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/06/07 12:40:40 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011/08/19 11:11:26 | 002,548,224 | ---- | M] (SteelSeries) -- C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
PRC - [2011/08/18 11:36:54 | 001,993,216 | ---- | M] (SteelSeries) -- C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/10/05 17:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 17:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/28 18:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/05/25 15:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/09/18 10:24:08 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2009/08/21 09:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/08/19 21:24:24 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe
PRC - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2009/05/09 02:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/09 02:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/28 05:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/18 01:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/18 01:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/18 01:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/18 01:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/18 01:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/11 13:10:04 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\WinTab32.dll
MOD - [2009/07/07 18:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
MOD - [2009/02/28 05:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/20 03:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 12:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/24 02:23:14 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/08/06 05:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/09/23 17:34:06 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/08/25 06:39:14 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/29 06:37:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/06/28 17:44:30 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/06/23 00:18:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/31 11:51:32 | 003,272,704 | ---- | M] (LowerPing) [On_Demand | Stopped] -- C:\Program Files (x86)\LowerPing\LowerP.EXE -- (LOWERP)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/26 06:20:28 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/10/05 17:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 17:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/28 18:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/19 04:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 12:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 12:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 12:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 12:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 12:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 12:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/07/24 23:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/07/24 23:11:52 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/05/21 16:10:51 | 000,188,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/23 14:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/09 18:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 11:55:30 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/12/17 15:25:44 | 000,023,040 | ---- | M] (Sagatek Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MO3v2Driver.sys -- (SSMO3v2Filter)
DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/13 16:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/12 11:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 14:42:36 | 000,022,696 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2009/06/18 14:42:18 | 000,027,304 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2009/06/18 14:42:00 | 000,017,064 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2009/06/18 14:41:48 | 000,027,304 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nawaf\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nawaf\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/26 08:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 00:18:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Nawaf\AppData\Roaming\IDM\idmmzcc5 [2012/06/07 12:39:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 00:18:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Nawaf\AppData\Roaming\IDM\idmmzcc5 [2012/06/07 12:39:33 | 000,000,000 | ---D | M]

[2012/06/07 12:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nawaf\AppData\Roaming\Mozilla\Extensions
[2012/06/08 12:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nawaf\AppData\Roaming\Mozilla\Firefox\Profiles\2j07ydun.default\extensions
[2012/08/26 11:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/06/07 12:39:33 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\NAWAF\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/06/23 00:18:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 18:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 18:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.animetake.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.animetake.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nawaf\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: avast! WebRep = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Azusa Nakano = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\miemcinalacnaglobiaokemajdehgllg\1_0\
CHR - Extension: Gmail = C:\Users\Nawaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/26 11:23:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)
O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [Device Doctor] C:\Program Files (x86)\Device Doctor\DDLauncher.exe (Device Doctor Software Inc.)
O4 - HKCU..\Run: [IDMan] c:\program files (x86)\internet download manager\idman.exe (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nawaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}: DhcpNameServer = 196.1.69.98 196.1.69.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7227B5F1-88BD-4B98-A72C-661324A43424}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7227B5F1-88BD-4B98-A72C-661324A43424}: NameServer = 8.8.8.8,4.2.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 11:50:36 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\Desktop\Scans
[2012/08/26 11:24:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/26 11:22:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/26 11:16:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/26 11:16:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/26 11:16:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/26 11:15:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/26 11:14:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/26 11:03:41 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\ElevatedDiagnostics
[2012/08/26 08:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/26 08:06:37 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/26 08:06:37 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/26 08:06:35 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/26 08:06:34 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/26 08:06:34 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/26 08:06:34 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/26 08:06:34 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/26 08:06:16 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/26 08:06:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/26 08:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/26 08:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/26 06:48:46 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F89EAD39-4042-4030-B654-20C6386673FF}
[2012/08/26 06:38:40 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\Nawaf\Desktop\OTL.exe
[2012/08/26 06:34:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/26 03:42:16 | 026,226,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/08/26 03:42:16 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/08/26 03:42:16 | 019,828,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/08/26 03:42:16 | 018,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/08/26 03:42:16 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/08/26 03:42:16 | 009,164,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/08/26 03:42:16 | 007,699,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/08/26 03:42:16 | 002,744,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/08/26 03:42:16 | 002,573,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/08/26 03:42:16 | 002,422,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/08/26 03:42:16 | 002,216,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/08/26 03:42:16 | 001,865,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/08/26 03:42:16 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012/08/26 03:42:16 | 000,828,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/08/26 03:42:16 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/08/26 03:42:16 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/08/26 03:42:16 | 000,188,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/08/26 03:42:16 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/08/26 02:39:38 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\Guild Wars 2
[2012/08/25 18:48:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{84215494-4B30-40E6-BBEE-C8816D521904}
[2012/08/25 10:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/08/25 10:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012/08/25 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\Documents\Guild Wars 2
[2012/08/25 06:47:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9E2A0723-A069-4352-9099-54AD2ABF46A2}
[2012/08/25 06:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/25 04:18:43 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Malwarebytes
[2012/08/25 04:18:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/25 04:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/25 04:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/25 04:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/25 04:14:00 | 059,884,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/08/24 18:47:33 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B3CB3E71-743C-46E8-9247-AB6E31773AAE}
[2012/08/23 20:01:06 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{73EBA53C-D5A6-4257-877C-A975ACBBD9B9}
[2012/08/23 08:00:42 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{77A07170-5EB6-4B2A-B8F8-D73D995EE895}
[2012/08/22 18:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/22 18:22:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/22 18:22:29 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/22 18:22:29 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/22 18:22:29 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/22 16:53:32 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{582888AF-D1E7-4487-BB15-A86C0ECC0AB9}
[2012/08/21 16:52:56 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E404A768-3623-4495-84A6-4551128DFE77}
[2012/08/21 00:21:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{A2A82F1C-E9F0-4B69-B8EF-C3CE34CFDE1E}
[2012/08/20 07:21:25 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{190955FC-27C3-4FCC-8C54-FD1541A75A7B}
[2012/08/19 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Reviversoft
[2012/08/19 17:36:36 | 000,018,240 | ---- | C] (ReviverSoft) -- C:\Windows\SysNative\roboot64.exe
[2012/08/19 17:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2012/08/19 17:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reviversoft
[2012/08/19 17:31:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2012/08/19 17:31:46 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\PackageAware
[2012/08/19 17:24:30 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Uniblue
[2012/08/19 17:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/08/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012/08/19 17:01:51 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/19 17:01:50 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/19 17:01:50 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/19 17:01:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/19 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D90EF747-337B-46C0-8502-C7537796F995}
[2012/08/18 19:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/08/18 19:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012/08/18 13:56:25 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3058724F-F615-4CC9-B5D6-958B24F0BC84}
[2012/08/18 13:56:14 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{264BDDE6-81BE-4A07-9B2B-39580C0ED345}
[2012/08/18 01:48:35 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{C36174C3-177B-419B-AEA2-0E56881D1185}
[2012/08/18 01:48:23 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B0FCE5E2-31D2-4E93-9EE1-7E0F8E624FBA}
[2012/08/17 13:47:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{FBBAA717-F0A2-48A6-B80A-C3CE64E40068}
[2012/08/17 13:47:45 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{13CA0861-0FE6-4CD2-BF7B-737E191AF79D}
[2012/08/17 01:25:37 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{640C0543-F045-4850-865C-2FB84B9AFE70}
[2012/08/17 01:25:26 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{493F6D4F-2839-44D2-9260-D957252BC786}
[2012/08/16 13:25:00 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{58824C71-A113-40D7-8FD4-F2F16A36CE32}
[2012/08/16 13:24:47 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{AFCBED33-46B0-449C-9D32-4DC7EFF18F81}
[2012/08/16 03:12:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 03:12:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 03:12:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 03:12:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 03:12:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 03:12:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 03:12:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 03:12:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 03:12:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 03:12:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 03:12:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 03:12:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 03:12:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/16 03:09:01 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/16 03:09:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/16 03:09:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/16 03:09:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/16 01:24:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{A25665BC-07AD-4AEF-88CC-58FD2472248D}
[2012/08/16 01:24:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3817A034-0E3F-497A-A1D8-7CBA37DD1BC9}
[2012/08/15 13:23:44 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3FA2AF25-0B8F-4EB5-ABE2-4AB757D85DD8}
[2012/08/15 13:23:33 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3D59609B-A80B-4DDF-8AC7-D1EC1F894F30}
[2012/08/15 01:23:07 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{7A984788-79B6-42A7-8B9D-7B7681C1A770}
[2012/08/15 01:22:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{06FCFE14-D950-48DC-8F31-5EA723B2DDCF}
[2012/08/14 18:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pen Tablet
[2012/08/14 18:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PEN TABLET
[2012/08/14 18:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet Software
[2012/08/14 18:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TABLET SOFTWARE
[2012/08/14 17:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2012/08/14 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
[2012/08/14 17:36:13 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Downloaded Installations
[2012/08/14 16:15:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Mumble
[2012/08/14 16:15:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\Mumble
[2012/08/14 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{306B6760-CA5E-4829-89EB-FB907B5CC4E7}
[2012/08/14 13:22:19 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{4A007076-463F-44A2-AF6C-045E4D6F577B}
[2012/08/14 01:07:22 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D5BB0A97-F69B-48DF-A169-BD90BBA01934}
[2012/08/14 01:07:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D8524266-151B-48BE-BEF7-288E6EB9A95B}
[2012/08/13 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{7732D333-FCE6-4CAF-801A-0DDE4FD586AC}
[2012/08/13 01:06:19 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B78C161A-A2FE-4445-BB31-B9661C10431A}
[2012/08/12 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9F09FF44-D037-4D1D-9BF6-0040086BCDE9}
[2012/08/12 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{EF91DED0-3480-49B1-B701-5CCE067A8D16}
[2012/08/12 01:05:10 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{06EA2F0E-A22C-4B83-8C6D-D1109014C1E1}
[2012/08/12 01:04:59 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{91FA2DBF-E6F2-4D2B-8D07-9F903B579E38}
[2012/08/11 13:11:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
[2012/08/11 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{55D87EF6-0B10-43B8-9256-137DCA9B611A}
[2012/08/11 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D1CAEB55-03DA-46D1-B255-DB50474203E4}
[2012/08/10 23:27:39 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F4A17F0C-007D-4C1C-97D5-5B87ED8097C2}
[2012/08/10 23:27:28 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B3E135C0-10C6-42B0-A423-619F4038929E}
[2012/08/10 11:27:01 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{269307A1-8153-4567-A245-9F458AFCF6BB}
[2012/08/10 11:26:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{1A35121F-FCC7-4F26-A145-0CD1443BCA0B}
[2012/08/09 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9BED4E36-00C7-4CF2-B8C9-B5335A7D02B8}
[2012/08/09 23:26:11 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{82069978-209B-45DB-8A50-C317E96FF85C}
[2012/08/09 07:33:42 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9FDD522E-E729-4F39-B453-B2D3668AF216}
[2012/08/09 07:33:30 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{327F8DE2-7B70-4432-9169-2AC739BF0995}
[2012/08/08 19:33:03 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{B3EE49FD-222F-4594-BD37-887C548081AC}
[2012/08/08 19:32:52 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{678B0AD1-FADC-4C52-9D02-E0558E0A6565}
[2012/08/08 07:32:26 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{AA5D6B82-8CA4-489A-AB1D-48C88F31207C}
[2012/08/07 19:32:01 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{3166C3C8-0E62-4C97-B721-F1B683B662CF}
[2012/08/07 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{58D716E8-3770-4D56-93D5-FF827C507032}
[2012/08/07 07:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012/08/07 07:31:22 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{6527EA24-2C29-4979-8398-E5424CD24F18}
[2012/08/06 19:30:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E3009958-8913-4D94-AD09-4C34244FE4DD}
[2012/08/06 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{4CFF4802-7550-49FF-BDFE-049507EEEF1F}
[2012/08/05 22:06:08 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{41C1844D-147F-4E35-922C-16ACC1541CD8}
[2012/08/05 22:05:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E5D2DDC3-0477-41E3-B143-7752692EAA9E}
[2012/08/04 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{AE1D2F94-CC9C-4210-B532-A792FAE81BA0}
[2012/08/04 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{39369D2B-C919-45B5-A832-7626990041B5}
[2012/08/04 10:50:29 | 000,024,448 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2012/08/04 10:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2012/08/04 10:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
[2012/08/04 10:32:13 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\IObit
[2012/08/04 10:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/08/04 10:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\iobit
[2012/08/04 09:58:15 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/08/04 09:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/04 09:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/08/04 09:53:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/04 09:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/04 09:08:21 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{2899EB0C-0213-4F11-91DC-BA26938F7510}
[2012/08/04 02:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/08/04 02:53:15 | 001,468,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/08/04 02:53:14 | 015,290,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/08/04 02:53:14 | 012,388,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/08/04 02:53:14 | 000,969,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/08/04 02:53:14 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/08/04 02:53:14 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/08/04 01:53:04 | 001,758,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/08/04 01:53:04 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/08/04 01:53:04 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2012/08/04 01:53:04 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/08/04 01:53:04 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/08/04 01:51:58 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/08/04 01:44:33 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/08/04 01:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/08/04 01:37:46 | 001,547,616 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2012/08/04 01:37:46 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012/08/04 01:34:57 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\WinRAR
[2012/08/04 01:31:30 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Device Doctor
[2012/08/04 01:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor
[2012/08/04 01:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Device Doctor
[2012/08/03 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{5D695209-6EA1-4F48-922D-0E2306E1C05E}
[2012/08/03 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{6E253845-CEA7-4BE8-9BD2-29A50CA534FE}
[2012/08/03 16:38:52 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{E5AFE105-F826-4CC5-8677-A36F13B8BEC5}
[2012/08/02 22:43:00 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/02 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/02 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/08/02 17:50:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F0046B75-1A90-450D-9E4E-B85DC2154731}
[2012/08/02 17:50:04 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9C203CB5-BE5B-48D3-A4A4-4397FBFD39BB}
[2012/08/02 04:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012/08/02 04:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2012/08/02 03:03:37 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{90D9B343-A6EE-487F-A0C6-CAF6A34EB64C}
[2012/08/02 03:03:26 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{587C944F-7B6B-43CC-9C89-547C6B9AF604}
[2012/08/01 15:03:00 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{88C6DEBC-E7C8-4FD1-A79D-5E025FF498EA}
[2012/08/01 15:02:49 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{934B1B52-B051-40AD-8C04-38F065321DB1}
[2012/08/01 09:40:53 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\TERA-Diagnostic
[2012/08/01 08:19:29 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/08/01 08:19:26 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/08/01 08:19:26 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/08/01 08:07:03 | 000,000,000 | -HSD | C] -- C:\Users\Nawaf\AppData\Local\ms-drivers
[2012/08/01 08:06:54 | 000,000,000 | -HSD | C] -- C:\Users\Nawaf\AppData\Local\icsxml
[2012/08/01 07:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\TERA
[2012/08/01 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\BattlePing
[2012/08/01 07:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BattlePing
[2012/08/01 07:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BattlePing
[2012/07/31 22:43:15 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{DAB6EE53-1362-4048-B3F2-36BFE2FCED23}
[2012/07/31 22:43:03 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{51D23349-7681-41DB-8A72-B408650E34DB}
[2012/07/31 10:42:50 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{04094001-CD76-4F69-B27D-BDE38C356331}
[2012/07/31 10:42:04 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{76ADA4A4-A144-401F-982A-9C20E9D0DF62}
[2012/07/30 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{6AA3AC9A-49DE-4D4A-BF39-52C04F4D2EE7}
[2012/07/30 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{72C95815-4052-4455-9B3D-30EF60BAE711}
[2012/07/30 17:56:05 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{4197CD3B-1BA4-43B9-9E73-8C9F93A7E7CD}
[2012/07/30 00:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{9EF09234-E61A-4510-8D83-80A836BA08B4}
[2012/07/30 00:28:28 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{F3D85853-A5D4-4487-9438-E2E5EAEA6DA7}
[2012/07/29 13:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
[2012/07/29 13:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteelSeries
[2012/07/29 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{2B504156-22FD-42A4-AB3E-37921DF0A009}
[2012/07/29 12:27:51 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D7F32887-B32B-4077-827F-A882B17B83C1}
[2012/07/28 22:45:12 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/28 22:45:12 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/28 22:45:12 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/28 22:45:06 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/28 22:45:06 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/28 22:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 18:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012/07/28 18:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/07/28 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{BFBDACE5-6874-4D78-9996-9FE7F4533A64}
[2012/07/28 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{20C42F10-FDCB-4D51-B605-ABA1A9752006}
[2012/07/28 01:54:36 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{318CFBF6-53BD-4369-8CA2-556ED2AE0424}
[2012/07/28 01:54:25 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{0E1E4A6F-9B6C-4539-A00A-F56C1DB9D47F}
[2012/07/27 13:53:59 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{17318693-5B15-4C96-A56B-E8A247BEF579}
[2012/07/27 13:53:47 | 000,000,000 | ---D | C] -- C:\Users\Nawaf\AppData\Local\{D9D97365-CB4B-4141-ACFC-64E9F8DF28CB}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/26 11:49:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 11:49:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 11:48:32 | 000,721,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/26 11:48:32 | 000,612,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/26 11:48:32 | 000,105,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/26 11:46:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3819528912-3924640605-2489132768-1000UA.job
[2012/08/26 11:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 11:41:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/26 11:41:20 | 2133,733,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 11:23:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/26 08:06:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/26 06:38:43 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Nawaf\Desktop\OTL.exe
[2012/08/26 05:57:53 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}
[2012/08/26 05:57:53 | 000,003,284 | ---- | M] () -- C:\Users\Nawaf\AppData\Roaming\ANIWZCS{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}
[2012/08/26 03:28:26 | 002,587,881 | ---- | M] () -- C:\Users\Nawaf\Desktop\reso.png
[2012/08/25 16:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3819528912-3924640605-2489132768-1000Core.job
[2012/08/25 06:39:14 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/25 06:39:14 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/24 07:02:53 | 001,717,714 | ---- | M] () -- C:\Users\Nawaf\Desktop\DNS.png
[2012/08/22 18:22:25 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/22 18:22:25 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/22 18:22:25 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/22 18:22:25 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/22 18:22:25 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/22 18:22:25 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/21 12:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 12:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 12:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 12:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 12:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 12:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 12:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 12:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 12:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/20 07:19:45 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2012/08/19 17:36:36 | 000,001,280 | ---- | M] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Reviver.lnk
[2012/08/19 17:07:37 | 000,302,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/18 19:34:55 | 000,002,377 | ---- | M] () -- C:\Users\Nawaf\Documents\MumbleAutomaticCertificateBackup.p12
[2012/08/14 19:23:27 | 000,001,958 | ---- | M] () -- C:\Windows\Tablet8000x6000M.ini
[2012/08/14 18:03:00 | 000,000,142 | ---- | M] () -- C:\Windows\PenSign.INI
[2012/08/08 21:20:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNAWAF-HP$.job
[2012/08/07 22:54:02 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNawaf.job
[2012/08/06 02:13:47 | 000,002,872 | ---- | M] () -- C:\Windows\SysWow64\LOWERP.ini
[2012/08/06 02:13:47 | 000,001,544 | ---- | M] () -- C:\Windows\SysWow64\LPOff.ini
[2012/08/06 02:13:47 | 000,001,544 | ---- | M] () -- C:\Windows\SysNative\LPOff.ini
[2012/08/04 10:13:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/04 01:50:08 | 000,014,416 | ---- | M] () -- C:\Users\Nawaf\Documents\cc_20120804_015004.reg
[2012/08/03 04:46:56 | 059,884,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/08/02 04:20:12 | 000,001,844 | ---- | M] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\TERA.lnk
[2012/08/01 07:20:53 | 000,000,037 | -HS- | M] () -- C:\Users\Nawaf\AppData\Local\1754111884ee9ab5277ca00.95260103
[2012/07/28 22:45:00 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/28 22:45:00 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/28 22:45:00 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/28 22:44:59 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/28 22:44:59 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/26 11:16:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/26 11:16:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/26 11:16:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/26 11:16:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/26 11:16:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/26 08:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/26 03:42:16 | 000,016,048 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/08/26 03:28:26 | 002,587,881 | ---- | C] () -- C:\Users\Nawaf\Desktop\reso.png
[2012/08/24 07:02:53 | 001,717,714 | ---- | C] () -- C:\Users\Nawaf\Desktop\DNS.png
[2012/08/19 17:41:38 | 000,002,400 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2012/08/19 17:36:36 | 000,001,280 | ---- | C] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Reviver.lnk
[2012/08/18 19:34:55 | 000,002,377 | ---- | C] () -- C:\Users\Nawaf\Documents\MumbleAutomaticCertificateBackup.p12
[2012/08/14 19:23:27 | 000,001,958 | ---- | C] () -- C:\Windows\Tablet8000x6000M.ini
[2012/08/14 18:03:00 | 000,000,142 | ---- | C] () -- C:\Windows\PenSign.INI
[2012/08/04 02:53:52 | 002,667,062 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/08/04 01:50:05 | 000,014,416 | ---- | C] () -- C:\Users\Nawaf\Documents\cc_20120804_015004.reg
[2012/08/04 01:44:33 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/08/04 01:37:46 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012/08/02 04:20:12 | 000,001,844 | ---- | C] () -- C:\Users\Nawaf\Application Data\Microsoft\Internet Explorer\Quick Launch\TERA.lnk
[2012/08/01 08:20:47 | 000,001,637 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT Audio Control Panel.lnk
[2012/08/01 07:20:53 | 000,000,037 | -HS- | C] () -- C:\Users\Nawaf\AppData\Local\1754111884ee9ab5277ca00.95260103
[2012/07/28 18:49:05 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/06/28 17:44:42 | 000,428,904 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/06/18 22:15:53 | 000,000,600 | ---- | C] () -- C:\Users\Nawaf\AppData\Local\PUTTY.RND
[2012/06/07 13:47:06 | 000,003,284 | ---- | C] () -- C:\Users\Nawaf\AppData\Roaming\ANIWZCS{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}
[2012/06/07 13:43:19 | 000,000,253 | ---- | C] () -- C:\Users\Nawaf\AppData\Roaming\ANICONFIG_{2AEE3FC5-2A6E-41D8-9BD8-96C32A47ECD7}.ini
[2012/06/07 12:31:59 | 002,246,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/07 12:14:38 | 000,002,872 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2012/06/07 12:14:38 | 000,001,544 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2012/06/07 12:04:22 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2012/06/07 12:04:11 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2012/06/07 12:04:11 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2012/06/07 12:04:11 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2012/06/07 12:04:11 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2012/06/07 12:03:47 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2012/06/07 12:03:21 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2012/06/07 12:03:21 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012/06/07 12:03:21 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2012/06/07 11:42:47 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/07/29 18:07:58 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/07/29 17:57:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/09/21 20:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

< End of report >


Extras:

OTL Extras logfile created on: 8/26/2012 11:58:27 AM - Run 2
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\Nawaf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.09 Gb Available Physical Memory | 76.27% Memory free
15.96 Gb Paging File | 14.00 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.71 Gb Total Space | 1575.25 Gb Free Space | 85.16% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.59 Gb Free Space | 12.07% Space Free | Partition Type: NTFS

Computer Name: NAWAF-HP | User Name: Nawaf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Nawaf\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCEB974-E08B-46D0-8026-F4CDE7F3B643}" = lport=138 | protocol=17 | dir=in | app=system |
"{14B7699A-26ED-412D-99B9-C8A3975D9B43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F220161-607E-41DE-8637-85E3604D5E80}" = rport=445 | protocol=6 | dir=out | app=system |
"{4171D3C5-7E65-4163-93BE-0EAB6E1EF08C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63FA8600-CB18-4DD8-86EA-C2737EDDB473}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{827FEBD8-5955-4070-96FB-81DBF1F49ADD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{89202623-58C9-4561-B84A-AC506CFC574E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B7F5C6E-8ACF-49EE-BCA8-43F4D849B22D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8CEE94F2-0ECC-4A9E-820A-3557C1D9B8AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E9265EB-B920-4739-8271-AD3E37DFD444}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2AB44FB-F3EA-4BCC-B368-E08C8CE42D18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8078641-8A1A-4BC9-929D-52F5E2B8C5DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{AB137D11-047F-4447-8688-528295EBDC50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB6DD801-50F0-482E-89C2-BEBD85A0ACDD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB6A4CCA-CB51-492C-89E2-FB4350EC6652}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C39EAFC1-D8CD-49E8-A90F-26945B8EFA95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C890CC92-A44F-455E-8D41-EE3956FB12DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8BD30A2-7DFC-4233-892D-B5609C3F443E}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD2C3BD6-3B46-4FA9-A026-2E6A751F1AC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA7E9F1D-6E61-434D-B578-C0B25DFEAEF8}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED159205-E0E4-4073-8E6E-465D40F2AD6C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0974A94A-9488-40AE-A642-58F053B74BA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0CBEA380-C55A-4A60-AC77-D9B14005CA84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EC964BB-3659-4AE4-9CDE-1A0931480E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{23DC84F8-72B7-4798-91A1-CE38EFE4208D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28180917-61EF-449E-AB2F-023D8B0EE298}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30403458-9B68-424D-B468-2A3B3DA75A9F}" = protocol=1 | dir=out | [email protected],-28544 |
"{32D499D9-B4A2-41D0-A187-C35A5FC5E25E}" = protocol=6 | dir=out | app=system |
"{3561D65A-7F57-4345-865B-E295B1508441}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{453005F1-BF67-4FEE-A115-1C39189DEA13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B5232D4-A640-4749-8355-5D36383E1EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{562B9BFC-7BCA-4826-AE75-788C72C78F02}" = protocol=1 | dir=in | [email protected],-28543 |
"{654F60A2-2DA0-4AB3-9035-3F3BD27598A2}" = protocol=58 | dir=out | [email protected],-28546 |
"{74B81157-2886-43A7-9014-E5B00ED97A7A}" = protocol=58 | dir=in | [email protected],-28545 |
"{786B3C46-5880-4229-9FC6-14D867582F7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B903C1D-F940-44E7-8DAA-8C318A0B03B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA56CAD9-5666-4620-89C7-1FBCBA216E56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD99D847-5682-481D-AFDA-122752988D2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B543B29B-42F5-4357-B9C3-3F1F0F453D9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C37AFB45-21FF-46AD-BF45-A5F34ED987F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C68FDA98-347E-47F7-B8D1-50041F1718AE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D15A6E61-9FAF-4793-8E6C-F34C89207ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E212C0CD-1FEE-4D0A-8389-B127AE06EE36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6557B76-F066-438C-A5B0-6FD475E101EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD92E1A7-E250-4468-96F8-3E4530229813}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{01D86FE4-9AB6-4FDD-A29D-BB7C91E545FE}C:\program files (x86)\battleping\battleping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battleping\battleping.exe |
"TCP Query User{1E1F97D1-D5FC-4C39-BD24-763E738BBCFD}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{1EC56F8E-7A9D-43D4-87BB-63BED4C6E454}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{2E6E9E88-0211-4E06-877F-C5497006376C}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{4C79F657-00BC-4330-8D2F-BF6EC2D352CD}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{4D27DF8C-0341-48CD-AF9A-842929253EED}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{4F347319-F20F-4F48-B95E-03EB5768DA27}C:\users\nawaf\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\nawaf\appdata\local\temp\gw2.exe |
"TCP Query User{638E84CF-A993-47F4-8828-6D185E2C7629}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"TCP Query User{6CF83C2B-470A-4FB7-8CE1-142472CCFE28}J:\nawaf\tera\tera-launcher.exe" = protocol=6 | dir=in | app=j:\nawaf\tera\tera-launcher.exe |
"TCP Query User{7930B67E-1C6F-4D11-9469-6CB52EDEF34F}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"TCP Query User{950D54C0-8090-4DD0-B01B-A27C2B6E35FB}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{BC822F52-37CD-4D49-A679-DE60E3E6CF0F}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{CAB2DAE3-B711-4709-A7AF-2AAC36A9AAA6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{D20F0DCD-26A8-44B2-A654-0A6E3B5B72B5}C:\users\nawaf\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\nawaf\guild wars 2\gw2.exe |
"TCP Query User{F20AA6ED-7569-4E70-8407-6F1A14EF3DE0}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{FACE7CAD-FC63-46CA-9BA1-0200936093CB}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{FE1F37EC-C866-4242-8B05-98DAC757BB2E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{00380F52-3E0B-4185-A31F-40C98DFAF6C8}C:\program files (x86)\battleping\battleping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battleping\battleping.exe |
"UDP Query User{091F2CBB-5541-4EF2-B89E-84DF8AF8E753}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{27BD4F0A-390E-4F81-935C-EE9ADCB5BED6}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{2A2316E8-8560-47FE-9A1B-6244376710BF}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{301022DD-4AD5-4AE7-A6B3-0EC35B09F771}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"UDP Query User{4140BC3B-C3D6-4156-9EAD-E11885E02122}C:\users\nawaf\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\nawaf\appdata\local\temp\gw2.exe |
"UDP Query User{4A84DE2C-9F30-42BB-81C3-A5415C8A3ADF}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{55091737-8F87-491D-94FD-16F732AA1C0F}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"UDP Query User{5552DE1B-30E5-4C5B-B243-7862BC14C3BA}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{59938451-9FFD-45BD-9317-3779BBDF749F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{59C0EA53-DEB8-416C-9ADA-44C2619BFE0E}C:\users\nawaf\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\nawaf\guild wars 2\gw2.exe |
"UDP Query User{725CCE8E-66EA-46C7-B49C-AB47665E6158}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"UDP Query User{77E0D463-2294-4002-9654-D06599016E03}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{9B4F4F17-98F5-44FE-B518-241F0A384301}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{A8754207-66A2-4DFB-9B1C-7BCB66D6FA7B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{E3D37998-55E3-4D54-9FBF-C2A698A184AC}J:\nawaf\tera\tera-launcher.exe" = protocol=17 | dir=in | app=j:\nawaf\tera\tera-launcher.exe |
"UDP Query User{E5C2D97B-EB31-4692-8400-C379162D9EBB}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.POWERPOINT_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.POWERPOINT_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.17.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"044456F7BA1F8BD283F89F4015EFB51DEA216A39" = Windows Driver Package - SteelSeries (HidUsb) HIDClass (11/19/2010 1.2.4.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link RangeBooster N DWA-140
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BattlePing" = BattlePing 1.3.0.9
"BSPlayerf" = BS.Player FREE
"Cisco Connect" = Cisco Connect
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Device Doctor_is1" = Device Doctor v2.1
"EasyBits Magic Desktop" = Magic Desktop
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.3.5
"Guild Wars 2" = Guild Wars 2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Internet Download Manager" = Internet Download Manager
"LowerPing" = LowerPing 2.6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF Complete" = PDF Complete Special Edition
"PowerISO" = PowerISO
"Rainmeter" = Rainmeter
"RocketDock_is1" = RocketDock 1.3.5
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

< End of report >
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Nothing showing in your logs.
  • 0

#6
phantomsx

phantomsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
well that clears up the possibility of an infection, thank you for your time, this helps alot so the problem is either from the isp,cable etc my bro's laptop might be the problem but cba checking it. however thanks again and have a nice day.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP