Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help, Feed helperbar problem [Solved]


  • This topic is locked This topic is locked

#1
Hadi Swizzbeatz

Hadi Swizzbeatz

    Member

  • Member
  • PipPip
  • 30 posts

Hello, I have a problem with my pc, I recently bought this windows 8 pc and earlier today I let my younger sibling play on it, they downloaded some files for this game, i deleted these files but theres a problem with my pc its considerably slower and the internet has some issues when I open a new tab it gives me feed helper-bar which is defiantly a virus I checked up how to remove this virus but its very hard and is only available for windows 7 ect.. please is there any way you can help.


  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,699 posts
Hello and Welcome on board Hadi Swizzbeatz :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Senior Team of the forum' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. 

 

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.


Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt

  • 0

#3
Hadi Swizzbeatz

Hadi Swizzbeatz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

thank you, im doing what youre telling me to do. just extra details to the extent of this, whenever i open a new tab in google chrome for a brief second i can see in the adress bar feed.helperbar ect,, and then it redirects me to yahoo, how long does the scan normally take.


  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,699 posts
Normally it takes around 15 minutes.
  • 0

#5
Hadi Swizzbeatz

Hadi Swizzbeatz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

it pops up quite alot of ads when on browser too


  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,699 posts
I know. :)
  • 0

#7
Hadi Swizzbeatz

Hadi Swizzbeatz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

scan complete, my notepad opened up, should i copy and paste all of it then send it to you. 


  • 0

#8
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,699 posts
Yes please copy and paste the log into that thread here please.
  • 0

#9
Hadi Swizzbeatz

Hadi Swizzbeatz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

two notepads opened up


  • 0

#10
Hadi Swizzbeatz

Hadi Swizzbeatz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OTL logfile created on: 18/04/2014 19:46:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hadba_000\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.89 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 71.53% Memory free
9.77 Gb Paging File | 7.52 Gb Available in Paging File | 76.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.83 Gb Total Space | 863.46 Gb Free Space | 95.11% Space Free | Partition Type: NTFS
Drive D: | 22.47 Gb Total Space | 2.27 Gb Free Space | 10.10% Space Free | Partition Type: NTFS
Drive F: | 14.95 Gb Total Space | 13.98 Gb Free Space | 93.49% Space Free | Partition Type: FAT32
 
Computer Name: FAYRUZ | User Name: hadba_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/18 19:46:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hadba_000\Downloads\OTL (2).exe
PRC - [2014/04/18 19:14:34 | 000,350,488 | ---- | M] () -- C:\Program Files (x86)\NetTock\bin\utilNetTock.exe
PRC - [2014/04/18 01:41:06 | 000,350,488 | ---- | M] () -- C:\Program Files (x86)\NetTock\updateNetTock.exe
PRC - [2014/04/17 21:28:33 | 000,095,512 | ---- | M] () -- C:\Program Files (x86)\NetTock\bin\NetTock.BrowserAdapter.exe
PRC - [2014/04/15 12:05:16 | 000,355,328 | ---- | M] () -- C:\Users\hadba_000\AppData\Roaming\VOPackage\VOsrv.exe
PRC - [2014/04/10 13:53:26 | 001,171,000 | ---- | M] (Spotify Ltd) -- C:\Users\hadba_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/04/02 02:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/01 08:39:43 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2013/12/25 15:20:30 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/12/25 15:20:26 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013/09/10 17:18:46 | 001,344,312 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2013/09/05 06:44:18 | 000,298,760 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2013/09/05 06:44:16 | 000,077,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2013/08/05 09:51:14 | 001,713,416 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
PRC - [2013/08/05 08:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2013/05/22 10:02:18 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/30 13:25:22 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/01/14 19:29:52 | 000,366,040 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2013/01/14 19:29:52 | 000,279,000 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/01/14 19:29:50 | 000,165,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/01/14 19:29:50 | 000,131,032 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/17 21:28:33 | 000,095,512 | ---- | M] () -- C:\Program Files (x86)\NetTock\bin\NetTock.BrowserAdapter.exe
MOD - [2014/04/17 21:28:31 | 000,179,480 | ---- | M] () -- C:\Program Files (x86)\NetTock\bin\NetTockBAApp.dll
MOD - [2014/04/02 02:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/02 02:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014/04/02 02:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/02 02:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/02 02:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/02 02:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/02 02:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/05 15:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 09:51:27 | 000,806,664 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
MOD - [2013/08/05 09:51:25 | 000,175,880 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
MOD - [2013/08/05 08:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2013/03/06 04:04:53 | 001,321,944 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\Language\Enu\P2GRC.dll
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/17 20:30:57 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/04/17 20:30:57 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/04/17 20:30:57 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/04/17 20:26:33 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/18 16:27:51 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/18 16:27:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/18 16:27:40 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 16:27:40 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 16:27:35 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 16:27:33 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 16:27:32 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 16:27:30 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/18 16:27:30 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/03/18 16:27:30 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/03/18 16:27:28 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 13:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 13:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/05/17 22:53:30 | 000,245,832 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/04/30 13:25:22 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/03/01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/12/10 15:31:44 | 000,803,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2012/12/10 15:31:28 | 000,732,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/04/18 19:14:34 | 000,350,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NetTock\bin\utilNetTock.exe -- (Util NetTock)
SRV - [2014/04/18 01:41:06 | 000,350,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NetTock\updateNetTock.exe -- (Update NetTock)
SRV - [2014/04/17 20:26:35 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/04/17 20:26:33 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/04/17 20:26:32 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2014/04/15 12:05:16 | 000,355,328 | ---- | M] () [Auto | Running] -- C:\Users\hadba_000\AppData\Roaming\VOPackage\VOsrv.exe -- (vosr)
SRV - [2014/03/25 08:55:14 | 000,036,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\LPT\srpts.exe -- (LPTSystemUpdater)
SRV - [2014/03/18 16:27:21 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/03/14 15:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/01/25 02:22:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/25 15:20:26 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/05 06:44:18 | 000,298,760 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2013/09/05 06:44:16 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/01/14 19:29:52 | 000,366,040 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2013/01/14 19:29:52 | 000,279,000 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/01/14 19:29:50 | 000,165,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/01/14 19:29:50 | 000,131,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/18 19:44:52 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLibG64.sys -- (wStLibG64)
DRV:64bit: - [2014/04/17 20:30:57 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/04/17 20:30:57 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/04/17 20:30:57 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/04/17 20:30:57 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/04/03 15:28:07 | 002,982,104 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2014/04/01 08:28:50 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/18 16:27:56 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/18 16:27:34 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 16:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 16:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/18 16:27:20 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 16:27:19 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/03/18 16:27:19 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/03/18 16:27:19 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 16:27:18 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/03/18 16:27:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 16:27:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 16:27:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 16:27:18 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/03/18 16:27:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 16:10:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/03/18 16:10:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/01/25 02:22:44 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/12/27 00:30:20 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/12/27 00:30:20 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 13:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 13:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 13:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 12:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/05/23 06:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/22 16:58:50 | 000,452,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/05/21 06:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 06:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/30 21:25:00 | 000,677,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/04/25 01:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/24 10:16:22 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/04/24 10:16:20 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/04/24 10:16:18 | 000,029,424 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/04/16 03:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/04/10 20:09:50 | 000,801,864 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/03/05 12:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/05 07:22:20 | 000,041,408 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2013/03/05 02:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/05 02:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/03/01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2013/03/01 16:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/11/15 19:45:14 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/08/31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/13 03:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV - [2014/03/31 16:28:46 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140417.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/31 10:09:30 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140418.004\ex64.sys -- (NAVEX15)
DRV - [2014/03/31 10:09:30 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/03/31 10:09:30 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/03/31 10:09:30 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140418.004\eng64.sys -- (NAVENG)
DRV - [2014/03/19 01:34:28 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperba...MFPpD7bkLWwOTv4,
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/hadba_000/AppData/Local/LPT/NewConfig.txt
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\hadba_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\hadba_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\hadba_000\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hadba_000\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hadba_000\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\hadba_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2014/04/18 18:57:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014/04/01 08:30:07 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: TV = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Rush Team = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb\1.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.8.1_0\
CHR - Extension: Plants vs Zombies = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Need for Speed World = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\
CHR - Extension: Google Wallet = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\hadba_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (NetTock) - {3cfaf932-a9cb-4e59-99a0-fe04e9df9328} - C:\Program Files (x86)\NetTock\NetTockBHO.dll (NetTock)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\hadba_000\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKCU..\Run: [Facebook Update] C:\Users\hadba_000\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Power2GoExpress8] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Spotify] C:\Users\hadba_000\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\hadba_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [ASYNCMAC] rundll32.exe streamci,StreamingDeviceSetup {eeab7790-c514-11d1-b42b-00805fc1270e},asyncmac,{ad498944-762f-11d0-8dcb-00c04fc3358c},C:\WINDOWS\INF\netrasa.inf,Ndi-Mp-AsyncMac File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D60446F-45C4-443E-A5C0-9E78816C8BD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DABE11F-AC01-4A7B-8E91-94E74F1756A8}: DhcpNameServer = 40.22.1.201 40.22.1.203
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/18 19:44:52 | 000,061,112 | ---- | C] (StdLib) -- C:\WINDOWS\SysNative\drivers\wStLibG64.sys
[2014/04/18 19:30:32 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\MyTurboPC.com
[2014/04/18 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
[2014/04/18 19:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MyTurboPC.com
[2014/04/18 19:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2014/04/18 19:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTurboPC.com
[2014/04/18 18:48:18 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\SparkTrust
[2014/04/18 18:48:18 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\DriverCure
[2014/04/18 18:48:13 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
[2014/04/18 18:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/04/18 18:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2014/04/18 18:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SparkTrust
[2014/04/18 18:36:50 | 000,000,000 | -HSD | C] -- C:\Users\hadba_000\AppData\Local\EmieUserList
[2014/04/18 18:36:50 | 000,000,000 | -HSD | C] -- C:\Users\hadba_000\AppData\Local\EmieSiteList
[2014/04/18 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\flightgear.org
[2014/04/18 18:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlightGear 2.4.0
[2014/04/18 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlightGear 2.4.0
[2014/04/18 18:08:25 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[2014/04/18 18:08:22 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/04/18 18:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/04/18 18:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx
[2014/04/18 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\VOPackage
[2014/04/18 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/04/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetTock
[2014/04/18 18:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LPT
[2014/04/18 18:06:00 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\LPT
[2014/04/18 18:05:57 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Smartbar
[2014/04/17 20:32:52 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/04/17 20:32:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/04/17 20:31:54 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/04/17 20:31:36 | 001,705,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2014/04/17 20:31:36 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2014/04/17 20:31:36 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2014/04/17 20:31:36 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014/04/17 20:30:57 | 016,875,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/04/17 20:30:57 | 013,286,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/04/17 20:30:57 | 012,732,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/04/17 20:30:57 | 011,791,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/04/17 20:30:57 | 008,653,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014/04/17 20:30:57 | 007,425,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014/04/17 20:30:57 | 006,641,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2014/04/17 20:30:57 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014/04/17 20:30:57 | 005,770,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2014/04/17 20:30:57 | 004,268,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/04/17 20:30:57 | 002,900,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2014/04/17 20:30:57 | 002,641,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/04/17 20:30:57 | 002,373,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2014/04/17 20:30:57 | 002,317,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/04/17 20:30:57 | 002,270,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2014/04/17 20:30:57 | 002,141,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2014/04/17 20:30:57 | 002,133,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2014/04/17 20:30:57 | 002,088,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2014/04/17 20:30:57 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2014/04/17 20:30:57 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2014/04/17 20:30:57 | 001,779,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2014/04/17 20:30:57 | 001,764,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2014/04/17 20:30:57 | 001,656,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2014/04/17 20:30:57 | 001,542,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2014/04/17 20:30:57 | 001,466,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014/04/17 20:30:57 | 001,411,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014/04/17 20:30:57 | 001,351,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2014/04/17 20:30:57 | 001,339,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2014/04/17 20:30:57 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2014/04/17 20:30:57 | 001,291,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2014/04/17 20:30:57 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2014/04/17 20:30:57 | 001,129,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014/04/17 20:30:57 | 001,112,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/04/17 20:30:57 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdvidcrl.dll
[2014/04/17 20:30:57 | 001,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2014/04/17 20:30:57 | 001,023,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2014/04/17 20:30:57 | 001,015,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aclui.dll
[2014/04/17 20:30:57 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2014/04/17 20:30:57 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2014/04/17 20:30:57 | 000,924,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2014/04/17 20:30:57 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/04/17 20:30:57 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2014/04/17 20:30:57 | 000,887,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aclui.dll
[2014/04/17 20:30:57 | 000,872,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/04/17 20:30:57 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdvidcrl.dll
[2014/04/17 20:30:57 | 000,834,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netlogon.dll
[2014/04/17 20:30:57 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2014/04/17 20:30:57 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2014/04/17 20:30:57 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2014/04/17 20:30:57 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adtschema.dll
[2014/04/17 20:30:57 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adtschema.dll
[2014/04/17 20:30:57 | 000,721,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/04/17 20:30:57 | 000,717,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll
[2014/04/17 20:30:57 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasapi32.dll
[2014/04/17 20:30:57 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2014/04/17 20:30:57 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014/04/17 20:30:57 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2014/04/17 20:30:57 | 000,567,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll
[2014/04/17 20:30:57 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.dll
[2014/04/17 20:30:57 | 000,518,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2014/04/17 20:30:57 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidprov.dll
[2014/04/17 20:30:57 | 000,492,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2014/04/17 20:30:57 | 000,488,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2014/04/17 20:30:57 | 000,467,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2014/04/17 20:30:57 | 000,467,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2014/04/17 20:30:57 | 000,463,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2014/04/17 20:30:57 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlangpui.dll
[2014/04/17 20:30:57 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlansec.dll
[2014/04/17 20:30:57 | 000,428,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2014/04/17 20:30:57 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\clusapi.dll
[2014/04/17 20:30:57 | 000,412,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL
[2014/04/17 20:30:57 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.dll
[2014/04/17 20:30:57 | 000,390,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2014/04/17 20:30:57 | 000,388,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2014/04/17 20:30:57 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlangpui.dll
[2014/04/17 20:30:57 | 000,379,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014/04/17 20:30:57 | 000,376,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\clfs.sys
[2014/04/17 20:30:57 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanmsm.dll
[2014/04/17 20:30:57 | 000,364,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AUDIOKSE.dll
[2014/04/17 20:30:57 | 000,360,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfreadwrite.dll
[2014/04/17 20:30:57 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidprov.dll
[2014/04/17 20:30:57 | 000,356,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2014/04/17 20:30:57 | 000,355,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfreadwrite.dll
[2014/04/17 20:30:57 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Classpnp.sys
[2014/04/17 20:30:57 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDEServer.exe
[2014/04/17 20:30:57 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationApi.dll
[2014/04/17 20:30:57 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clusapi.dll
[2014/04/17 20:30:57 | 000,305,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AUDIOKSE.dll
[2014/04/17 20:30:57 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanmsm.dll
[2014/04/17 20:30:57 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pdh.dll
[2014/04/17 20:30:57 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDMon.dll
[2014/04/17 20:30:57 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanapi.dll
[2014/04/17 20:30:57 | 000,291,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2014/04/17 20:30:57 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WsmWmiPl.dll
[2014/04/17 20:30:57 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spp.dll
[2014/04/17 20:30:57 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
[2014/04/17 20:30:57 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LocationApi.dll
[2014/04/17 20:30:57 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pdh.dll
[2014/04/17 20:30:57 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2014/04/17 20:30:57 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsApi.dll
[2014/04/17 20:30:57 | 000,244,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe
[2014/04/17 20:30:57 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanapi.dll
[2014/04/17 20:30:57 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2014/04/17 20:30:57 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2014/04/17 20:30:57 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll
[2014/04/17 20:30:57 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReInfo.dll
[2014/04/17 20:30:57 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2014/04/17 20:30:57 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2014/04/17 20:30:57 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Scanners.dll
[2014/04/17 20:30:57 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWfdProvider.dll
[2014/04/17 20:30:57 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReInfo.dll
[2014/04/17 20:30:57 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SensorsApi.dll
[2014/04/17 20:30:57 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2014/04/17 20:30:57 | 000,157,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wof.sys
[2014/04/17 20:30:57 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Scanners.dll
[2014/04/17 20:30:57 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2014/04/17 20:30:57 | 000,136,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2014/04/17 20:30:57 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevPropMgr.dll
[2014/04/17 20:30:57 | 000,113,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2014/04/17 20:30:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2014/04/17 20:30:57 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvinst.exe
[2014/04/17 20:30:57 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\davclnt.dll
[2014/04/17 20:30:57 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvinst.exe
[2014/04/17 20:30:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RMapi.dll
[2014/04/17 20:30:57 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sxproxy.dll
[2014/04/17 20:30:57 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\w32tm.exe
[2014/04/17 20:30:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\w32tm.exe
[2014/04/17 20:30:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\l2gpstore.dll
[2014/04/17 20:30:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsgqec.dll
[2014/04/17 20:30:57 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\l2gpstore.dll
[2014/04/17 20:30:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvcfg.exe
[2014/04/17 20:30:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsgqec.dll
[2014/04/17 20:30:57 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Shell.Search.UriHandler.dll
[2014/04/17 20:30:57 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SetNetworkLocation.dll
[2014/04/17 20:30:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
[2014/04/17 20:30:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sxproxy.dll
[2014/04/17 20:30:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2014/04/17 20:30:57 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2014/04/17 20:30:57 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanhlp.dll
[2014/04/17 20:30:57 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanhlp.dll
[2014/04/17 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/04/17 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014/04/17 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/04/17 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2014/04/17 20:26:39 | 000,000,000 | ---D | C] -- C:\inetpub
[2014/04/17 20:26:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisRtl.dll
[2014/04/17 20:26:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ahadmin.dll
[2014/04/17 20:26:35 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\admwprox.dll
[2014/04/17 20:26:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisreset.exe
[2014/04/17 20:26:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wamregps.dll
[2014/04/17 20:26:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisrstap.dll
[2014/04/17 20:26:34 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisRtl.dll
[2014/04/17 20:26:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\admwprox.dll
[2014/04/17 20:26:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ahadmin.dll
[2014/04/17 20:26:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisreset.exe
[2014/04/17 20:26:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wamregps.dll
[2014/04/17 20:26:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisrstap.dll
[2014/04/17 20:26:01 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2014/04/17 20:26:01 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/04/17 20:26:01 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2014/04/17 20:26:00 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2014/04/17 20:25:59 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/04/17 20:25:58 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2014/04/17 20:13:40 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\OneDrive
[2014/04/17 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Identities
[2014/04/17 19:43:30 | 000,000,000 | --SD | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft
[2014/04/17 19:43:30 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/04/17 19:43:30 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Favorites
[2014/04/17 19:43:30 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Desktop
[2014/04/17 19:43:30 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/04/17 19:43:30 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/04/17 19:43:30 | 000,000,000 | -H-D | C] -- C:\Users\hadba_000\AppData
[2014/04/17 19:43:30 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Temp
[2014/04/17 19:43:30 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Microsoft
[2014/04/17 19:43:30 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/04/17 19:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SRSLabs
[2014/04/17 19:35:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2014/04/17 19:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/04/17 19:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/04/17 19:35:42 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.DLL
[2014/04/17 19:35:42 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.DLL
[2014/04/17 19:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/04/17 19:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/04/17 19:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2014/04/17 19:34:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/04/10 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/04/06 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Unity
[2014/04/06 11:39:36 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Unity
[2014/04/03 17:14:20 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\CyberLink
[2014/04/03 16:43:45 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Mozilla
[2014/04/03 16:29:13 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Downloaded Installations
[2014/04/03 16:27:33 | 000,091,712 | ---- | C] (CyberLink) -- C:\WINDOWS\SysNative\drivers\CLVirtualDrive.sys
[2014/04/03 16:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2014/04/03 15:46:45 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\MediaServer
[2014/04/03 15:39:20 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysWow64\rars.rs
[2014/04/03 15:39:20 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysNative\rars.rs
[2014/04/03 15:29:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2014/04/03 15:28:39 | 002,982,104 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\SysNative\drivers\rtwlane.sys
[2014/04/02 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/04/02 19:48:13 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Apple Computer
[2014/04/02 19:48:12 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Apple Computer
[2014/04/02 19:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/04/02 19:47:42 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys
[2014/04/02 19:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/04/02 19:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/04/02 19:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/04/02 19:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/04/02 19:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/04/02 19:46:08 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Apple
[2014/04/02 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/04/02 19:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/04/02 19:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/04/02 19:23:35 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Facebook
[2014/04/02 17:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
[2014/04/01 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Macromedia
[2014/04/01 18:03:03 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/04/01 10:53:05 | 000,000,000 | ---D | C] -- C:\MediaServer
[2014/04/01 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\HP Quick Start
[2014/04/01 08:54:02 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\hpqlog
[2014/03/31 21:02:16 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\Documents\Custom Office Templates
[2014/03/31 20:41:07 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Power2Go8
[2014/03/31 16:54:00 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\SkyDrive
[2014/03/31 16:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/03/31 16:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/03/31 16:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/03/31 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Spotify
[2014/03/31 16:46:04 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Spotify
[2014/03/31 16:38:51 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Hewlett-Packard
[2014/03/31 16:35:49 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Google
[2014/03/31 16:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/03/31 16:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/03/31 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\Documents\Youcam
[2014/03/31 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\CyberLink
[2014/03/31 16:21:53 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/31 16:21:53 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Searches
[2014/03/31 16:21:53 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/03/31 16:21:19 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Contacts
[2014/03/31 16:21:10 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Adobe
[2014/03/31 16:21:00 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Hewlett-Packard
[2014/03/31 16:20:34 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Roaming\Synaptics
[2014/03/31 16:20:31 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\VirtualStore
[2014/03/31 16:20:31 | 000,000,000 | ---D | C] -- C:\Users\hadba_000\AppData\Local\Packages
[2014/03/31 16:20:28 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Videos
[2014/03/31 16:20:28 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Saved Games
[2014/03/31 16:20:28 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Pictures
[2014/03/31 16:20:28 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Music
[2014/03/31 16:20:28 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Links
[2014/03/31 16:20:28 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Downloads
[2014/03/31 16:20:28 | 000,000,000 | R--D | C] -- C:\Users\hadba_000\Documents
[2014/03/31 16:20:28 | 000,000,000 | -H-D | C] -- C:\Users\hadba_000\Documents\hp.system.package.metadata
[2014/03/31 16:20:28 | 000,000,000 | -H-D | C] -- C:\Users\hadba_000\Documents\hp.applications.package.appdata
[2014/03/31 16:14:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2014/03/31 16:12:10 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2014/03/31 16:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[1 C:\Users\hadba_000\AppData\Local\*.tmp files -> C:\Users\hadba_000\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/18 19:48:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2053180383-656289639-199442398-1004UA.job
[2014/04/18 19:44:52 | 000,061,112 | ---- | M] (StdLib) -- C:\WINDOWS\SysNative\drivers\wStLibG64.sys
[2014/04/18 19:44:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/18 19:30:35 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\MyTurboPC.com Registration3.job
[2014/04/18 19:30:24 | 000,001,183 | ---- | M] () -- C:\Users\hadba_000\Desktop\MyTurboPC.lnk
[2014/04/18 19:30:24 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\MyTurboPC.com Update3.job
[2014/04/18 19:30:23 | 000,000,573 | ---- | M] () -- C:\WINDOWS\tasks\MyTurboPC_sch_803B502D-C727-11E3-BE80-A0D3C15B52EF.job
[2014/04/18 19:28:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2053180383-656289639-199442398-1004UA.job
[2014/04/18 19:28:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2053180383-656289639-199442398-1004Core.job
[2014/04/18 19:25:58 | 000,001,149 | ---- | M] () -- C:\Users\hadba_000\Desktop\Continue VuuPC Installation.lnk
[2014/04/18 19:10:26 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForhadba_000.job
[2014/04/18 19:09:38 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/18 18:59:45 | 000,958,292 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/04/18 18:59:45 | 000,801,446 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/04/18 18:59:45 | 000,165,972 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/04/18 18:57:33 | 004,812,078 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2014/04/18 18:57:02 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/18 18:54:22 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/18 18:53:40 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/04/18 18:53:38 | 2486,611,967 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/18 18:52:29 | 000,000,667 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust PC Cleaner Plus_sch_9BA3A07C-C721-11E3-8250-A0D3C15B52EF.job
[2014/04/18 18:52:29 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
[2014/04/18 18:52:29 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust Update Version3.job
[2014/04/18 18:52:28 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP3.job
[2014/04/18 18:52:28 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP2.job
[2014/04/18 18:29:13 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP1.job
[2014/04/18 18:09:21 | 000,001,156 | ---- | M] () -- C:\Users\hadba_000\AppData\Roaming\aps.scan.quick.results
[2014/04/18 18:09:21 | 000,000,318 | ---- | M] () -- C:\Users\hadba_000\AppData\Roaming\aps.uninstall.scan.results
[2014/04/18 18:08:49 | 000,000,000 | ---- | M] () -- C:\Users\hadba_000\AppData\Roaming\aps.scan.results
[2014/04/18 18:08:22 | 000,001,116 | ---- | M] () -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/04/18 16:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2053180383-656289639-199442398-1004Core.job
[2014/04/17 20:31:36 | 001,705,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2014/04/17 20:31:36 | 000,381,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2014/04/17 20:31:36 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2014/04/17 20:31:36 | 000,054,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014/04/17 20:30:57 | 016,875,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/04/17 20:30:57 | 013,286,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/04/17 20:30:57 | 012,732,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/04/17 20:30:57 | 011,791,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/04/17 20:30:57 | 008,653,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014/04/17 20:30:57 | 007,425,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014/04/17 20:30:57 | 006,641,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2014/04/17 20:30:57 | 005,833,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014/04/17 20:30:57 | 005,770,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2014/04/17 20:30:57 | 004,268,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/04/17 20:30:57 | 002,900,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2014/04/17 20:30:57 | 002,641,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/04/17 20:30:57 | 002,373,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2014/04/17 20:30:57 | 002,317,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/04/17 20:30:57 | 002,270,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2014/04/17 20:30:57 | 002,141,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2014/04/17 20:30:57 | 002,133,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2014/04/17 20:30:57 | 002,088,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2014/04/17 20:30:57 | 001,843,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2014/04/17 20:30:57 | 001,816,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2014/04/17 20:30:57 | 001,779,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2014/04/17 20:30:57 | 001,764,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2014/04/17 20:30:57 | 001,656,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2014/04/17 20:30:57 | 001,542,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2014/04/17 20:30:57 | 001,466,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014/04/17 20:30:57 | 001,411,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014/04/17 20:30:57 | 001,351,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2014/04/17 20:30:57 | 001,339,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2014/04/17 20:30:57 | 001,306,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2014/04/17 20:30:57 | 001,291,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2014/04/17 20:30:57 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2014/04/17 20:30:57 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014/04/17 20:30:57 | 001,112,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/04/17 20:30:57 | 001,057,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdvidcrl.dll
[2014/04/17 20:30:57 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2014/04/17 20:30:57 | 001,023,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2014/04/17 20:30:57 | 001,015,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aclui.dll
[2014/04/17 20:30:57 | 000,958,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2014/04/17 20:30:57 | 000,950,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2014/04/17 20:30:57 | 000,924,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2014/04/17 20:30:57 | 000,918,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/04/17 20:30:57 | 000,888,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2014/04/17 20:30:57 | 000,887,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aclui.dll
[2014/04/17 20:30:57 | 000,872,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/04/17 20:30:57 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdvidcrl.dll
[2014/04/17 20:30:57 | 000,834,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netlogon.dll
[2014/04/17 20:30:57 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2014/04/17 20:30:57 | 000,801,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2014/04/17 20:30:57 | 000,800,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2014/04/17 20:30:57 | 000,731,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adtschema.dll
[2014/04/17 20:30:57 | 000,731,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adtschema.dll
[2014/04/17 20:30:57 | 000,721,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/04/17 20:30:57 | 000,717,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll
[2014/04/17 20:30:57 | 000,669,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasapi32.dll
[2014/04/17 20:30:57 | 000,655,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2014/04/17 20:30:57 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014/04/17 20:30:57 | 000,621,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2014/04/17 20:30:57 | 000,567,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll
[2014/04/17 20:30:57 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.dll
[2014/04/17 20:30:57 | 000,518,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2014/04/17 20:30:57 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidprov.dll
[2014/04/17 20:30:57 | 000,492,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2014/04/17 20:30:57 | 000,488,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2014/04/17 20:30:57 | 000,467,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2014/04/17 20:30:57 | 000,467,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2014/04/17 20:30:57 | 000,463,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2014/04/17 20:30:57 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlangpui.dll
[2014/04/17 20:30:57 | 000,443,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlansec.dll
[2014/04/17 20:30:57 | 000,428,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2014/04/17 20:30:57 | 000,425,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\clusapi.dll
[2014/04/17 20:30:57 | 000,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL
[2014/04/17 20:30:57 | 000,402,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.dll
[2014/04/17 20:30:57 | 000,390,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2014/04/17 20:30:57 | 000,388,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2014/04/17 20:30:57 | 000,387,210 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/04/17 20:30:57 | 000,386,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlangpui.dll
[2014/04/17 20:30:57 | 000,379,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014/04/17 20:30:57 | 000,376,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\clfs.sys
[2014/04/17 20:30:57 | 000,370,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanmsm.dll
[2014/04/17 20:30:57 | 000,364,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AUDIOKSE.dll
[2014/04/17 20:30:57 | 000,360,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfreadwrite.dll
[2014/04/17 20:30:57 | 000,356,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidprov.dll
[2014/04/17 20:30:57 | 000,356,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2014/04/17 20:30:57 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfreadwrite.dll
[2014/04/17 20:30:57 | 000,337,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Classpnp.sys
[2014/04/17 20:30:57 | 000,334,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDEServer.exe
[2014/04/17 20:30:57 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationApi.dll
[2014/04/17 20:30:57 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clusapi.dll
[2014/04/17 20:30:57 | 000,305,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AUDIOKSE.dll
[2014/04/17 20:30:57 | 000,300,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanmsm.dll
[2014/04/17 20:30:57 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pdh.dll
[2014/04/17 20:30:57 | 000,298,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDMon.dll
[2014/04/17 20:30:57 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanapi.dll
[2014/04/17 20:30:57 | 000,291,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2014/04/17 20:30:57 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WsmWmiPl.dll
[2014/04/17 20:30:57 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spp.dll
[2014/04/17 20:30:57 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
[2014/04/17 20:30:57 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LocationApi.dll
[2014/04/17 20:30:57 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pdh.dll
[2014/04/17 20:30:57 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2014/04/17 20:30:57 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsApi.dll
[2014/04/17 20:30:57 | 000,244,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe
[2014/04/17 20:30:57 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanapi.dll
[2014/04/17 20:30:57 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2014/04/17 20:30:57 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2014/04/17 20:30:57 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll
[2014/04/17 20:30:57 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReInfo.dll
[2014/04/17 20:30:57 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2014/04/17 20:30:57 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2014/04/17 20:30:57 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Scanners.dll
[2014/04/17 20:30:57 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWfdProvider.dll
[2014/04/17 20:30:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReInfo.dll
[2014/04/17 20:30:57 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SensorsApi.dll
[2014/04/17 20:30:57 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2014/04/17 20:30:57 | 000,157,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wof.sys
[2014/04/17 20:30:57 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Scanners.dll
[2014/04/17 20:30:57 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2014/04/17 20:30:57 | 000,136,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2014/04/17 20:30:57 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevPropMgr.dll
[2014/04/17 20:30:57 | 000,113,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2014/04/17 20:30:57 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2014/04/17 20:30:57 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvinst.exe
[2014/04/17 20:30:57 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\davclnt.dll
[2014/04/17 20:30:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvinst.exe
[2014/04/17 20:30:57 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RMapi.dll
[2014/04/17 20:30:57 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sxproxy.dll
[2014/04/17 20:30:57 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\w32tm.exe
[2014/04/17 20:30:57 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\w32tm.exe
[2014/04/17 20:30:57 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\l2gpstore.dll
[2014/04/17 20:30:57 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsgqec.dll
[2014/04/17 20:30:57 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\l2gpstore.dll
[2014/04/17 20:30:57 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvcfg.exe
[2014/04/17 20:30:57 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsgqec.dll
[2014/04/17 20:30:57 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UMDF\HidBthLE.dll
[2014/04/17 20:30:57 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Shell.Search.UriHandler.dll
[2014/04/17 20:30:57 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SetNetworkLocation.dll
[2014/04/17 20:30:57 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
[2014/04/17 20:30:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sxproxy.dll
[2014/04/17 20:30:57 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2014/04/17 20:30:57 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2014/04/17 20:30:57 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanhlp.dll
[2014/04/17 20:30:57 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanhlp.dll
[2014/04/17 20:26:35 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisRtl.dll
[2014/04/17 20:26:35 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ahadmin.dll
[2014/04/17 20:26:35 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\admwprox.dll
[2014/04/17 20:26:35 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisreset.exe
[2014/04/17 20:26:35 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wamregps.dll
[2014/04/17 20:26:35 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisrstap.dll
[2014/04/17 20:26:34 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisRtl.dll
[2014/04/17 20:26:34 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\admwprox.dll
[2014/04/17 20:26:34 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ahadmin.dll
[2014/04/17 20:26:34 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisreset.exe
[2014/04/17 20:26:34 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wamregps.dll
[2014/04/17 20:26:34 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisrstap.dll
[2014/04/17 20:12:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForsuzan.job
[2014/04/17 19:57:57 | 000,028,578 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014/04/17 19:57:57 | 000,028,578 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014/04/17 19:57:40 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/04/17 19:56:17 | 000,964,970 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/04/17 19:52:02 | 000,484,248 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/04/17 19:35:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/04/17 19:35:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014/04/17 19:35:09 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/04/17 19:35:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/04/10 14:01:50 | 000,002,224 | ---- | M] () -- C:\Users\hadba_000\Desktop\HP Support Assistant.lnk
[2014/04/03 15:28:07 | 002,982,104 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\SysNative\drivers\rtwlane.sys
[2014/04/03 15:23:18 | 000,002,508 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/04/02 19:48:10 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/01 08:28:50 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2014/04/01 08:28:50 | 000,007,631 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2014/04/01 08:28:50 | 000,000,854 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2014/03/31 16:46:47 | 000,001,831 | ---- | M] () -- C:\Users\hadba_000\Desktop\Spotify.lnk
[2014/03/31 16:44:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/03/31 16:14:48 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\HP Games.lnk
[2014/03/27 09:26:27 | 000,030,711 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\VT20140327.005
[1 C:\Users\hadba_000\AppData\Local\*.tmp files -> C:\Users\hadba_000\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/18 19:30:35 | 000,000,498 | ---- | C] () -- C:\WINDOWS\tasks\MyTurboPC.com Registration3.job
[2014/04/18 19:30:24 | 000,001,183 | ---- | C] () -- C:\Users\hadba_000\Desktop\MyTurboPC.lnk
[2014/04/18 19:30:23 | 000,000,573 | ---- | C] () -- C:\WINDOWS\tasks\MyTurboPC_sch_803B502D-C727-11E3-BE80-A0D3C15B52EF.job
[2014/04/18 19:30:23 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\MyTurboPC.com Update3.job
[2014/04/18 19:25:58 | 000,001,149 | ---- | C] () -- C:\Users\hadba_000\Desktop\Continue VuuPC Installation.lnk
[2014/04/18 18:48:22 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
[2014/04/18 18:48:12 | 000,000,667 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust PC Cleaner Plus_sch_9BA3A07C-C721-11E3-8250-A0D3C15B52EF.job
[2014/04/18 18:48:12 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust Update Version3.job
[2014/04/18 18:09:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierPP3.job
[2014/04/18 18:09:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierPP1.job
[2014/04/18 18:09:21 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierPP2.job
[2014/04/18 18:08:49 | 000,001,156 | ---- | C] () -- C:\Users\hadba_000\AppData\Roaming\aps.scan.quick.results
[2014/04/18 18:08:49 | 000,000,318 | ---- | C] () -- C:\Users\hadba_000\AppData\Roaming\aps.uninstall.scan.results
[2014/04/18 18:08:49 | 000,000,000 | ---- | C] () -- C:\Users\hadba_000\AppData\Roaming\aps.scan.results
[2014/04/18 18:08:22 | 000,001,116 | ---- | C] () -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/04/18 18:06:30 | 000,002,327 | ---- | C] () -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/04/17 20:30:57 | 000,387,210 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/04/17 20:10:40 | 000,001,449 | ---- | C] () -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/04/17 19:57:40 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/04/17 19:49:24 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/04/17 19:43:30 | 000,000,369 | ---- | C] () -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014/04/17 19:43:30 | 000,000,369 | ---- | C] () -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014/04/17 19:43:18 | 000,028,578 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014/04/17 19:43:18 | 000,028,578 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2014/04/17 19:39:30 | 000,964,970 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/04/17 19:35:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/04/17 19:35:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014/04/17 19:35:09 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/04/17 19:35:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/04/10 14:01:49 | 000,002,224 | ---- | C] () -- C:\Users\hadba_000\Desktop\HP Support Assistant.lnk
[2014/04/03 16:43:39 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2053180383-656289639-199442398-1004UA.job
[2014/04/03 16:43:38 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2053180383-656289639-199442398-1004Core.job
[2014/04/03 16:15:24 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForhadba_000.job
[2014/04/02 19:48:10 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/02 19:46:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/04/02 19:23:40 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2053180383-656289639-199442398-1004UA.job
[2014/04/02 19:23:40 | 000,000,936 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2053180383-656289639-199442398-1004Core.job
[2014/04/01 19:50:04 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForsuzan.job
[2014/03/31 16:46:47 | 000,001,831 | ---- | C] () -- C:\Users\hadba_000\Desktop\Spotify.lnk
[2014/03/31 16:46:47 | 000,001,817 | ---- | C] () -- C:\Users\hadba_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014/03/31 16:44:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/03/31 16:35:10 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/31 16:34:36 | 000,000,910 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/31 16:34:34 | 000,000,906 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/31 16:14:48 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2014/03/31 16:14:31 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Visit eBay.co.uk.lnk
[2014/03/31 16:14:30 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos.lnk
[2014/03/18 16:27:42 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 16:27:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/01/25 02:22:44 | 000,299,520 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2014/01/25 02:22:38 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/25 02:22:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/11/19 11:34:27 | 000,451,072 | ---- | C] () -- C:\WINDOWS\SysWow64\ISSRemoveSP.exe
[2013/08/22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/12/10 15:12:50 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
[2012/07/25 21:22:56 | 000,733,840 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng700.bin
[2012/07/25 21:22:56 | 000,492,340 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng700.bin
[2012/07/25 21:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 21:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 21:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2014/04/17 20:15:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/04/17 20:30:57 | 021,232,792 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/04/17 20:30:57 | 018,679,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/18 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\hadba_000\AppData\Roaming\DriverCure
[2014/04/18 18:15:00 | 000,000,000 | ---D | M] -- C:\Users\hadba_000\AppData\Roaming\flightgear.org
[2014/04/18 19:30:32 | 000,000,000 | ---D | M] -- C:\Users\hadba_000\AppData\Roaming\MyTurboPC.com
[2014/04/18 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\hadba_000\AppData\Roaming\SparkTrust
[2014/04/18 19:46:26 | 000,000,000 | ---D | M] -- C:\Users\hadba_000\AppData\Roaming\Spotify
[2014/03/31 16:20:34 | 000,000,000 | ---D | M] -- C:\Users\hadba_000\AppData\Roaming\Synaptics
[2014/04/06 11:40:34 | 000,000,000 | ---D | M] -- C:\Users\hadba_000\AppData\Roaming\Unity
[2014/04/18 18:07:44 | 000,000,000 | ---D | M] -- C:\Users\hadba_000\AppData\Roaming\VOPackage
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2014/03/18 16:27:30 | 000,208,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2014/03/18 16:27:33 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2013/08/22 10:53:13 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2013/08/22 11:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2014/04/17 20:30:57 | 000,827,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/08/22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2013/08/22 03:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 10:40:30 | 000,468,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2013/08/22 03:38:29 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2013/08/22 11:00:58 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/22 11:01:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2014/03/18 16:27:20 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2014/03/18 16:27:20 | 000,353,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/03/18 16:27:48 | 000,285,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2014/04/17 20:30:57 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2013/08/22 10:44:18 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2013/08/22 12:34:06 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2013/08/22 05:05:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2014/03/18 16:27:35 | 000,433,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2013/08/22 10:35:27 | 000,403,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2014/03/18 16:27:29 | 000,718,336 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2013/08/22 10:54:27 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2013/08/22 10:05:22 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/08/22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 10:35:48 | 000,387,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2013/08/22 14:25:35 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2014/04/17 20:30:57 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2013/08/22 10:10:12 | 000,798,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2013/08/22 12:22:30 | 000,101,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2014/03/18 16:27:35 | 000,534,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2014/03/18 16:27:20 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2013/08/22 12:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/08/22 14:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2014/03/18 16:27:25 | 000,134,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2013/08/22 10:48:09 | 000,324,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2013/08/22 10:24:27 | 000,629,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2013/08/22 03:27:04 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2014/03/18 16:27:26 | 001,214,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2013/08/22 11:55:30 | 000,306,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2013/08/22 04:33:38 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2013/08/22 11:00:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2014/04/17 20:30:57 | 000,220,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2014/03/18 16:27:29 | 001,436,160 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2014/04/17 20:30:57 | 000,834,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2014/04/17 20:30:57 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:64bit: - [2013/08/22 13:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 10:44:27 | 001,669,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013/08/22 10:23:55 | 000,878,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2013/08/22 11:39:20 | 000,634,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2013/08/22 12:23:10 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2013/08/22 04:56:51 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2013/08/22 10:48:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/04/17 20:31:36 | 003,408,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2013/08/22 11:30:45 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2014/04/17 20:30:57 | 001,527,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2013/08/22 10:54:22 | 000,284,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2014/04/17 20:30:57 | 002,088,160 | ---- | M] (Microsoft Corporation) MD5=119E091B5386379BC5AA598BE9440C75 -- C:\Windows\SysWOW64\explorer.exe
[2014/04/17 20:30:57 | 002,088,160 | ---- | M] (Microsoft Corporation) MD5=119E091B5386379BC5AA598BE9440C75 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe
[2014/03/18 16:27:40 | 002,373,784 | ---- | M] (Microsoft Corporation) MD5=4CE0C733CDCF1D2F78532BBD9CE3441D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe
[2014/04/17 20:30:57 | 002,373,784 | ---- | M] (Microsoft Corporation) MD5=81394C91B7B5A7C799E249AE82491F13 -- C:\Windows\explorer.exe
[2014/04/17 20:30:57 | 002,373,784 | ---- | M] (Microsoft Corporation) MD5=81394C91B7B5A7C799E249AE82491F13 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe
[2014/03/18 16:27:48 | 002,088,160 | ---- | M] (Microsoft Corporation) MD5=E0C84A30581BC508E289E4371A723F58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe
 
< MD5 for: MPSVC.DLL  >
[2013/08/22 12:07:52 | 001,566,208 | ---- | M] (Microsoft Corporation) MD5=2EDEA049EF63BDC17CDEB17090788DC2 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013/08/22 12:07:52 | 001,566,208 | ---- | M] (Microsoft Corporation) MD5=2EDEA049EF63BDC17CDEB17090788DC2 -- C:\Windows\WinSxS\amd64_windows-defender-service_31bf3856ad364e35_6.3.9600.16404_none_b6bb041f2a82b805\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2013/08/22 11:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) MD5=15225081966C785A9192782401643FD4 -- C:\WINDOWS\SysNative\qmgr.dll
[2013/08/22 11:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) MD5=15225081966C785A9192782401643FD4 -- C:\Windows\WinSxS\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.3.9600.16384_none_144f24f7cd691200\qmgr.dll
[2012/07/26 04:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=D598C44A7072D3108D8D8102EC5E07F7 -- C:\Windows.old\Windows\System32\qmgr.dll
[2012/07/26 04:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=D598C44A7072D3108D8D8102EC5E07F7 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.2.9200.16384_none_7c5a6c5183364183\qmgr.dll
 
< MD5 for: SERVICES  >
[2013/08/22 16:04:54 | 000,003,777 | ---- | M] () MD5=5EE2D65841D1985E8C1BC68B2EB4357B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.3.9600.16384_none_25fdfd813908f8a6\services
[2012/07/26 06:26:49 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\Drivers\etc\services
[2012/07/26 06:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
 
< MD5 for: SERVICES.EXE  >
[2013/07/22 18:46:36 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012/07/26 06:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2013/07/22 18:46:36 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows.old\Windows\System32\services.exe
[2013/07/22 18:46:36 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2013/08/22 14:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\WINDOWS\SysNative\services.exe
[2013/08/22 14:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2014/03/18 15:57:25 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7C5AC68CDFFE88407194D70316F59B8 -- C:\WINDOWS\SysNative\en-GB\services.exe.mui
[2014/03/18 15:57:25 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7C5AC68CDFFE88407194D70316F59B8 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.3.9600.16384_en-gb_5332ec03fec38070\services.exe.mui
[2013/07/22 18:37:48 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=DCC978632D7ADF6047B19DD118B54598 -- C:\Windows.old\Windows\System32\en-GB\services.exe.mui
[2013/07/22 18:37:48 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=DCC978632D7ADF6047B19DD118B54598 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-gb_bb3e335db490aff3\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2014/03/18 16:14:01 | 000,079,229 | ---- | M] () MD5=0025EC2D9E93FB8D6F5CB0DECD74D369 -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.2.229_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 08:51:02 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2014/04/01 08:45:03 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2014/04/01 08:53:18 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2014/04/01 08:46:21 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2014/04/01 08:45:51 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2012/07/26 08:53:58 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 08:53:49 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 08:53:45 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 08:54:27 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 08:53:53 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2014/03/18 16:13:45 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.234_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/03/18 16:14:09 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/03/18 16:13:29 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/03/18 16:13:22 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/03/18 16:14:34 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/03/18 16:13:38 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2013/08/22 07:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 07:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 21:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 07:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 21:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
[2013/08/22 07:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2012/06/02 15:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2012/06/02 15:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
[2013/06/18 15:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2013/06/18 15:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\services.mof
 
< MD5 for: SERVICES.MSC  >
[2012/07/26 08:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2012/06/02 15:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\System32\services.msc
[2012/07/26 08:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\SysWOW64\en-US\services.msc
[2012/06/02 15:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\SysWOW64\services.msc
[2012/07/26 08:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/02 15:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/02 15:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/26 08:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
[2014/03/18 15:57:27 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2013/06/18 15:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2014/03/18 15:57:27 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2013/06/18 13:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2014/03/18 15:57:27 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_94fd770dd055ce28\services.msc
[2013/06/18 15:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.msc
[2013/06/18 13:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_ca76ed014e12ad52\services.msc
[2014/03/18 15:57:27 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_38dedb8a17f85cf2\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2012/07/25 21:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2012/07/25 21:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
[2013/08/22 07:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\SysNative\wdi\perftrack\Services.ptxml
[2013/08/22 07:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2012/07/26 04:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2013/08/22 06:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\SysWOW64\svchost.exe
[2013/08/22 06:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe
[2012/07/26 04:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2013/07/22 18:46:36 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2013/07/22 18:46:44 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2013/07/22 18:46:44 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2013/08/22 13:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\WINDOWS\SysNative\svchost.exe
[2013/08/22 13:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe
[2013/07/22 18:46:36 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows.old\Windows\System32\svchost.exe
[2013/07/22 18:46:36 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2013/07/22 18:46:44 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2013/08/22 11:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\WINDOWS\SysNative\userinit.exe
[2013/08/22 11:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe
[2012/07/26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows.old\Windows\System32\userinit.exe
[2012/07/26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2013/08/22 03:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\SysWOW64\userinit.exe
[2013/08/22 03:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2013/07/22 18:46:36 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2014/03/18 16:27:31 | 000,562,176 | ---- | M] (Microsoft Corporation) MD5=306EB21E5B480AE9065EA55AC8C35936 -- C:\WINDOWS\SysNative\winlogon.exe
[2014/03/18 16:27:31 | 000,562,176 | ---- | M] (Microsoft Corporation) MD5=306EB21E5B480AE9065EA55AC8C35936 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17031_none_60b45365a8c2ccdb\winlogon.exe
[2013/07/22 18:46:36 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/07/26 04:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2013/07/22 18:59:59 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows.old\Windows\System32\winlogon.exe
[2013/07/22 18:59:59 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/07/22 18:59:59 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Windows
 Volume Serial Number is E2B9-76AD
 Directory of C:\
22/08/2013  15:45    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
22/08/2013  15:45    <JUNCTION>     Application Data [C:\ProgramData]
22/08/2013  15:45    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
22/08/2013  15:45    <JUNCTION>     Documents [C:\Users\Public\Documents]
22/08/2013  15:45    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
22/08/2013  15:45    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
22/08/2013  15:45    <SYMLINKD>     All Users [C:\ProgramData]
22/08/2013  15:45    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
22/08/2013  15:45    <JUNCTION>     Application Data [C:\ProgramData]
22/08/2013  15:45    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
22/08/2013  15:45    <JUNCTION>     Documents [C:\Users\Public\Documents]
22/08/2013  15:45    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
22/08/2013  15:45    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
22/08/2013  15:45    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
22/08/2013  15:45    <JUNCTION>     Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
22/08/2013  15:45    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
22/08/2013  15:45    <JUNCTION>     My Documents [C:\Users\Default\Documents]
22/08/2013  15:45    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
22/08/2013  15:45    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/08/2013  15:45    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
22/08/2013  15:45    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
22/08/2013  15:45    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
22/08/2013  15:45    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
22/08/2013  15:45    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
22/08/2013  15:45    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
22/08/2013  15:45    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
22/08/2013  15:45    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
22/08/2013  15:45    <JUNCTION>     My Music [C:\Users\Default\Music]
22/08/2013  15:45    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
22/08/2013  15:45    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default.migrated\Documents
26/07/2012  08:22    <JUNCTION>     My Music [C:\Users\Default\Music]
26/07/2012  08:22    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
26/07/2012  08:22    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\hadba_000\AppData\Local\Microsoft\Windows
17/04/2014  19:43    <JUNCTION>     Temporary Internet Files [C:\Users\hadba_000\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\hadba_000\AppData\Local\Microsoft\Windows\INetCache
17/04/2014  20:10    <JUNCTION>     Content.IE5 [C:\Users\hadba_000\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\hadba_000\AppData\Local\Microsoft\Windows\INetCache\Low
18/04/2014  18:36    <JUNCTION>     Content.IE5 [C:\Users\hadba_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
22/08/2013  15:45    <JUNCTION>     My Music [C:\Users\Public\Music]
22/08/2013  15:45    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
22/08/2013  15:45    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\suzan\AppData\Local\Microsoft\Windows
17/04/2014  19:43    <JUNCTION>     Temporary Internet Files [C:\Users\suzan\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
18/04/2014  19:07    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
18/04/2014  19:07    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Windows.old
26/07/2012  08:22    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData
26/07/2012  08:22    <JUNCTION>     Application Data [C:\ProgramData]
26/07/2012  08:22    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
26/07/2012  08:22    <JUNCTION>     Documents [C:\Users\Public\Documents]
26/07/2012  08:22    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
26/07/2012  08:22    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users
26/07/2012  08:22    <SYMLINKD>     All Users [C:\ProgramData]
26/07/2012  08:22    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users
22/08/2013  15:45    <JUNCTION>     Application Data [C:\ProgramData]
22/08/2013  15:45    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
22/08/2013  15:45    <JUNCTION>     Documents [C:\Users\Public\Documents]
22/08/2013  15:45    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
22/08/2013  15:45    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default
26/07/2012  08:22    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
26/07/2012  08:22    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
26/07/2012  08:22    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
26/07/2012  08:22    <JUNCTION>     My Documents [C:\Users\Default\Documents]
26/07/2012  08:22    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26/07/2012  08:22    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26/07/2012  08:22    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
26/07/2012  08:22    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
26/07/2012  08:22    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
26/07/2012  08:22    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local
26/07/2012  08:22    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
26/07/2012  08:22    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
26/07/2012  08:22    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Documents
26/07/2012  08:22    <JUNCTION>     My Music [C:\Users\Default\Music]
26/07/2012  08:22    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
26/07/2012  08:22    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Public\Documents
26/07/2012  08:22    <JUNCTION>     My Music [C:\Users\Public\Music]
26/07/2012  08:22    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
26/07/2012  08:22    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              74 Dir(s)  927,125,438,464 bytes free
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\hadba_000\OneDrive:ms-properties
 
< End of report >

  • 0

Advertisements


#11
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,699 posts
Yes, and the contents of these documents please copy and paste it into your next reply.
  • 0

#12
Hadi Swizzbeatz

Hadi Swizzbeatz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OTL Extras logfile created on: 18/04/2014 19:46:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hadba_000\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.89 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 71.53% Memory free
9.77 Gb Paging File | 7.52 Gb Available in Paging File | 76.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.83 Gb Total Space | 863.46 Gb Free Space | 95.11% Space Free | Partition Type: NTFS
Drive D: | 22.47 Gb Total Space | 2.27 Gb Free Space | 10.10% Space Free | Partition Type: NTFS
Drive F: | 14.95 Gb Total Space | 13.98 Gb Free Space | 93.49% Space Free | Partition Type: FAT32
 
Computer Name: FAYRUZ | User Name: hadba_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32F6C8E7-BEA1-49A5-8BDF-444AC3BF9B7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{529D7B96-3973-41D1-8351-66105ED6551F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B1984193-66EA-4EEF-B3BC-C0605D00A0D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB0497D8-11FE-4B46-B755-6BDA7B4D7133}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{FF26BDA4-D260-49F8-8403-EE76644A5E54}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037C9FEA-AC61-4D48-B864-32D947D3E9DB}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{08495B60-77E8-4823-86B0-3EE2A800FBC7}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{0C8F7D27-1D0E-4E91-8E22-1C6C1CD7C6BA}" = dir=in | name=onenote | 
"{10E1404D-2B60-48E0-AD6F-EF7BCC76F5C9}" = dir=in | app=c:\users\hadba_000\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{1176E67F-52EF-4DFB-A7FD-532DDE62E99E}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{13D0E967-8339-424B-AB14-2918F1318132}" = dir=in | name=hp connected photo powered by snapfish | 
"{1735AB78-D505-4B65-99C6-41D1117C07A0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{18612E02-AD76-472A-BAFF-D021B9643084}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{1A83AFD4-6EB1-495C-9ABE-03A8379E0B41}" = dir=out | name=youcam for hp | 
"{209B15C9-99F7-43C0-8725-F226D755A3BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2136C6BE-3AAF-46E7-A425-26E633E98D5A}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"{23F6CDCF-2756-46BD-8BC5-2012DA947CC1}" = dir=out | name=windows_ie_ac_001 | 
"{26645506-69EE-4199-A9DB-84952B742678}" = dir=out | [email protected]{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{26E3D508-E38D-483D-BAAE-1C118FC62E19}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{28D14B35-C515-41B7-B087-0BD4EFD1FDDF}" = dir=in | name=ebay | 
"{2D1F8D70-310C-4219-BF68-3504117BAC79}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{2E686F3F-F655-4CAD-8940-04BD8C2F749C}" = dir=out | name=getting started with windows 8 | 
"{31B78344-8EA3-424D-92EE-2F47B50E9264}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{324DE096-639D-42CC-9260-D3D8E4D0EB14}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3385E4E3-05A0-4497-94DF-988119762B97}" = dir=in | [email protected]{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{34616185-3EDA-4252-8D53-3A60C1DC8741}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{3602C9F4-A76C-4398-8A19-CF8F43A1A271}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{36FDE7AD-205A-4F4B-B1B0-85BEC6243F03}" = dir=out | name=box | 
"{37189B7C-7341-4368-9103-392A5787E2B4}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{39F92796-8865-443A-A0FB-F4ED4AB4A087}" = dir=out | [email protected]{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{3C2422AC-38E9-4455-8224-997464DA6D64}" = dir=in | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{3C806A6C-8FF7-45D2-8322-8DFC45DBDA68}" = dir=out | [email protected]{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4602C4B0-339F-4D04-8926-F783F90C1D4B}" = dir=out | [email protected]{microsoft.zunevideo_1.5.802.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{4A9443A6-6E67-497F-90E2-8859A9FD8FFC}" = dir=out | name=hp connected photo powered by snapfish | 
"{4B13C563-9C05-4F7C-AA0D-F028690A965D}" = dir=out | [email protected]{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{4B83DD58-3445-4BE4-BFBB-8F309A258ADD}" = dir=out | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{4E95F0A9-497E-4ECE-9F2E-8C4FD0AB321A}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{50D776FC-F07C-49DE-A08A-9875EFE3346C}" = dir=in | name=box | 
"{525912BE-CFA6-4393-A061-67D6FC696A8F}" = dir=out | name=hp games | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5CA8D9AC-2326-48F7-B385-1F0830F72158}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{5EC4FCC8-69F9-4B29-8ED4-60E4E29A3729}" = dir=out | [email protected]{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{5FAF6039-BED2-4D23-8FC1-D7FAD94D0914}" = dir=out | [email protected]{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{613CCC9A-9585-4AAC-97C1-EC48887EB44C}" = dir=in | [email protected]{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{62F8F08E-8882-4CB7-B6B5-4D9ED9B5C96F}" = dir=in | name=getting started with windows 8 | 
"{63CD46C5-12FF-48ED-B973-8A615DB5EB9F}" = dir=out | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{655591F7-003A-4B69-B426-1B0C3F3761FA}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{655A0220-01DA-4CFC-A179-0F521D957DC6}" = dir=in | name=box | 
"{67C26E01-ACEC-41E9-A710-5397E00CE73E}" = dir=out | [email protected]{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{6C1FB76C-12AF-4FB0-8C08-F2CEF0289369}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{6CA6B21A-353D-4FA8-9AFA-683DE016CC6E}" = dir=out | [email protected]{microsoft.zunevideo_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{6DAE4CEB-C5A2-44AD-9FDA-A604727B24C8}" = dir=in | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{6DD60DE0-CC85-47AD-9C3F-E4A4C0D0BAF4}" = dir=out | [email protected]{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{6EDB6094-F035-4AF4-923B-23CEC1257FEA}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{6F44B948-C480-4573-B88B-BB7BD142831C}" = dir=out | name=hp games | 
"{70988774-A659-44CB-A6D0-157DC55B4D82}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe | 
"{70B9373A-274F-47F6-A19C-89995933847D}" = dir=out | [email protected]{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{71F40A47-C673-45A4-93C1-9EF9BB6663DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{726D379A-5BCE-4445-928A-45B7F8D2EBC3}" = dir=out | [email protected]{microsoft.zunemusic_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{75155AA1-1871-4896-984F-67F23839AF68}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{7599D70E-1709-432E-B9A5-143C9C8C8B8C}" = dir=out | name=windows_ie_ac_001 | 
"{75ADDB92-5BA8-4D73-8431-28EE19CAEB66}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{7B0CBA0D-EA65-4E93-84C9-1995A91D73F1}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{7B3183DC-BB86-4A0B-8571-DAD6F3F0F08E}" = dir=out | name=norton studio | 
"{7B478C6D-2112-44DF-AD80-C9B1FBF632A4}" = dir=in | name=skype | 
"{7C003CAD-FFDB-4E94-B886-B14154CDF9C6}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{7D7811C4-BD7F-4C86-A6C5-ED09B403861C}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{7E3E311B-71AE-4E1D-8424-BECF5782DEB8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | 
"{7E53C482-0558-4274-8F49-4037B3F5E1B2}" = dir=out | [email protected]{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8185EDB8-0A52-4D4D-A8EE-B74B1CBC523B}" = dir=out | [email protected]{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{81A369F3-B884-492A-93A6-7903CA720548}" = dir=out | [email protected]{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{820C0AA8-4197-42F7-8BE8-A5B11918965F}" = dir=in | name=sonicwall mobile connect | 
"{8312F911-BC15-458A-99EF-6D11BD8731EA}" = dir=out | name=onenote | 
"{880933A8-7091-4158-BC92-85EB4E3B1952}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | 
"{8B871A5A-06D3-47FC-B41F-915C304CC2E2}" = dir=out | name=check point vpn | 
"{92A1C095-E634-4971-B589-BE81FEE78EED}" = dir=out | name=box | 
"{9511D4C1-7B55-4A32-8E20-BB1AAE278D57}" = dir=out | name=sonicwall mobile connect | 
"{98050FB6-E61F-411E-9FC0-8F614EB8FE43}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{9D3A7184-233F-4F50-8DA2-6705C033325E}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{9E217D78-3D0C-4809-BD39-0B8AE3DEB11A}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{9FED834D-6F07-4AF0-BD92-64E36904174C}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{A2FAEC38-D830-4C76-9A46-CE19CF9CAB17}" = dir=out | [email protected]{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{A3CF2953-DF3B-4914-A1F1-6303E4DB32F1}" = dir=in | name=f5 vpn | 
"{A4D38379-B61C-429A-A57B-28680AB1D344}" = dir=out | name=skype | 
"{A56080CD-21F4-4EC8-9747-325E639D71C0}" = dir=in | name=hp connected photo powered by snapfish | 
"{A67A2F89-9664-4CFE-B0D6-8E2EC89DBA14}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{AB0FCFBD-7C3F-4D42-AB18-A3ADE48DDFDA}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{AC2C48DC-2757-4A7F-B1A1-7D1C749B63DC}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{B22AD8C2-5A75-4CD2-8ABF-3291E710B849}" = dir=out | name=ebay | 
"{B22F3848-B5A8-4B8B-B287-EC1109608EF3}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{B258E5EC-94C0-4E45-8A53-4DC93AE04871}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | 
"{B54BE2FB-91A6-4905-8AAD-FB7E6FB771B1}" = dir=out | name=hp registration | 
"{BFA579B7-D29B-444E-8FDF-85627ADFE684}" = dir=out | name=f5 vpn | 
"{C16B2613-5F18-4ACD-8214-42A70AC1C1F3}" = dir=out | name=youcam for hp | 
"{C39CAF0A-C69D-4E7F-8310-F22D847AB9D0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{C459ABC4-3D92-40C3-AB80-AEB0C90A4730}" = dir=out | name=windows_ie_ac_001 | 
"{C78732E9-4725-49FD-8B98-79193D900321}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C9F15FCB-7C7F-4FDB-AD9B-302846A3533C}" = dir=out | name=norton studio | 
"{CA5E8B3C-CCC3-4BC4-8A67-26F8E821122D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CD88F8EA-8562-4887-B601-10BB45C84361}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{CDCB7BFA-2031-4CBF-AF3E-31C83BD0193C}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{CEDCA3FD-C6A6-4C0C-93D6-BE56AF557071}" = dir=in | name=check point vpn | 
"{D37F3256-16D3-4DD1-AB8C-AA778694A6DE}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{D53787D1-95CD-47DD-B9CE-32AD75BB6CF2}" = dir=out | name=juniper networks junos pulse | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DC23FDD7-E8EA-4F8B-8802-8FF864D07756}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{DC2FA53A-2E19-45A6-B02A-6B3C2035D798}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DE17C8AB-51D5-4DEA-BE4B-5A93162C19C2}" = dir=out | name=hp connected photo powered by snapfish | 
"{DEA473F5-1CC7-42A4-9C71-3A19EB08F0A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E561FEA5-62CD-4D6C-A359-1E9364241B9C}" = dir=out | name=ebay | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8118DDC-4786-4778-8A96-12FAE83DE7F5}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{EAF161B6-FC2B-4257-A40A-9F243A126BE3}" = dir=out | [email protected]{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{F1EF4C1D-FE19-452E-8F57-F6C9A615B251}" = dir=out | [email protected]{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{F5257DA4-778C-48CC-BB9B-BB6D321C0F9F}" = dir=out | name=hp registration | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6A7E6FB-52DA-444A-8532-CBE3336B7D79}" = dir=in | name=juniper networks junos pulse | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F96BFC04-BB6F-487D-B6FB-DA57598A4E22}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.2.229_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{FB959564-DE15-4F6B-8BDA-D1499DD3680C}" = dir=out | name=getting started with windows 8 | 
"{FD9CF23E-9805-434C-BD73-EEADB73659ED}" = dir=out | [email protected]{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"TCP Query User{2D0C1549-C6B9-4275-AB0D-D4F9AA53B11F}C:\users\hadba_000\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hadba_000\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{BF4751F8-0D9B-4FF7-B91E-574FCE1D2157}C:\users\hadba_000\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hadba_000\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{3EC16554-BF25-4E3D-8271-F5EDBF74557E}C:\users\hadba_000\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hadba_000\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{935CD542-8A89-430F-9A68-2DD425D20F60}C:\users\hadba_000\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hadba_000\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}" = DisableMSDefender
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A48BD764-CFDF-40A5-A07A-710908044F5D}" = HP Utility Center
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E83FDB2A-C81C-403D-8FD3-A816A89AF80C}" = Intel® Rapid Storage Technology
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"MyPC Backup" = MyPC Backup 
"NetTock" = NetTock
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07F6DC37-0857-4B68-A675-4E35989E85E3}" = HP 3D DriveGuard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}" = Cisco PEAP Module
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"{394B14EA-B072-4440-9510-87797CB12371}" = HP CoolSense
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{61245005-66F1-4001-AEE8-2E2D36F65C28}" = HP Documentation
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F37CA8-53F8-4594-B701-32AE64BAED1A}" = MyTurboPC
"{A5107464-AA9B-4177-8129-5FF2F42DD322}" = REALTEK Wireless LAN Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AF312B06-5C5C-468E-89B3-BE6DE2645722}" = Cisco LEAP Module
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D96EBFC0-C680-4463-B4F0-299E48771819}" = Yahoo Community Smartbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E849965E-4771-440C-936F-AF5BFD144416}" = HP Recovery Manager
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}" = Realtek Card Reader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}" = HP System Event Utility
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AnyProtect" = AnyProtect
"FlightGear 2.4.0_is1" = FlightGear 2.4.0
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"NIS" = Norton Internet Security
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"VOPackage" = VO Package
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-01d14d80-e6ae-48bf-83b3-751b92df317a" = Governor of Poker 2 Premium Edition
"WTA-1d95de2d-06ba-49cf-9a8f-e99c097ef2aa" = Jewel Quest II
"WTA-40308e37-c46d-43b8-b99f-d7a72ce91f33" = Jewel Match 3
"WTA-485d1e3f-3bcc-4f01-beed-c6ee5a5c2aa3" = Trinklit Supreme
"WTA-62ea1d63-6b6d-4247-b542-754c9945e3e3" = Bejeweled 3
"WTA-6b588354-41d5-449d-b794-0be2a98bdb4b" = Wedding Dash
"WTA-73e21e35-b18e-46e2-877d-8f6e6288a3a6" = Farm Frenzy
"WTA-8cb012c8-1728-40ba-b92e-bebf69e00c29" = Virtual Families
"WTA-8e41a0f1-8d98-4781-85d5-843ecfdabed1" = Vacation Quest™ - Australia
"WTA-95358450-374f-45f6-8c25-ba82518656b0" = Zuma's Revenge
"WTA-abc36f23-396d-4e29-87d6-6374ab6d8b7f" = Plants vs. Zombies - Game of the Year
"WTA-b12a957b-1aa6-43a5-b644-6742adc9be29" = Youda Jewel Shop
"WTA-b4799fc4-b494-4e19-96ba-75c63620ef3b" = Cradle of Rome 2
"WTA-b98f0497-1609-43a4-b3ef-3cd756714613" = Ranch Rush 2 - Premium Edition
"WTA-cd8f8ed4-7d36-4c76-8b56-895a3b27f9b5" = Aloha TriPeaks
"WTA-d4ac6b81-4c10-4b4f-950f-66f5b3f9dcff" = Build-a-lot
"WTA-de5fa403-7e39-4943-90a6-36bdbe95bb62" = Polar Bowler
"WTA-e56db73c-3517-481e-96ca-9800840eee74" = Crazy Chicken Soccer
"WTA-febc4dcc-5d33-4d3f-9466-cde2b75583c7" = Mahjongg Artifacts
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{30bbfa13-11bf-430f-ad03-0b0755c84a4a}" = Yahoo Community Smartbar Engine
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06/04/2014 15:45:31 | Computer Name = Fayruz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06/04/2014 15:45:31 | Computer Name = Fayruz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 137375
 
Error - 06/04/2014 15:45:31 | Computer Name = Fayruz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 137375
 
Error - 06/04/2014 15:45:32 | Computer Name = Fayruz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06/04/2014 15:45:32 | Computer Name = Fayruz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 138688
 
Error - 06/04/2014 15:45:32 | Computer Name = Fayruz | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 138688
 
Error - 07/04/2014 08:11:51 | Computer Name = Fayruz | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\microsoft
 office 15\Data\Updates\Download\packagefiles\root\flattener\Flattener.exe".  Dependent
 Assembly AppVOpcServices.dll,processorArchitecture="x86",type="win32",version="4.6.0.111"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 07/04/2014 08:18:14 | Computer Name = Fayruz | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\microsoft
 office 15\Data\Updates\Download\packagefiles\root\flattener\Flattener.exe".  Dependent
 Assembly AppVOpcServices.dll,processorArchitecture="x86",type="win32",version="4.6.0.111"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/04/2014 08:54:18 | Computer Name = Fayruz | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App winstore_cw5n1h2txyewy!Windows.Store did not launch within its
 allotted time.
 
Error - 10/04/2014 08:54:24 | Computer Name = Fayruz | Source = Application Hang | ID = 1002
Description = The program WWAHost.exe version 6.2.9200.16420 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1910    Start
 Time: 01cf54bbf282e0e5    Termination Time: 4294967295    Application Path: C:\Windows\System32\WWAHost.exe
 
Report
 Id: 39eae42d-c0af-11e3-be7c-a0d3c15b52ef    Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy
 
Faulting
 package-relative application ID: Windows.Store  
 
[ System Events ]
Error - 06/04/2014 11:33:16 | Computer Name = Fayruz | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly. It has done this 2 time(s).
 
Error - 06/04/2014 12:12:20 | Computer Name = Fayruz | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly. It has done this 3 time(s).
 
Error - 06/04/2014 12:58:09 | Computer Name = Fayruz | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly. It has done this 4 time(s).
 
Error - 06/04/2014 13:21:29 | Computer Name = Fayruz | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly. It has done this 5 time(s).
 
Error - 06/04/2014 15:43:12 | Computer Name = Fayruz | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly. It has done this 6 time(s).
 
Error - 06/04/2014 15:50:43 | Computer Name = Fayruz | Source = DCOM | ID = 10016
Description = 
 
Error - 06/04/2014 16:17:41 | Computer Name = Fayruz | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly. It has done this 7 time(s).
 
Error - 07/04/2014 12:05:43 | Computer Name = Fayruz | Source = DCOM | ID = 10010
Description = 
 
Error - 07/04/2014 12:05:43 | Computer Name = Fayruz | Source = DCOM | ID = 10010
Description = 
 
Error - 07/04/2014 12:05:45 | Computer Name = Fayruz | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated 
unexpectedly. It has done this 8 time(s).
 
 
< End of report >

  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,699 posts
Well done. I will come back with further instructions later.
  • 0

#14
Hadi Swizzbeatz

Hadi Swizzbeatz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

thank you, btw can i just say you're awesome i appreciate you helping out people. :D


  • 0

#15
Hadi Swizzbeatz

Hadi Swizzbeatz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

when should i come back?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP