Solved WIN64/Sirefer.y Infection - requesting help with removal kindly

AymanH · Jun 14, 2012

My FEP2010 found the WIN64/Sirefer.y virus. It attempts a clean up but goes into a reboot cycle every minute or so. The FEP error box states the Trojan to be associated with services.exe file located at the following location:
C:\windows\system32\services.exe

I read some similar posts and ran FRST64.exe and collected the log. Log is too big so split into two posts on this thread.

Kindly help with next steps.

Pasted Section 1:

Scan result of Farbar Recovery Scan Tool Version: 13-06-2012 02
Ran by SYSTEM at 14-06-2012 16:01:04
Running from D:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2012-03-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2012-03-27] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2012-03-27] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2012-03-27] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2012-03-27] (IDT, Inc.)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12071200 2012-03-24] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui [136416 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2011-06-01] ()
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2012-04-30] (VMware, Inc.)
HKU\aymanh\...\Run: [Google Update] "C:\Users\aymanh\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-07] (Google Inc.)
HKU\aymanh\...\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\aymanh\...\Run: [SkyDrive] "C:\Users\aymanh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [296672 2012-05-30] (Microsoft Corporation)
HKU\aymanh\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [11921064 2012-05-16] (Google)
HKU\aymanh\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Startup: C:\Users\aymanh\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ======
3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
2 CrmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe" [24168 2012-04-26] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2010-11-11] (Microsoft Corporation)
2 msoidsvc; "C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE" [2078112 2011-09-28] (Microsoft Corp.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [282616 2010-11-11] ()
2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [179120 2011-09-28] (Absolute Software Corp.)
2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [846448 2011-08-29] (VMware, Inc.)
2 vmware-converter-agent; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml" [6269 2012-04-19] ()
2 vmware-converter-server; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml" [4280 2012-04-19] ()
2 vmware-converter-worker; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml" [6882 2012-04-19] ()
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-04-11] ()
========================== Drivers (Whitelisted) =============
3 bmdrvr; C:\Windows\SysWow64\Drivers\bmdrvr.sys [74352 2011-03-14] (VMware, Inc.)
3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [45672 2012-03-27] (Broadcom Corporation)
3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7x64.sys [72808 2012-03-27] (O2Micro )
3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7x64.sys [74984 2012-03-27] (O2Micro )
3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7x64.sys [83560 2012-03-27] (O2Micro )
3 prepdrvr; \??\C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
2 VMparport; C:\Windows\System32\Drivers\VMparport.sys [31344 2012-04-30] (VMware, Inc.)
3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [x]
1 SASDIFSV; \??\D:\SASDIFSV64.SYS [x]
1 SASKUTIL; \??\D:\SASKUTIL64.SYS [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-14 11:53 - 2012-06-14 11:53 - 00000701 ____A C:\Users\aymanh\Desktop\FEP2010-Log.txt
2012-06-14 11:52 - 2012-06-14 11:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B705DA7A-F48F-40A8-994F-5E51A3149759}
2012-06-14 10:53 - 2012-06-14 10:53 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E2CF3B84-334A-49CA-B162-96975CCFC3D5}
2012-06-14 10:49 - 2012-06-14 10:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F3526EDA-3C1E-4E06-8A3C-E876AD8E87F2}
2012-06-14 10:36 - 2012-06-14 10:36 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\SUPERAntiSpyware.com
2012-06-14 10:36 - 2012-06-14 10:36 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-14 07:57 - 2012-06-14 10:46 - 00984386 ____A C:\Windows\ntbtlog.txt
2012-06-14 07:50 - 2012-06-14 07:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7330C731-1C51-4EBD-90E7-C6446D950479}
2012-06-14 07:48 - 2012-06-14 07:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B25D581F-97E3-4EE0-9AD5-C25FE27596E6}
2012-06-14 07:28 - 2012-06-14 07:34 - 00000000 ____D C:\Users\aymanh\Downloads\definitions
2012-06-14 07:26 - 2012-06-14 07:25 - 00868544 ____A (Microsoft Corporation) C:\Users\aymanh\Downloads\nis_full.exe
2012-06-14 07:09 - 2012-06-14 07:09 - 00000000 ____D C:\Users\aymanh\AppData\Local\{0A766A86-C024-4773-A969-278031034F5E}
2012-06-14 06:33 - 2012-06-14 06:33 - 00000000 ____D C:\Users\aymanh\AppData\Local\{59D7A61C-90C9-4B9A-B546-A15EABB4D0FF}
2012-06-13 18:12 - 2012-06-13 18:12 - 00001150 ____A C:\Users\aymanh\Downloads\w7-wscsvc.zip
2012-06-13 17:49 - 2012-06-13 17:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D5FE9CDA-5F28-4B88-9854-1C3AF0D7B59E}
2012-06-13 05:48 - 2012-06-13 17:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D63FF5E9-4E16-4A31-9B73-CB45B734D887}
2012-06-13 05:48 - 2012-06-13 05:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{DB77BC3A-EB80-4DE5-81CB-EC99D1662C47}
2012-06-12 20:31 - 2012-06-12 20:31 - 00000000 ____D C:\Users\aymanh\Documents\ProcAlyzer Dumps
2012-06-12 20:29 - 2012-06-14 11:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-12 20:24 - 2012-06-14 11:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-06-12 19:50 - 2012-06-12 19:50 - 00010376 ____A C:\Users\aymanh\Downloads\BFEWin764.zip
2012-06-12 19:26 - 2012-06-14 11:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-12 19:26 - 2012-06-12 19:26 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Malwarebytes
2012-06-12 19:26 - 2012-06-12 19:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-12 19:24 - 2012-06-12 19:24 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\aymanh\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-12 16:53 - 2012-06-12 16:53 - 00000000 ____D C:\Users\aymanh\AppData\Local\{BFFCBFDF-ED42-417C-B6D7-79BC27EDF28E}
2012-06-12 16:53 - 2012-06-12 16:53 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B11D25DF-D503-4DDE-8EA2-95B1C95F66C2}
2012-06-12 09:06 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 09:06 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 09:06 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 08:56 - 2012-06-14 11:05 - 00000000 ____D C:\Program Files\CCleaner
2012-06-12 08:54 - 2012-06-12 08:54 - 03862112 ____A (Piriform Ltd) C:\Users\aymanh\Downloads\ccsetup319.exe
2012-06-12 06:00 - 2012-06-12 18:57 - 00254947 ____A C:\Users\aymanh\AppData\Local\census.cache
2012-06-12 06:00 - 2012-06-12 18:57 - 00089208 ____A C:\Users\aymanh\AppData\Local\ars.cache
2012-06-12 05:56 - 2011-06-20 20:09 - 00200976 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-06-12 05:55 - 2012-06-12 05:55 - 00000036 ____A C:\Users\aymanh\AppData\Local\housecall.guid.cache
2012-06-12 05:20 - 2012-06-12 05:20 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-12 05:16 - 2012-06-12 05:27 - 00000000 ____D C:\Users\All Users\B7E858A700052AA600CCC89DB4EB2331
2012-06-12 04:52 - 2012-06-12 04:53 - 00000000 ____D C:\Users\aymanh\AppData\Local\{3DFC2E60-76B7-4941-8707-E62B2B20E971}
2012-06-12 04:52 - 2012-06-12 04:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{687BACC1-D0F7-48A5-A538-954EE20A115C}
2012-06-12 04:52 - 2012-06-12 04:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5176700C-A91D-4836-B595-80F5EA5E6025}
2012-06-12 04:52 - 2012-06-12 04:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{32D4EBD7-8427-4ED1-B3A0-D5479E57188E}
2012-06-11 16:52 - 2012-06-11 16:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{FA240629-4662-4D2D-BE3B-ADB08C7DAFD8}
2012-06-11 09:58 - 2012-06-11 09:58 - 01081867 ____A C:\Users\aymanh\Desktop\2012_06_11 Seattle AIS Short - Cloud Security The Slalom Way.pptx
2012-06-11 09:42 - 2012-06-11 09:42 - 00873651 ____A C:\Users\aymanh\Desktop\MOSDAL - June 11.pdf
2012-06-11 08:16 - 2012-06-11 08:16 - 09896861 ____A C:\Users\aymanh\Desktop\National Mobility Master Sales Deck.pptx
2012-06-11 04:51 - 2012-06-11 16:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{1F1B3A19-7894-407D-9ACF-9B4C32C11331}
2012-06-11 04:51 - 2012-06-11 04:51 - 00000000 ____D C:\Users\aymanh\AppData\Local\{686E0935-D6FA-4D5E-B266-533C8DC07EBD}
2012-06-10 15:51 - 2012-06-10 15:51 - 00029437 ____A C:\Users\aymanh\Desktop\CC Assessment SOW.docx
2012-06-10 07:30 - 2012-06-10 07:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{AAD95F6E-81A1-401C-8CFF-A66219E4CAE8}
2012-06-10 07:30 - 2012-06-10 07:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{026CB8D2-A4E2-4BBA-A9FB-5A8B7BC6E697}
2012-06-09 19:29 - 2012-06-09 19:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5C91F6CA-CC87-4247-AE07-4AB6F8F4E723}
2012-06-09 07:27 - 2012-06-09 07:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{ABFF5705-6A9F-426D-BAA5-E69897A2E986}
2012-06-09 07:26 - 2012-06-09 19:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6C90BC26-3387-4154-96FA-5130E6603152}
2012-06-08 19:26 - 2012-06-08 19:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7C3BF20D-4AB0-4DE7-A686-E48EC25E6559}
2012-06-08 07:25 - 2012-06-08 19:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{EBD054B6-F60A-424A-9901-D7C452B3C55B}
2012-06-08 07:25 - 2012-06-08 07:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7C0CD159-1054-4D90-A485-6CEDEAA101A2}
2012-06-08 07:25 - 2012-06-08 07:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2D7C1014-B589-4C9A-83AC-728AF2E553E7}
2012-06-08 07:25 - 2012-06-08 07:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{21010683-6ADD-4480-90E3-50BCA7AE241B}
2012-06-07 19:24 - 2012-06-07 19:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6C4FC1BA-4959-43BA-8201-AE3DAE0C70D4}
2012-06-07 07:24 - 2012-06-07 07:24 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F07CF9C3-2056-45E7-A81A-92BD103F2012}
2012-06-07 07:24 - 2012-06-07 07:24 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E55EADFE-8384-40BC-9F4E-DBE9651323A5}
2012-06-07 07:23 - 2012-06-07 07:24 - 00000000 ____D C:\Users\aymanh\AppData\Local\{C492575B-A2C2-40B2-9D77-EC48819314A0}
2012-06-06 18:20 - 2012-06-07 19:24 - 00000000 ____D C:\Users\aymanh\AppData\Local\{042B9A73-D233-4C04-8A37-D86E95714F53}
2012-06-06 18:20 - 2012-06-06 18:20 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F474E0B4-51CA-41ED-9E4B-F02D4A2B58B9}
2012-06-06 11:36 - 2012-06-06 11:36 - 00267264 ____A C:\Users\aymanh\Desktop\Enterprise-Backup-Software-RFP-Template.doc
2012-06-06 11:35 - 2012-06-06 13:24 - 00459595 ____N C:\Users\aymanh\Desktop\Meeting Minutes - 20120605.docx
2012-06-06 11:06 - 2012-06-06 13:34 - 00030615 ____N C:\Users\aymanh\Desktop\Contact List.xlsx
2012-06-06 06:19 - 2012-06-06 06:20 - 00000000 ____D C:\Users\aymanh\AppData\Local\{50BFB023-DCD2-43E1-8C3D-5D82A099B087}
2012-06-06 06:19 - 2012-06-06 06:19 - 00000000 ____D C:\Users\aymanh\AppData\Local\{49F7C4D5-4500-4D15-9FDF-E9797CD4F80A}
2012-06-05 18:19 - 2012-06-05 18:19 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8F00FB63-E266-442E-BB05-2BFCB62C32B8}
2012-06-05 10:44 - 2012-06-05 10:46 - 18350026 ____A C:\Users\aymanh\Desktop\666795_IntroWinServ2012.pdf
2012-06-05 10:02 - 2012-06-05 10:02 - 04112488 ____A C:\Users\aymanh\Desktop\cbsi_msft_webcast_06052012_presentation_final.pdf
2012-06-05 05:10 - 2012-06-05 05:10 - 00000000 ____D C:\Users\aymanh\AppData\Local\{CB68736B-41D8-4A99-930C-6CCFDD1FE359}
2012-06-05 05:09 - 2012-06-06 06:19 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6C96DDD1-CFE1-4E1B-9072-8DCA5AE09399}
2012-06-04 12:40 - 2012-06-04 12:40 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E5B80928-EA1F-4615-88E6-AA6EA33508B9}
2012-06-04 12:40 - 2012-06-04 12:40 - 00000000 ____D C:\Users\aymanh\AppData\Local\{527830C3-5D11-4375-BB10-1C5C307C7A43}
2012-06-04 09:53 - 2012-06-04 09:53 - 00009008 __RSH C:\Users\All Users\3002.abs
2012-06-04 09:37 - 2012-06-04 09:37 - 00969728 ____A C:\Users\aymanh\Downloads\ADTD.Net Setup.msi
2012-06-04 00:30 - 2012-06-04 00:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{42396869-D95B-4347-935A-9B493586E430}
2012-06-03 12:29 - 2012-06-03 12:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{051E821A-6B78-4537-BF9A-C853A8BB6F6A}
2012-06-03 00:29 - 2012-06-03 00:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{AC247F66-9E07-4A56-A062-1CA54CB40DB4}
2012-06-02 12:28 - 2012-06-02 12:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B1D6FCD3-13FE-415A-9B1B-089D218D4D84}
2012-06-02 00:28 - 2012-06-02 00:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E2D81F3A-CB2D-4A82-BF7D-E887FA954F6A}
2012-06-01 12:27 - 2012-06-01 12:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{CB7DEFC7-FEAA-4FDA-8A6F-2387F7516BD3}
2012-06-01 12:27 - 2012-06-01 12:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7A13FD8B-9E56-46DC-8C3D-08830CBB5D6B}
2012-06-01 00:27 - 2012-06-01 00:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{58E6DEE2-1B91-45B3-8671-2351F828E003}
2012-06-01 00:26 - 2012-06-04 00:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F442995B-EE84-4F7C-87AF-7381BE52B9E2}
2012-05-31 18:03 - 2012-04-30 16:56 - 00063088 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-05-31 18:03 - 2012-04-30 16:56 - 00031344 ____A (VMware, Inc.) C:\Windows\System32\Drivers\VMparport.sys
2012-05-31 18:02 - 2012-05-31 18:02 - 00000000 ____D C:\Program Files\Common Files\VMware
2012-05-31 18:02 - 2012-04-30 16:56 - 00942192 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-05-31 18:02 - 2012-04-30 16:56 - 00433264 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-05-31 18:02 - 2012-04-30 16:56 - 00354416 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-05-31 18:02 - 2012-04-30 16:54 - 00030320 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-05-31 18:02 - 2011-08-29 19:11 - 00039024 ____A (VMware, Inc.) C:\Windows\System32\Drivers\hcmon.sys
2012-05-31 12:26 - 2012-05-31 12:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{9E8B3832-20FD-4560-AC1B-E8A3B9D66992}
2012-05-31 12:26 - 2012-05-31 12:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{98004457-BEFF-4CD2-BFF1-27C0CBCADD0B}
2012-05-31 00:25 - 2012-05-31 00:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{45DC0870-6DEB-40F5-8B0E-CCC9BD015AC0}
2012-05-30 18:22 - 2012-05-30 18:22 - 02617278 ____A C:\Users\aymanh\Downloads\Flipboard-1.8.4-63-beta-release.apk
2012-05-30 12:25 - 2012-05-30 12:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7B4BF414-F91B-4100-82AF-5D15D966A816}
2012-05-30 12:25 - 2012-05-30 12:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{205E4846-1873-4DBB-98C3-B8ACD97717F5}
2012-05-30 12:21 - 2012-05-31 12:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{0D3EC36C-7AC3-4D7B-809A-7B55CEB19B2A}
2012-05-29 19:35 - 2012-05-29 19:35 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4DE3C574-5331-44D2-A098-AEDFACA95183}
2012-05-29 19:34 - 2012-05-29 19:35 - 00000000 ____D C:\Users\aymanh\AppData\Local\{AD0DC94F-36B1-4F19-B303-5C5E6B46BD64}
2012-05-29 19:34 - 2012-05-29 19:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7C8EC434-390F-4EB0-BAF5-96EDA39C4B32}
2012-05-29 07:34 - 2012-05-29 07:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{481C8670-9383-4B0A-82F4-DB098F2AD223}
2012-05-29 07:34 - 2012-05-29 07:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{25F1FA27-A500-441B-936D-75F38BCF2563}
2012-05-28 19:33 - 2012-05-28 19:33 - 00000000 ____D C:\Users\aymanh\AppData\Local\{21AA06EA-C897-4859-8CA1-390375350898}
2012-05-28 15:36 - 2012-05-28 15:47 - 00000000 ____D C:\Users\aymanh\Desktop\Pics
2012-05-28 07:33 - 2012-05-28 07:33 - 00000000 ____D C:\Users\aymanh\AppData\Local\{45CC4CAA-2102-4D95-BC1A-A53F42BF8BF5}
2012-05-27 19:32 - 2012-05-27 19:32 - 00000000 ____D C:\Users\aymanh\AppData\Local\{922435CC-050E-4E53-9A26-3FA01A2171FD}
2012-05-27 07:32 - 2012-05-27 07:32 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E78B5A3A-2AF7-44D2-8886-B40F9D24AF0A}
2012-05-26 19:00 - 2012-05-29 19:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{593A9D2F-D210-4688-A950-DEE050B982CB}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{53760101-447E-4A53-95EA-A844684DDE2F}
2012-05-26 06:59 - 2012-05-26 07:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{CA7701D7-4268-40F5-87FF-3A3D46646B19}
2012-05-25 17:06 - 2012-05-25 17:06 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2E8DDDCA-5B04-41D0-BDAC-260392906BDE}
2012-05-25 17:06 - 2012-05-25 17:06 - 00000000 ____D C:\Users\aymanh\AppData\Local\{00E77EF4-F3A7-4387-B2AD-3DDA4F540F2A}
2012-05-25 05:10 - 2012-05-25 06:08 - 00455850 ____A C:\Users\aymanh\Desktop\Sample-Draft-BPOS to O365 Readiness.docx
2012-05-25 05:05 - 2012-05-26 06:59 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F5840025-FE0B-4B30-A039-2F1F893D3A7B}
2012-05-25 05:05 - 2012-05-25 05:05 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4E3BE758-2D2E-4428-83CE-887091B86BBC}
2012-05-24 12:27 - 2012-05-24 12:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{BAE3543F-7980-4373-B260-C2F900B49DB3}
2012-05-24 12:00 - 2012-05-24 12:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{1A0FAF98-3B6C-4123-B522-72D375795747}
2012-05-24 11:56 - 2012-05-24 12:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D3339A4B-A9C5-4984-978E-CE64522D9F46}
2012-05-24 00:27 - 2012-05-24 12:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{1D678444-D161-40D7-B00F-E3F0694E8102}
2012-05-23 13:59 - 2012-05-23 13:59 - 00000000 ___HD C:\Windows\$CrmUninstallKB2600644_Mui_1033$
2012-05-23 13:59 - 2012-05-23 13:59 - 00000000 ___HD C:\Windows\$CrmUninstallKB2600644_Client_1033$
2012-05-23 06:13 - 2012-05-23 06:13 - 00000000 ____D C:\Users\aymanh\AppData\Local\{94A5AD52-996E-4D8C-A0D7-9651852A766B}
2012-05-23 06:12 - 2012-05-23 06:13 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5DF70016-E452-4E5A-BF87-FCC12F1192ED}
2012-05-22 17:42 - 2012-05-22 17:42 - 00000000 ____D C:\Users\aymanh\AppData\Local\{EF30597F-E6E9-4846-9639-6D8997E2B851}
2012-05-22 03:16 - 2012-05-22 03:16 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E5F550C3-34E3-42ED-9133-55E91A6DE188}
2012-05-21 08:08 - 2012-05-21 08:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{890B34F5-A78E-4A3F-A48C-A02886DB6538}
2012-05-21 08:08 - 2012-05-21 08:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{69CF7954-5376-40B8-925B-281EA841CD02}
2012-05-20 20:55 - 2012-05-20 20:55 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Mozilla
2012-05-20 20:08 - 2012-05-20 20:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8BED8D63-6561-42C3-BD98-FAA4B1A9E201}
2012-05-20 08:07 - 2012-05-20 08:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D8145C38-C49D-4A55-A857-565EC614A44D}
2012-05-19 17:52 - 2012-05-19 17:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A20460A2-6CF9-42D3-8B04-4E35950E6059}
2012-05-19 05:52 - 2012-05-19 05:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8CB1668B-949B-40DC-BD6B-2201FBD23844}
2012-05-18 17:51 - 2012-05-18 17:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E3D9D1B1-8FA7-4D5B-8236-3119ABF61AF0}
2012-05-18 14:01 - 2012-05-18 14:01 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{4ea376b1-9e85-11e1-9935-6427378f5ffd}.TxR.blf
2012-05-18 10:13 - 2012-05-18 10:13 - 00435386 ____A C:\Users\aymanh\Desktop\System Center 2012 Licensing Datasheet.pdf
2012-05-18 05:51 - 2012-05-18 05:51 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B7619558-2DD4-44B4-BDFB-8B5C3960F15A}
2012-05-18 05:51 - 2012-05-18 05:51 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A8B1235C-6DAD-4F61-951C-06E8CA44C5E1}
2012-05-17 17:50 - 2012-05-22 17:42 - 00000000 ____D C:\Users\aymanh\AppData\Local\{9DEC14F4-77AF-44F5-B292-88AD66487B94}
2012-05-17 17:50 - 2012-05-17 17:51 - 00000000 ____D C:\Users\aymanh\AppData\Local\{3E3B78A7-E0D0-4A80-A657-F20FD9D28EDF}
2012-05-17 05:50 - 2012-05-17 05:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\{74D0162A-EC4C-4224-8CAA-3C5208BAA24B}
2012-05-17 05:49 - 2012-05-17 05:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\{439F56D7-1C45-4A09-A27A-31D5AB80D475}
2012-05-16 17:49 - 2012-05-17 05:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{89863D76-EF77-4D06-8410-0614D34F1D9A}
2012-05-16 17:49 - 2012-05-16 17:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8AB41F8A-C1FC-4A3E-ABE3-803183F75894}
2012-05-16 05:49 - 2012-05-16 05:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{FED8551C-9617-4A21-9AF5-41CC54EA41D0}
2012-05-15 16:00 - 2012-05-15 16:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{026F9174-06C3-47DD-888C-40A1932551F4}
2012-05-15 06:56 - 2012-05-15 06:56 - 00784742 ____A C:\Users\aymanh\Desktop\VL_CaseStudy_Slalom.pdf
2012-05-15 03:59 - 2012-05-16 05:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{EDD993F3-8AFE-4888-AC07-2B4F34A0F017}
2012-05-15 03:59 - 2012-05-15 04:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{C8CFD8D3-2351-40FE-B48A-9138D6BCED66}

AymanH · Jun 14, 2012

Section 2:

============ 3 Months Modified Files and Folders =============
2012-06-14 16:01 - 2012-06-14 16:00 - 00000000 ____D C:\FRST
2012-06-14 11:57 - 2012-04-02 15:36 - 00017920 ____A C:\Windows\System32\rpcnetp.exe
2012-06-14 11:57 - 2012-03-27 14:01 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2012-06-14 11:57 - 2012-03-27 10:59 - 00000392 ____A C:\Windows\SMSCFG.INI
2012-06-14 11:57 - 2012-02-15 10:50 - 00000000 ____D C:\Users\All Users\VMware
2012-06-14 11:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-14 11:57 - 2009-07-13 20:51 - 00058079 ____A C:\Windows\setupact.log
2012-06-14 11:55 - 2012-04-07 19:50 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610354233-1133782292-1394453194-20955UA.job
2012-06-14 11:53 - 2012-06-14 11:53 - 00000701 ____A C:\Users\aymanh\Desktop\FEP2010-Log.txt
2012-06-14 11:52 - 2012-06-14 11:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B705DA7A-F48F-40A8-994F-5E51A3149759}
2012-06-14 11:52 - 2012-04-24 08:43 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-14 11:52 - 2012-04-02 18:21 - 00000000 ____D C:\Users\aymanh\Documents\LiveMeshDocuments
2012-06-14 11:52 - 2012-04-02 15:36 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.exe
2012-06-14 11:52 - 2012-04-02 15:36 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.dll
2012-06-14 11:06 - 2012-04-24 08:45 - 00000000 ___SD C:\Users\aymanh\Google Drive
2012-06-14 11:06 - 2012-04-23 10:56 - 00000000 ___RD C:\Users\aymanh\SkyDrive
2012-06-14 11:06 - 2012-04-15 20:49 - 00000000 ___RD C:\Users\aymanh\Virtual Machines
2012-06-14 11:06 - 2012-02-15 11:14 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-06-14 11:06 - 2012-02-15 11:14 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-14 11:06 - 2012-02-15 11:08 - 00000000 ____D C:\users\SL-Administrator
2012-06-14 11:06 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2012-06-14 11:06 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2012-06-14 11:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2012-06-14 11:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-14 11:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-14 11:05 - 2012-06-12 20:29 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-14 11:05 - 2012-06-12 20:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-06-14 11:05 - 2012-06-12 19:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 11:05 - 2012-06-12 08:56 - 00000000 ____D C:\Program Files\CCleaner
2012-06-14 11:05 - 2012-04-24 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-14 11:05 - 2012-03-27 14:02 - 00000000 ____D C:\Program Files\Microsoft Lync
2012-06-14 11:05 - 2012-03-27 14:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2012-06-14 11:05 - 2012-03-27 14:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-14 11:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-14 11:04 - 2012-04-07 08:18 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Skype
2012-06-14 11:03 - 2012-03-27 14:03 - 00000000 __RHD C:\MSOCache
2012-06-14 11:03 - 2012-03-27 14:01 - 00000000 ___HD C:\Users\All Users\Rpcnet
2012-06-14 11:03 - 2012-03-27 14:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-14 11:01 - 2009-07-13 21:13 - 00795354 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-14 11:00 - 2009-07-13 20:45 - 00022224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-14 11:00 - 2009-07-13 20:45 - 00022224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-14 10:56 - 2012-03-27 10:59 - 01103204 ____A C:\Windows\WindowsUpdate.log
2012-06-14 10:53 - 2012-06-14 10:53 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E2CF3B84-334A-49CA-B162-96975CCFC3D5}
2012-06-14 10:49 - 2012-06-14 10:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F3526EDA-3C1E-4E06-8A3C-E876AD8E87F2}
2012-06-14 10:48 - 2012-04-24 08:43 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-14 10:46 - 2012-06-14 07:57 - 00984386 ____A C:\Windows\ntbtlog.txt
2012-06-14 10:36 - 2012-06-14 10:36 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\SUPERAntiSpyware.com
2012-06-14 10:36 - 2012-06-14 10:36 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-14 07:50 - 2012-06-14 07:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7330C731-1C51-4EBD-90E7-C6446D950479}
2012-06-14 07:48 - 2012-06-14 07:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B25D581F-97E3-4EE0-9AD5-C25FE27596E6}
2012-06-14 07:34 - 2012-06-14 07:28 - 00000000 ____D C:\Users\aymanh\Downloads\definitions
2012-06-14 07:25 - 2012-06-14 07:26 - 00868544 ____A (Microsoft Corporation) C:\Users\aymanh\Downloads\nis_full.exe
2012-06-14 07:09 - 2012-06-14 07:09 - 00000000 ____D C:\Users\aymanh\AppData\Local\{0A766A86-C024-4773-A969-278031034F5E}
2012-06-14 07:09 - 2012-03-27 14:43 - 00000000 ____D C:\users\aymanh
2012-06-14 07:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-14 06:33 - 2012-06-14 06:33 - 00000000 ____D C:\Users\aymanh\AppData\Local\{59D7A61C-90C9-4B9A-B546-A15EABB4D0FF}
2012-06-13 18:27 - 2012-02-15 11:29 - 00000000 __SHD C:\Users\aymanh\AppData\Local\{bb348e68-11fe-7740-f76e-e899f14425fb}
2012-06-13 18:12 - 2012-06-13 18:12 - 00001150 ____A C:\Users\aymanh\Downloads\w7-wscsvc.zip
2012-06-13 17:49 - 2012-06-13 17:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D5FE9CDA-5F28-4B88-9854-1C3AF0D7B59E}
2012-06-13 17:49 - 2012-06-13 05:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D63FF5E9-4E16-4A31-9B73-CB45B734D887}
2012-06-13 17:49 - 2012-04-02 18:16 - 00000000 ____D C:\Users\aymanh\AppData\Local\Windows Live
2012-06-13 14:43 - 2012-04-23 09:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\ElevatedDiagnostics
2012-06-13 06:27 - 2012-03-27 14:44 - 00000000 ____D C:\Users\aymanh\Tracing
2012-06-13 05:48 - 2012-06-13 05:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{DB77BC3A-EB80-4DE5-81CB-EC99D1662C47}
2012-06-12 20:31 - 2012-06-12 20:31 - 00000000 ____D C:\Users\aymanh\Documents\ProcAlyzer Dumps
2012-06-12 19:50 - 2012-06-12 19:50 - 00010376 ____A C:\Users\aymanh\Downloads\BFEWin764.zip
2012-06-12 19:50 - 2011-12-16 04:11 - 00188828 ____A C:\Users\aymanh\Downloads\BFEWin764.reg
2012-06-12 19:26 - 2012-06-12 19:26 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Malwarebytes
2012-06-12 19:26 - 2012-06-12 19:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-12 19:24 - 2012-06-12 19:24 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\aymanh\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-12 18:57 - 2012-06-12 06:00 - 00254947 ____A C:\Users\aymanh\AppData\Local\census.cache
2012-06-12 18:57 - 2012-06-12 06:00 - 00089208 ____A C:\Users\aymanh\AppData\Local\ars.cache
2012-06-12 16:53 - 2012-06-12 16:53 - 00000000 ____D C:\Users\aymanh\AppData\Local\{BFFCBFDF-ED42-417C-B6D7-79BC27EDF28E}
2012-06-12 16:53 - 2012-06-12 16:53 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B11D25DF-D503-4DDE-8EA2-95B1C95F66C2}
2012-06-12 08:59 - 2012-04-09 09:16 - 00000000 ___DC C:\Users\aymanh\AppData\Local\MigWiz
2012-06-12 08:59 - 2012-02-15 10:39 - 00000000 ____D C:\Windows\Panther
2012-06-12 08:54 - 2012-06-12 08:54 - 03862112 ____A (Piriform Ltd) C:\Users\aymanh\Downloads\ccsetup319.exe
2012-06-12 05:55 - 2012-06-12 05:55 - 00000036 ____A C:\Users\aymanh\AppData\Local\housecall.guid.cache
2012-06-12 05:27 - 2012-06-12 05:16 - 00000000 ____D C:\Users\All Users\B7E858A700052AA600CCC89DB4EB2331
2012-06-12 05:20 - 2012-06-12 05:20 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-12 04:53 - 2012-06-12 04:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{3DFC2E60-76B7-4941-8707-E62B2B20E971}
2012-06-12 04:52 - 2012-06-12 04:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{687BACC1-D0F7-48A5-A538-954EE20A115C}
2012-06-12 04:52 - 2012-06-12 04:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5176700C-A91D-4836-B595-80F5EA5E6025}
2012-06-12 04:52 - 2012-06-12 04:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{32D4EBD7-8427-4ED1-B3A0-D5479E57188E}
2012-06-11 16:52 - 2012-06-11 16:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{FA240629-4662-4D2D-BE3B-ADB08C7DAFD8}
2012-06-11 16:52 - 2012-06-11 04:51 - 00000000 ____D C:\Users\aymanh\AppData\Local\{1F1B3A19-7894-407D-9ACF-9B4C32C11331}
2012-06-11 09:58 - 2012-06-11 09:58 - 01081867 ____A C:\Users\aymanh\Desktop\2012_06_11 Seattle AIS Short - Cloud Security The Slalom Way.pptx
2012-06-11 09:42 - 2012-06-11 09:42 - 00873651 ____A C:\Users\aymanh\Desktop\MOSDAL - June 11.pdf
2012-06-11 08:16 - 2012-06-11 08:16 - 09896861 ____A C:\Users\aymanh\Desktop\National Mobility Master Sales Deck.pptx
2012-06-11 04:51 - 2012-06-11 04:51 - 00000000 ____D C:\Users\aymanh\AppData\Local\{686E0935-D6FA-4D5E-B266-533C8DC07EBD}
2012-06-10 15:51 - 2012-06-10 15:51 - 00029437 ____A C:\Users\aymanh\Desktop\CC Assessment SOW.docx
2012-06-10 07:30 - 2012-06-10 07:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{AAD95F6E-81A1-401C-8CFF-A66219E4CAE8}
2012-06-10 07:30 - 2012-06-10 07:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{026CB8D2-A4E2-4BBA-A9FB-5A8B7BC6E697}
2012-06-09 19:55 - 2012-04-07 19:50 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610354233-1133782292-1394453194-20955Core.job
2012-06-09 19:29 - 2012-06-09 19:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5C91F6CA-CC87-4247-AE07-4AB6F8F4E723}
2012-06-09 19:29 - 2012-06-09 07:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6C90BC26-3387-4154-96FA-5130E6603152}
2012-06-09 07:27 - 2012-06-09 07:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{ABFF5705-6A9F-426D-BAA5-E69897A2E986}
2012-06-09 05:41 - 2012-04-07 08:18 - 00000000 ____D C:\Users\All Users\Skype
2012-06-08 19:26 - 2012-06-08 19:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7C3BF20D-4AB0-4DE7-A686-E48EC25E6559}
2012-06-08 19:26 - 2012-06-08 07:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{EBD054B6-F60A-424A-9901-D7C452B3C55B}
2012-06-08 16:41 - 2012-04-11 18:07 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\VMware
2012-06-08 16:40 - 2012-04-19 12:45 - 00000000 ____D C:\Users\aymanh\AppData\Local\VMware
2012-06-08 07:25 - 2012-06-08 07:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7C0CD159-1054-4D90-A485-6CEDEAA101A2}
2012-06-08 07:25 - 2012-06-08 07:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2D7C1014-B589-4C9A-83AC-728AF2E553E7}
2012-06-08 07:25 - 2012-06-08 07:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{21010683-6ADD-4480-90E3-50BCA7AE241B}
2012-06-07 19:25 - 2012-06-07 19:24 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6C4FC1BA-4959-43BA-8201-AE3DAE0C70D4}
2012-06-07 19:24 - 2012-06-06 18:20 - 00000000 ____D C:\Users\aymanh\AppData\Local\{042B9A73-D233-4C04-8A37-D86E95714F53}
2012-06-07 19:24 - 2012-04-08 18:23 - 00000000 ____D C:\Users\aymanh\AppData\Local\CutePDF Writer
2012-06-07 07:24 - 2012-06-07 07:24 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F07CF9C3-2056-45E7-A81A-92BD103F2012}
2012-06-07 07:24 - 2012-06-07 07:24 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E55EADFE-8384-40BC-9F4E-DBE9651323A5}
2012-06-07 07:24 - 2012-06-07 07:23 - 00000000 ____D C:\Users\aymanh\AppData\Local\{C492575B-A2C2-40B2-9D77-EC48819314A0}
2012-06-06 18:20 - 2012-06-06 18:20 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F474E0B4-51CA-41ED-9E4B-F02D4A2B58B9}
2012-06-06 13:34 - 2012-06-06 11:06 - 00030615 ____N C:\Users\aymanh\Desktop\Contact List.xlsx
2012-06-06 13:24 - 2012-06-06 11:35 - 00459595 ____N C:\Users\aymanh\Desktop\Meeting Minutes - 20120605.docx
2012-06-06 11:36 - 2012-06-06 11:36 - 00267264 ____A C:\Users\aymanh\Desktop\Enterprise-Backup-Software-RFP-Template.doc
2012-06-06 06:20 - 2012-06-06 06:19 - 00000000 ____D C:\Users\aymanh\AppData\Local\{50BFB023-DCD2-43E1-8C3D-5D82A099B087}
2012-06-06 06:19 - 2012-06-06 06:19 - 00000000 ____D C:\Users\aymanh\AppData\Local\{49F7C4D5-4500-4D15-9FDF-E9797CD4F80A}
2012-06-06 06:19 - 2012-06-05 05:09 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6C96DDD1-CFE1-4E1B-9072-8DCA5AE09399}
2012-06-05 18:19 - 2012-06-05 18:19 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8F00FB63-E266-442E-BB05-2BFCB62C32B8}
2012-06-05 12:33 - 2012-03-27 13:58 - 00000104 ____A C:\Windows\System32\config\netlogon.ftl
2012-06-05 10:46 - 2012-06-05 10:44 - 18350026 ____A C:\Users\aymanh\Desktop\666795_IntroWinServ2012.pdf
2012-06-05 10:02 - 2012-06-05 10:02 - 04112488 ____A C:\Users\aymanh\Desktop\cbsi_msft_webcast_06052012_presentation_final.pdf
2012-06-05 09:25 - 2012-03-27 14:31 - 00020458 _RASH C:\Users\All Users\ntuser.pol
2012-06-05 05:10 - 2012-06-05 05:10 - 00000000 ____D C:\Users\aymanh\AppData\Local\{CB68736B-41D8-4A99-930C-6CCFDD1FE359}
2012-06-04 12:40 - 2012-06-04 12:40 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E5B80928-EA1F-4615-88E6-AA6EA33508B9}
2012-06-04 12:40 - 2012-06-04 12:40 - 00000000 ____D C:\Users\aymanh\AppData\Local\{527830C3-5D11-4375-BB10-1C5C307C7A43}
2012-06-04 09:53 - 2012-06-04 09:53 - 00009008 __RSH C:\Users\All Users\3002.abs
2012-06-04 09:37 - 2012-06-04 09:37 - 00969728 ____A C:\Users\aymanh\Downloads\ADTD.Net Setup.msi
2012-06-04 06:53 - 2012-04-03 05:14 - 00000000 ____D C:\Users\aymanh\Documents\My Received Files
2012-06-04 00:30 - 2012-06-04 00:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{42396869-D95B-4347-935A-9B493586E430}
2012-06-04 00:30 - 2012-06-01 00:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F442995B-EE84-4F7C-87AF-7381BE52B9E2}
2012-06-03 12:29 - 2012-06-03 12:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{051E821A-6B78-4537-BF9A-C853A8BB6F6A}
2012-06-03 00:29 - 2012-06-03 00:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{AC247F66-9E07-4A56-A062-1CA54CB40DB4}
2012-06-02 12:28 - 2012-06-02 12:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B1D6FCD3-13FE-415A-9B1B-089D218D4D84}
2012-06-02 00:28 - 2012-06-02 00:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E2D81F3A-CB2D-4A82-BF7D-E887FA954F6A}
2012-06-01 12:27 - 2012-06-01 12:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{CB7DEFC7-FEAA-4FDA-8A6F-2387F7516BD3}
2012-06-01 12:27 - 2012-06-01 12:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7A13FD8B-9E56-46DC-8C3D-08830CBB5D6B}
2012-06-01 09:55 - 2012-04-12 15:55 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Download Manager
2012-06-01 00:27 - 2012-06-01 00:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{58E6DEE2-1B91-45B3-8671-2351F828E003}
2012-05-31 18:02 - 2012-05-31 18:02 - 00000000 ____D C:\Program Files\Common Files\VMware
2012-05-31 18:02 - 2012-04-19 12:42 - 00000000 ____D C:\Program Files (x86)\VMware
2012-05-31 18:02 - 2012-03-27 14:00 - 00810898 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-31 12:26 - 2012-05-31 12:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{9E8B3832-20FD-4560-AC1B-E8A3B9D66992}
2012-05-31 12:26 - 2012-05-31 12:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{98004457-BEFF-4CD2-BFF1-27C0CBCADD0B}
2012-05-31 12:26 - 2012-05-30 12:21 - 00000000 ____D C:\Users\aymanh\AppData\Local\{0D3EC36C-7AC3-4D7B-809A-7B55CEB19B2A}
2012-05-31 00:26 - 2012-05-31 00:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{45DC0870-6DEB-40F5-8B0E-CCC9BD015AC0}
2012-05-30 18:22 - 2012-05-30 18:22 - 02617278 ____A C:\Users\aymanh\Downloads\Flipboard-1.8.4-63-beta-release.apk
2012-05-30 12:25 - 2012-05-30 12:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7B4BF414-F91B-4100-82AF-5D15D966A816}
2012-05-30 12:25 - 2012-05-30 12:25 - 00000000 ____D C:\Users\aymanh\AppData\Local\{205E4846-1873-4DBB-98C3-B8ACD97717F5}
2012-05-29 19:35 - 2012-05-29 19:35 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4DE3C574-5331-44D2-A098-AEDFACA95183}
2012-05-29 19:35 - 2012-05-29 19:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{AD0DC94F-36B1-4F19-B303-5C5E6B46BD64}
2012-05-29 19:34 - 2012-05-29 19:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7C8EC434-390F-4EB0-BAF5-96EDA39C4B32}
2012-05-29 19:34 - 2012-05-26 19:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{593A9D2F-D210-4688-A950-DEE050B982CB}
2012-05-29 07:34 - 2012-05-29 07:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{481C8670-9383-4B0A-82F4-DB098F2AD223}
2012-05-29 07:34 - 2012-05-29 07:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{25F1FA27-A500-441B-936D-75F38BCF2563}
2012-05-28 19:33 - 2012-05-28 19:33 - 00000000 ____D C:\Users\aymanh\AppData\Local\{21AA06EA-C897-4859-8CA1-390375350898}
2012-05-28 17:18 - 2012-03-27 14:43 - 00000000 ____D C:\Users\aymanh\AppData\LocalLow
2012-05-28 15:47 - 2012-05-28 15:36 - 00000000 ____D C:\Users\aymanh\Desktop\Pics
2012-05-28 07:33 - 2012-05-28 07:33 - 00000000 ____D C:\Users\aymanh\AppData\Local\{45CC4CAA-2102-4D95-BC1A-A53F42BF8BF5}
2012-05-27 19:32 - 2012-05-27 19:32 - 00000000 ____D C:\Users\aymanh\AppData\Local\{922435CC-050E-4E53-9A26-3FA01A2171FD}
2012-05-27 18:34 - 2012-03-27 14:43 - 00000000 ____D C:\Users\aymanh\AppData\Local\Microsoft Help
2012-05-27 07:32 - 2012-05-27 07:32 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E78B5A3A-2AF7-44D2-8886-B40F9D24AF0A}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{53760101-447E-4A53-95EA-A844684DDE2F}
2012-05-26 07:00 - 2012-05-26 06:59 - 00000000 ____D C:\Users\aymanh\AppData\Local\{CA7701D7-4268-40F5-87FF-3A3D46646B19}
2012-05-26 06:59 - 2012-05-25 05:05 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F5840025-FE0B-4B30-A039-2F1F893D3A7B}
2012-05-25 17:06 - 2012-05-25 17:06 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2E8DDDCA-5B04-41D0-BDAC-260392906BDE}
2012-05-25 17:06 - 2012-05-25 17:06 - 00000000 ____D C:\Users\aymanh\AppData\Local\{00E77EF4-F3A7-4387-B2AD-3DDA4F540F2A}
2012-05-25 06:08 - 2012-05-25 05:10 - 00455850 ____A C:\Users\aymanh\Desktop\Sample-Draft-BPOS to O365 Readiness.docx
2012-05-25 05:05 - 2012-05-25 05:05 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4E3BE758-2D2E-4428-83CE-887091B86BBC}
2012-05-24 12:27 - 2012-05-24 12:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{BAE3543F-7980-4373-B260-C2F900B49DB3}
2012-05-24 12:27 - 2012-05-24 00:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{1D678444-D161-40D7-B00F-E3F0694E8102}
2012-05-24 12:00 - 2012-05-24 12:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{1A0FAF98-3B6C-4123-B522-72D375795747}
2012-05-24 12:00 - 2012-05-24 11:56 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D3339A4B-A9C5-4984-978E-CE64522D9F46}
2012-05-23 13:59 - 2012-05-23 13:59 - 00000000 ___HD C:\Windows\$CrmUninstallKB2600644_Mui_1033$
2012-05-23 13:59 - 2012-05-23 13:59 - 00000000 ___HD C:\Windows\$CrmUninstallKB2600644_Client_1033$
2012-05-23 13:59 - 2012-03-27 14:26 - 00001566 ____A C:\Windows\CrmClient.mif
2012-05-23 13:59 - 2012-03-27 14:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Dynamics CRM
2012-05-23 13:59 - 2009-07-13 20:55 - 00000916 ____A C:\Windows\SysWOW64\mapisvc.inf
2012-05-23 06:13 - 2012-05-23 06:13 - 00000000 ____D C:\Users\aymanh\AppData\Local\{94A5AD52-996E-4D8C-A0D7-9651852A766B}
2012-05-23 06:13 - 2012-05-23 06:12 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5DF70016-E452-4E5A-BF87-FCC12F1192ED}
2012-05-22 17:42 - 2012-05-22 17:42 - 00000000 ____D C:\Users\aymanh\AppData\Local\{EF30597F-E6E9-4846-9639-6D8997E2B851}
2012-05-22 17:42 - 2012-05-17 17:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\{9DEC14F4-77AF-44F5-B292-88AD66487B94}
2012-05-22 13:46 - 2012-04-03 18:57 - 00002036 ___AH C:\Users\aymanh\Documents\Default.rdp
2012-05-22 03:16 - 2012-05-22 03:16 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E5F550C3-34E3-42ED-9133-55E91A6DE188}
2012-05-21 08:08 - 2012-05-21 08:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{890B34F5-A78E-4A3F-A48C-A02886DB6538}
2012-05-21 08:08 - 2012-05-21 08:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{69CF7954-5376-40B8-925B-281EA841CD02}
2012-05-20 20:55 - 2012-05-20 20:55 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Mozilla
2012-05-20 20:55 - 2012-04-07 19:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\Google
2012-05-20 20:08 - 2012-05-20 20:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8BED8D63-6561-42C3-BD98-FAA4B1A9E201}
2012-05-20 08:08 - 2012-05-20 08:07 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D8145C38-C49D-4A55-A857-565EC614A44D}
2012-05-19 17:52 - 2012-05-19 17:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A20460A2-6CF9-42D3-8B04-4E35950E6059}
2012-05-19 05:52 - 2012-05-19 05:52 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8CB1668B-949B-40DC-BD6B-2201FBD23844}
2012-05-18 17:52 - 2012-05-18 17:51 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E3D9D1B1-8FA7-4D5B-8236-3119ABF61AF0}
2012-05-18 14:01 - 2012-05-18 14:01 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{4ea376b1-9e85-11e1-9935-6427378f5ffd}.TxR.blf
2012-05-18 10:13 - 2012-05-18 10:13 - 00435386 ____A C:\Users\aymanh\Desktop\System Center 2012 Licensing Datasheet.pdf
2012-05-18 05:51 - 2012-05-18 05:51 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B7619558-2DD4-44B4-BDFB-8B5C3960F15A}
2012-05-18 05:51 - 2012-05-18 05:51 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A8B1235C-6DAD-4F61-951C-06E8CA44C5E1}
2012-05-17 17:51 - 2012-05-17 17:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\{3E3B78A7-E0D0-4A80-A657-F20FD9D28EDF}
2012-05-17 05:50 - 2012-05-17 05:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\{74D0162A-EC4C-4224-8CAA-3C5208BAA24B}
2012-05-17 05:50 - 2012-05-17 05:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{439F56D7-1C45-4A09-A27A-31D5AB80D475}
2012-05-17 05:49 - 2012-05-16 17:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{89863D76-EF77-4D06-8410-0614D34F1D9A}
2012-05-16 17:49 - 2012-05-16 17:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8AB41F8A-C1FC-4A3E-ABE3-803183F75894}
2012-05-16 05:49 - 2012-05-16 05:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{FED8551C-9617-4A21-9AF5-41CC54EA41D0}
2012-05-16 05:49 - 2012-05-15 03:59 - 00000000 ____D C:\Users\aymanh\AppData\Local\{EDD993F3-8AFE-4888-AC07-2B4F34A0F017}
2012-05-15 16:00 - 2012-05-15 16:00 - 00000000 ____D C:\Users\aymanh\AppData\Local\{026F9174-06C3-47DD-888C-40A1932551F4}
2012-05-15 06:56 - 2012-05-15 06:56 - 00784742 ____A C:\Users\aymanh\Desktop\VL_CaseStudy_Slalom.pdf
2012-05-15 04:00 - 2012-05-15 03:59 - 00000000 ____D C:\Users\aymanh\AppData\Local\{C8CFD8D3-2351-40FE-B48A-9138D6BCED66}
2012-05-14 18:10 - 2012-03-27 14:44 - 00000000 ____D C:\Users\aymanh\AppData\Local\VirtualStore
2012-05-14 09:01 - 2012-04-24 08:43 - 00000000 ____D C:\Program Files (x86)\Google

AymanH · Jun 14, 2012

Section 3

2012-05-14 06:17 - 2012-05-14 06:17 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B7F89145-844C-46FE-84DA-7E81DDE10146}
2012-05-14 06:17 - 2012-05-14 06:17 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6D689683-5508-469F-AE5B-B284BCE31FD7}
2012-05-14 06:17 - 2012-05-14 06:17 - 00000000 ____D C:\Users\aymanh\AppData\Local\{38104B31-7F77-4A78-8C9B-95D38435F660}
2012-05-14 06:17 - 2012-05-14 06:17 - 00000000 ____D C:\Users\aymanh\AppData\Local\{30264997-F318-4584-B82E-9972E49F34B6}
2012-05-13 18:16 - 2012-05-13 18:16 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2EC29A23-F3A6-4A3C-9145-98D780ABD1B1}
2012-05-13 18:16 - 2012-05-12 18:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{FB2B5F60-E164-487A-A33D-62B941D73743}
2012-05-13 06:11 - 2012-05-13 06:11 - 00000000 ____D C:\Users\aymanh\AppData\Local\{9CC5CC45-6569-4262-BB78-0D831A90D71C}
2012-05-12 18:09 - 2012-05-12 18:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8B9640D9-1DD4-47F5-8BC4-3B29CB66660D}
2012-05-12 06:06 - 2012-05-12 06:06 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4AEEC5A8-D391-4394-955E-67172424E41A}
2012-05-12 06:06 - 2012-05-12 06:06 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4666C3D3-B859-4042-9C3F-4C151691C0CE}
2012-05-12 06:06 - 2012-05-12 06:05 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7BB8036E-E6D3-420F-8710-78C017E36798}
2012-05-12 06:05 - 2012-05-12 06:05 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4E93BCF7-A681-42E9-8295-FC48620F3F6B}
2012-05-11 05:06 - 2012-02-15 11:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 05:06 - 2012-02-15 11:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 03:05 - 2012-05-11 03:05 - 00000000 ____D C:\Users\aymanh\AppData\Local\{90B13EB0-3BE0-4DEB-8944-E099C6E83AC2}
2012-05-11 03:05 - 2012-05-11 03:05 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5B385F09-6EEA-4F16-A39B-0F4C4B577FD2}
2012-05-11 03:05 - 2012-04-11 06:27 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-11 03:05 - 2012-02-15 11:14 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-10 23:22 - 2010-11-20 19:47 - 00027580 ____A C:\Windows\PFRO.log
2012-05-10 23:22 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 23:05 - 2012-03-27 14:03 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 23:05 - 2012-02-15 11:41 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 23:00 - 2011-04-11 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 19:50 - 2012-05-10 19:50 - 02096069 ____A C:\Users\aymanh\Desktop\SharePoint_on_AWS_Reference_Architecture_White_Paper.pdf
2012-05-10 14:37 - 2012-05-10 14:37 - 00000000 ____D C:\Users\aymanh\AppData\Local\{415DB376-1B78-4518-9110-FD4BA793809C}
2012-05-10 14:37 - 2012-05-07 07:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{940213BD-9BED-4D59-88B6-241378EB6CAC}
2012-05-10 02:36 - 2012-05-10 02:36 - 00000000 ____D C:\Users\aymanh\AppData\Local\{328D3BD3-F965-4FC8-A8E3-A36114E392C2}
2012-05-09 18:58 - 2012-05-09 18:58 - 02434442 ____A C:\Users\aymanh\Downloads\Flipboard.zip
2012-05-09 18:54 - 2012-05-09 18:54 - 00000000 ____D C:\Users\aymanh\Downloads\Flipboard
2012-05-09 14:36 - 2012-05-09 14:35 - 00000000 ____D C:\Users\aymanh\AppData\Local\{0E282DBC-41BF-4A78-A314-05C421A5710C}
2012-05-09 02:35 - 2012-05-09 02:35 - 00000000 ____D C:\Users\aymanh\AppData\Local\{01A14285-6B52-41B5-819A-366BC945FC01}
2012-05-09 02:35 - 2012-05-09 02:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E40E0CD2-C4D8-4CA9-BF36-634FBC9FB7B2}
2012-05-08 07:50 - 2012-05-08 07:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A285213D-BDF4-485A-9661-DBA690EF487C}
2012-05-08 07:50 - 2012-05-08 07:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{C26C43E6-C16A-4255-9787-D5B7F30AC36A}
2012-05-07 19:49 - 2012-05-07 19:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{21CC547E-D6F7-4282-8ACC-0FEE01005E32}
2012-05-07 08:33 - 2012-05-07 08:33 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\webex
2012-05-07 07:49 - 2012-05-07 07:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{17045A18-DD7F-45BB-BBE6-C8BCC4A45F0E}
2012-05-07 07:48 - 2012-05-07 07:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B16C8129-B01E-438B-9135-14EE32C3B051}
2012-05-07 07:48 - 2012-05-07 07:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7DB3198E-5DA8-44F0-A5E0-943672B323BA}
2012-05-07 06:38 - 2012-05-07 06:38 - 00000000 ____D C:\Users\All Users\WebEx
2012-05-07 06:38 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-05-06 19:48 - 2012-05-06 19:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2A41F2E6-D4BB-456B-A0F3-155B7DD4C5FA}
2012-05-06 19:48 - 2012-05-02 07:42 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6BE2B41E-66C5-4798-86B9-80BBD9FF19BD}
2012-05-06 19:41 - 2012-04-03 04:27 - 00000000 ____D C:\Users\aymanh\Documents\Outlook Files
2012-05-06 18:01 - 2012-04-16 11:48 - 00000000 ____D C:\Users\aymanh\Documents\media
2012-05-06 07:47 - 2012-05-06 07:47 - 00000000 ____D C:\Users\aymanh\AppData\Local\{0B72B336-116C-4D4E-888E-78E24D3683F9}
2012-05-06 06:28 - 2012-05-06 06:28 - 00232679 ____A C:\Users\aymanh\Downloads\checkdns.zip
2012-05-05 19:47 - 2012-05-05 19:47 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2C69E517-D485-412B-AD5B-FDAA558E5D7E}
2012-05-05 09:49 - 2012-05-05 09:49 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-05-05 09:49 - 2012-05-05 09:49 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-05-05 09:49 - 2012-05-05 09:49 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-05-05 09:49 - 2012-05-05 09:49 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-05-05 07:46 - 2012-05-05 07:46 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5F89D9C9-0BA8-413D-8D94-6FEE21BDAD3F}
2012-05-04 19:46 - 2012-05-04 19:45 - 00000000 ____D C:\Users\aymanh\AppData\Local\{DF112CDB-90F7-4526-AC6F-1C8E966CDF20}
2012-05-04 10:24 - 2012-05-04 10:24 - 00360400 ____A C:\Users\aymanh\Desktop\AST-0057343_ibm_bestpracticestoarchitectapps.pdf
2012-05-04 10:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-05-04 07:45 - 2012-05-04 07:45 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A59A6212-8FCE-43D3-B902-D926014F3DED}
2012-05-04 07:45 - 2012-05-04 07:45 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A435AA7D-3C4D-452A-83AE-5DE9B8D0B3D5}
2012-05-04 07:45 - 2012-05-04 07:45 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8382BA8D-3967-443C-A433-099A21794306}
2012-05-04 03:06 - 2012-06-12 09:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 09:06 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-03 19:48 - 2012-05-03 19:48 - 00086608 ____A C:\Users\aymanh\Desktop\helperscripts.E_X_E
2012-05-03 19:44 - 2012-05-03 19:44 - 00000000 ____D C:\Users\aymanh\AppData\Local\{24D583AA-65E4-419A-B0CF-245ECEBA68DA}
2012-05-03 07:44 - 2012-05-03 07:44 - 00000000 ____D C:\Users\aymanh\AppData\Local\{23B869E5-3156-40C6-8487-84C0FF862597}
2012-05-03 07:44 - 2012-05-03 07:43 - 00000000 ____D C:\Users\aymanh\AppData\Local\{49A9E46A-7D8C-4604-9DC0-91D04CD032F3}
2012-05-03 07:43 - 2012-05-03 07:43 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5EB07610-7FCC-4E3A-9209-1435D65B7B72}
2012-05-02 19:43 - 2012-05-02 19:43 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6A10BCF3-7376-4DF9-8424-9DEEF5266AAB}
2012-05-02 18:03 - 2012-05-02 18:03 - 00537192 ____A C:\Users\aymanh\Downloads\HarmonieSharePointSetup.exe
2012-05-02 07:42 - 2012-05-02 07:42 - 00000000 ____D C:\Users\aymanh\AppData\Local\{92293E01-25D0-45C4-9BE2-251CB170B4A0}
2012-05-02 07:42 - 2012-05-02 07:42 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8196F77A-8DCB-4A1A-A068-78502EA81BB0}
2012-05-02 07:42 - 2012-05-02 07:42 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5BEDAC5A-A10A-4450-8B3F-B3C64E1616CC}
2012-05-01 19:42 - 2012-05-01 19:41 - 00000000 ____D C:\Users\aymanh\AppData\Local\{47B4519C-B732-48CE-BCE7-51E7DE5B14D2}
2012-05-01 19:41 - 2012-04-30 18:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{C0EDD5BE-CD98-4DAE-9394-B61479406B2E}
2012-05-01 07:39 - 2012-05-01 07:39 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6001392E-5795-453C-8F73-893E6785FEA3}
2012-04-30 18:49 - 2012-04-30 18:49 - 00000000 ____D C:\Users\aymanh\AppData\Local\{01E34443-4E34-4B74-96B2-9213B3F755DE}
2012-04-30 16:56 - 2012-05-31 18:03 - 00063088 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-04-30 16:56 - 2012-05-31 18:03 - 00031344 ____A (VMware, Inc.) C:\Windows\System32\Drivers\VMparport.sys
2012-04-30 16:56 - 2012-05-31 18:02 - 00942192 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-04-30 16:56 - 2012-05-31 18:02 - 00433264 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-04-30 16:56 - 2012-05-31 18:02 - 00354416 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-04-30 16:54 - 2012-05-31 18:02 - 00030320 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-04-30 14:26 - 2012-04-30 14:26 - 00252016 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnc.dll
2012-04-30 13:22 - 2012-04-30 13:22 - 00062064 ____A (VMware, Inc.) C:\Windows\System32\vmnetbridge.dll
2012-04-30 13:22 - 2012-04-30 13:22 - 00048752 ____A (VMware, Inc.) C:\Windows\System32\vnetinst.dll
2012-04-30 13:22 - 2012-04-30 13:22 - 00045680 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetbridge.sys
2012-04-30 13:22 - 2012-04-30 13:22 - 00024176 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnet.sys
2012-04-30 13:22 - 2012-04-30 13:22 - 00020080 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetadapter.sys
2012-04-30 06:48 - 2012-04-30 06:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F8DF31DD-0E32-4E82-9698-6081969326E2}
2012-04-30 06:48 - 2012-04-30 06:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{43291F5E-31F8-48A1-BE30-63A2083070AC}
2012-04-30 06:48 - 2012-04-29 06:47 - 00000000 ____D C:\Users\aymanh\AppData\Local\{931C0B74-4554-4711-9582-36EF023F7B7A}
2012-04-29 19:35 - 2012-04-29 19:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2012-04-29 18:48 - 2012-04-29 18:48 - 00000000 ____D C:\Users\aymanh\AppData\Local\{188E8535-891B-4DC1-A5C4-D7A2676E92DD}
2012-04-29 06:47 - 2012-04-29 06:47 - 00000000 ____D C:\Users\aymanh\AppData\Local\{34291A88-4818-4518-8F60-D922CDC22055}
2012-04-28 07:35 - 2012-04-28 07:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{902AEA76-8840-486C-9BC6-483E9AE70BE5}
2012-04-28 07:34 - 2012-04-26 07:32 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4EE66B8F-6A45-4DB0-9540-9922AF6A15F6}
2012-04-27 19:34 - 2012-04-27 19:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{1867F04B-8B00-4CFE-8E43-11E0243D9DE2}
2012-04-27 07:33 - 2012-04-27 07:33 - 00000000 ____D C:\Users\aymanh\AppData\Local\{9E77CC94-1E57-4A4F-A784-99AA6AF2CD8B}
2012-04-27 07:33 - 2012-04-27 07:33 - 00000000 ____D C:\Users\aymanh\AppData\Local\{77147044-E8CF-43ED-8566-0163F1A858D1}
2012-04-26 19:33 - 2012-04-26 19:33 - 00000000 ____D C:\Users\aymanh\AppData\Local\{15884514-8AFF-4BA7-9D4D-03D62BD126A8}
2012-04-26 13:02 - 2012-04-12 18:45 - 00000000 ___SD C:\Users\aymanh\Documents\My Shapes
2012-04-26 12:59 - 2012-04-26 12:59 - 17462103 ____A C:\Users\aymanh\Downloads\VMware-Stencil2-vSphere.zip
2012-04-26 12:59 - 2012-04-26 12:59 - 17117506 ____A C:\Users\aymanh\Downloads\VMware-Stencil1-vSphere.zip
2012-04-26 12:45 - 2012-04-26 12:45 - 00202043 ____A C:\Users\aymanh\Desktop\SlalomLogo_2color_pdf.pdf
2012-04-26 07:32 - 2012-04-26 07:32 - 00000000 ____D C:\Users\aymanh\AppData\Local\{B46B2AF3-8448-430B-B88B-A71564AB2F54}
2012-04-26 07:32 - 2012-04-26 07:32 - 00000000 ____D C:\Users\aymanh\AppData\Local\{9BF8E0F6-FC84-4874-9987-BB2322C7DE5A}
2012-04-26 07:32 - 2012-04-26 07:32 - 00000000 ____D C:\Users\aymanh\AppData\Local\{133423B2-D708-4E53-9E0B-6B5366875995}
2012-04-26 00:09 - 2012-04-26 00:09 - 00071272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CRMMS32.dll
2012-04-25 19:31 - 2012-04-25 19:31 - 00000000 ____D C:\Users\aymanh\AppData\Local\{CDE9EF0D-4B66-49A8-AF38-9379CDC4F0CA}
2012-04-25 19:31 - 2012-04-25 07:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{45DAD131-5E47-4A2E-9086-37E7DD9F3A6F}
2012-04-25 07:31 - 2012-04-25 07:31 - 00000000 ____D C:\Users\aymanh\AppData\Local\{3F40C5DD-F41E-42AC-9BFC-56661FB66A74}
2012-04-25 07:31 - 2012-04-25 07:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{AB97B43F-9D3B-47FC-8C57-F1ECAB0744B0}
2012-04-25 07:30 - 2012-04-25 07:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F9C7EAA3-675A-4397-BDD1-7ED9CB15EEBC}
2012-04-24 19:30 - 2012-04-24 19:30 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F7E0ED7C-33ED-4E0B-B9DB-489EC431EEC6}
2012-04-24 19:30 - 2012-04-23 07:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{586B848F-B3EF-4552-9989-D6DEEE553CAD}
2012-04-24 09:27 - 2012-04-24 09:27 - 00000000 ____D C:\Program Files\Microsoft Online Services
2012-04-24 08:43 - 2012-04-24 08:43 - 00000000 ____D C:\Users\aymanh\AppData\LocalGoogle
2012-04-24 07:29 - 2012-04-24 07:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{97DE48B9-EC79-4543-851A-BF2EBF7E4079}
2012-04-24 07:29 - 2012-04-24 07:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{769C8464-F746-47B1-A15A-B212768FBDF6}
2012-04-23 21:37 - 2012-06-12 09:06 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 19:29 - 2012-04-23 19:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{83B5447D-8055-4389-A4A9-0F69739275DA}
2012-04-23 19:23 - 2012-04-23 19:23 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Seagate
2012-04-23 19:14 - 2012-04-23 19:14 - 00000000 ____D C:\Users\All Users\MemeoCommon
2012-04-23 19:12 - 2012-04-23 19:12 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Memeo
2012-04-23 19:12 - 2012-04-23 19:12 - 00000000 ____D C:\Program Files (x86)\Memeo
2012-04-23 19:11 - 2012-04-23 19:11 - 00000000 ____D C:\Program Files (x86)\Seagate
2012-04-23 19:09 - 2012-04-23 19:09 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Leadertech
2012-04-23 10:56 - 2012-04-23 10:56 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
2012-04-23 09:05 - 2012-04-23 09:05 - 01554082 ____A C:\Users\aymanh\Desktop\10_windows7_tips.pdf
2012-04-23 09:01 - 2012-04-23 09:01 - 00092718 ____A C:\Users\aymanh\Desktop\AESC_BlueSteps Results to Participants vf2.pdf
2012-04-23 07:28 - 2012-04-23 07:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{AAC16D3C-40D5-4001-AFB4-4E0C5043093D}
2012-04-23 07:28 - 2012-04-23 07:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8238EC56-1606-4A8A-A71F-8B73C1D10778}
2012-04-23 07:28 - 2012-04-23 07:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{53019627-6148-480C-AA7E-610AD09B0E4A}
2012-04-22 20:49 - 2012-04-22 20:49 - 00000017 ____A C:\Users\aymanh\AppData\Local\resmon.resmoncfg
2012-04-22 20:48 - 2012-04-17 18:10 - 00000000 ____D C:\Users\aymanh\AppData\Local\Spotify
2012-04-22 20:48 - 2012-04-17 18:09 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Spotify
2012-04-22 19:28 - 2012-04-22 19:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{EED3F53B-D2A2-46B9-AE90-9A9B87A6C540}
2012-04-22 19:27 - 2012-04-22 07:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2B0914BA-D34C-4CDC-9B54-1DE8C4141AB9}
2012-04-22 07:27 - 2012-04-22 07:27 - 00000000 ____D C:\Users\aymanh\AppData\Local\{526E81D7-7FE0-4566-974C-EA046B3D52AA}
2012-04-21 19:26 - 2012-04-21 19:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6D07E7F3-D29B-4D9D-8257-95F0FEB344E5}
2012-04-21 19:26 - 2012-04-21 19:26 - 00000000 ____D C:\Users\aymanh\AppData\Local\{6B602EF9-AB69-4A24-8382-2A52C6AA0982}
2012-04-20 19:19 - 2012-04-20 19:19 - 00000000 ____D C:\Users\aymanh\Downloads\wima6485
2012-04-20 16:55 - 2012-04-20 16:55 - 00000000 ____D C:\Users\aymanh\AppData\Local\{5F1731B9-8453-4C9A-8364-3B3E45D66EAB}
2012-04-20 16:55 - 2012-04-17 07:22 - 00000000 ____D C:\Users\aymanh\AppData\Local\{BE3A02CD-B38A-4D50-BE80-944267504F60}
2012-04-20 10:23 - 2012-04-20 10:23 - 02354319 ____A C:\Users\aymanh\Desktop\AST-0060054_Gartner_Webletter_2012.pdf
2012-04-20 04:54 - 2012-04-20 04:54 - 00000000 ____D C:\Users\aymanh\AppData\Local\{8150C624-10C2-4866-B7CE-E7AA4369FEDD}
2012-04-19 16:54 - 2012-04-19 16:54 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A91BBDF1-79EE-46D8-906C-3AB1A0E3DF3F}
2012-04-19 12:50 - 2012-04-11 18:04 - 00001024 ____A C:\.rnd
2012-04-19 12:42 - 2012-04-19 12:42 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2012-04-19 12:32 - 2012-04-19 12:30 - 491232280 ____A (VMware, Inc.) C:\Users\aymanh\Downloads\VMware-workstation-full-8.0.2-591240.exe
2012-04-19 04:53 - 2012-04-19 04:53 - 00000000 ____D C:\Users\aymanh\AppData\Local\{363A3F7F-7DCE-4A8D-8A1B-8DD7758C88A0}
2012-04-18 10:14 - 2012-04-18 10:14 - 02544893 ____A C:\Users\aymanh\Desktop\PUR_Explained.pdf
2012-04-18 09:29 - 2012-04-18 09:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{EEA693A7-198D-46C9-81B2-DC32B7148C4A}
2012-04-18 09:29 - 2012-04-18 09:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{929DE181-93F0-4E29-8322-BBAC0C3A72FA}
2012-04-18 09:29 - 2012-04-18 09:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{54B6984E-6FEF-4F10-80D1-74BBE6EFB492}
2012-04-17 19:23 - 2012-04-17 19:23 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2A9C651E-D10C-4095-B1D8-68128E8A7926}
2012-04-17 18:09 - 2012-04-07 19:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\Deployment
2012-04-17 07:32 - 2012-04-02 15:38 - 00013160 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\Upgrd.exe
2012-04-17 07:32 - 2010-02-03 12:21 - 00058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
2012-04-17 07:23 - 2012-04-17 07:22 - 00000000 ____D C:\Users\aymanh\AppData\Local\{9C0873E2-F067-4C23-BBE5-AB0ECCD24845}
2012-04-17 07:22 - 2012-04-17 07:22 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D49FC6B3-BD60-486F-9C71-3FD79FD379F9}
2012-04-17 07:22 - 2012-04-17 07:22 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2BC9D591-5A09-460A-BA7C-20A5D847D55F}
2012-04-16 19:22 - 2012-04-16 19:21 - 00000000 ____D C:\Users\aymanh\AppData\Local\{3EFA369E-78C1-4EEB-96C0-85D37C212779}
2012-04-16 19:21 - 2012-04-16 19:21 - 00000000 ____D C:\Users\aymanh\AppData\Local\{E7E7874F-85EE-4C58-A728-D68D737AD470}
2012-04-16 11:05 - 2012-04-16 11:00 - 00000000 ____D C:\Users\aymanh\Documents\zzz-old laptop drive
2012-04-16 07:21 - 2012-04-16 07:21 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D8E49DB5-03AC-4424-9A0C-B9398D2B52B4}
2012-04-16 07:21 - 2012-04-16 07:21 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2A66238C-0DFD-4B0D-8F4C-31FE0AB6F768}
2012-04-16 07:21 - 2012-04-16 07:20 - 00000000 ____D C:\Users\aymanh\AppData\Local\{098FE45A-FE0E-4192-A204-2BB854BE610A}
2012-04-16 07:20 - 2012-04-16 07:20 - 00000000 ____D C:\Users\aymanh\AppData\Local\{620142AB-F6D0-45C0-A6D8-051647A66B13}
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\zh-TW
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\zh-CN
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\tr-TR
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\th-TH
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\sv-SE
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\ru-RU
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\ro-RO
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\pt-PT
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\pt-BR
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\pl-PL
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\nl-NL
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\nb-NO
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\ko-KR
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\ja-JP
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\it-IT
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\hu-HU
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\he-IL
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\fr-FR
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\fi-FI
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\es-ES
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\el-GR
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\de-DE
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\da-DK
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\cs-CZ
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Windows\System32\Drivers\ar-SA
2012-04-15 20:48 - 2012-04-15 20:48 - 00000000 ____D C:\Program Files (x86)\Windows Virtual PC

AymanH · Jun 14, 2012

Section 4
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-CN
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\fi-FI
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\de-DE
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-TW
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-CN
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\th-TH
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sv-SE
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ru-RU
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ro-RO
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\pt-PT
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\pt-BR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\pl-PL
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\nl-NL
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\nb-NO
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ko-KR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ja-JP
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\it-IT
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\hu-HU
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\he-IL
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\fr-FR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\fi-FI
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\es-ES
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\el-GR
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\de-DE
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\da-DK
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\cs-CZ
2012-04-15 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ar-SA
2012-04-15 20:45 - 2012-04-15 20:45 - 17091624 ____A C:\Users\aymanh\Downloads\Windows6.1-KB958559-x64-RefreshPkg.msu
2012-04-15 19:20 - 2012-04-15 19:20 - 00000000 ____D C:\Users\aymanh\AppData\Local\{ABA9ED14-C7AA-4884-9E86-DB34E3306CC0}
2012-04-15 19:20 - 2012-04-12 17:36 - 00000000 ____D C:\Users\aymanh\AppData\Local\{CA5B52F9-A761-4AFC-972C-8FF43C87A017}
2012-04-15 14:24 - 2012-04-15 14:23 - 03900322 ____A C:\Users\aymanh\Desktop\What Makes a Good Cloud Customer.docx
2012-04-15 07:19 - 2012-04-15 07:19 - 00000000 ____D C:\Users\aymanh\AppData\Local\{90D07165-0CC6-4958-B30D-FC34A940A00E}
2012-04-14 19:19 - 2012-04-14 19:19 - 00000000 ____D C:\Users\aymanh\AppData\Local\{75A4DEB7-9C00-4F20-99CC-AF9D370039F4}
2012-04-14 07:18 - 2012-04-14 07:18 - 00000000 ____D C:\Users\aymanh\AppData\Local\{0BD11FDA-215A-4C11-BC45-CA2B2B70DF3C}
2012-04-13 17:58 - 2012-04-13 17:58 - 00000000 ____D C:\Users\aymanh\AppData\Local\{DA324629-E52E-497B-8481-B7F337F799F3}
2012-04-13 05:58 - 2012-04-13 05:58 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D6081DAF-B170-415D-83C2-7F959A061013}
2012-04-12 17:37 - 2012-04-12 17:36 - 00000000 ____D C:\Users\aymanh\AppData\Local\{BD76EF97-126A-4E40-9940-0C5A8E08FEA1}
2012-04-12 05:36 - 2012-04-12 05:36 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7438B9A7-AA0E-4616-8034-1A0E73501B8B}
2012-04-12 05:36 - 2012-04-12 05:36 - 00000000 ____D C:\Users\aymanh\AppData\Local\{1DFC8364-0195-4EB5-B60C-552E7117B0BB}
2012-04-12 05:36 - 2012-04-12 05:35 - 00000000 ____D C:\Users\aymanh\AppData\Local\{3C20A137-C8D2-47C2-9FD9-3CD60A8E3EF9}
2012-04-12 05:35 - 2012-04-12 05:35 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A614096C-6B96-4CFE-B361-EF06DC05499F}
2012-04-11 17:35 - 2012-04-11 17:35 - 00000000 ____D C:\Users\aymanh\AppData\Local\{C8CBC5BF-0F27-436B-A8BF-E452DA5264D5}
2012-04-11 17:35 - 2012-04-11 17:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{07E724AF-31EA-4A0C-8011-FE0B680E5646}
2012-04-11 07:21 - 2012-04-11 07:20 - 12990643 ____A C:\Users\aymanh\Downloads\Office 365 OAI-C Kit.zip
2012-04-11 07:16 - 2012-04-11 07:16 - 03971744 ____A C:\Users\aymanh\Downloads\office365deploymentreadinesstool.zip
2012-04-11 07:16 - 2012-04-11 07:16 - 02424456 ____A C:\Users\aymanh\Desktop\Microsoft Office 365 Deployment Guide.pdf
2012-04-11 06:23 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-04-11 06:22 - 2012-04-11 06:22 - 00000000 ___HD C:\Windows\$CrmUninstallKB2600643_Mui_1033$
2012-04-11 06:22 - 2012-04-11 06:22 - 00000000 ___HD C:\Windows\$CrmUninstallKB2600643_Client_1033$
2012-04-11 05:34 - 2012-04-11 05:34 - 00000000 ____D C:\Users\aymanh\AppData\Local\{493113DD-59B9-4893-AC82-116DC55FEB59}
2012-04-11 05:34 - 2012-04-10 17:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{358F48F3-1EC2-4FDB-B829-F31236986EAE}
2012-04-10 17:29 - 2012-04-10 17:29 - 00000000 ____D C:\Users\aymanh\AppData\Local\{A3958700-5D1B-4752-929A-D18804274A13}
2012-04-10 08:58 - 2012-04-10 08:58 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-04-10 08:56 - 2012-04-10 08:56 - 00000000 ____D C:\Users\aymanh\Downloads\HP_LaserJet_Enterprise_600_M601_M602_M603_printer_series
2012-04-10 05:28 - 2012-04-10 05:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4426A2F1-4FDA-4EE6-BA9E-BA49BECC38C5}
2012-04-10 05:28 - 2012-04-09 17:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4927E2C2-4239-44BB-B7D8-62C2646BB2B4}
2012-04-09 17:28 - 2012-04-09 17:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7A62FA24-F664-46B6-B147-7C992EE89C06}
2012-04-09 10:45 - 2012-04-09 10:45 - 00000158 ____A C:\Windows\System32\ricdb.ini
2012-04-09 10:45 - 2012-04-09 10:45 - 00000000 ____D C:\Users\All Users\RICOH
2012-04-09 10:44 - 2012-04-09 10:44 - 00000000 ____D C:\Users\aymanh\Downloads\ricoh
2012-04-09 10:26 - 2012-04-09 10:26 - 00000000 ____D C:\Users\All Users\Applications
2012-04-09 10:26 - 2012-03-27 14:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-09 09:59 - 2012-04-09 09:59 - 00000000 ____D C:\Users\aymanh\Documents\My Meetings
2012-04-09 04:20 - 2012-04-09 04:20 - 00000000 ____D C:\Users\aymanh\AppData\Local\{DF74958F-D347-46EB-87ED-BA71E02AB7CC}
2012-04-09 04:20 - 2012-04-09 04:20 - 00000000 ____D C:\Users\aymanh\AppData\Local\{91DB4197-F3A7-482F-BE14-E379C3182A36}
2012-04-08 19:38 - 2012-04-08 19:38 - 00004096 ___AH C:\Users\aymanh\AppData\Local\keyfile3.drm
2012-04-08 07:38 - 2012-04-08 07:38 - 00000000 ____D C:\Users\aymanh\AppData\Local\{F71F7A03-8B72-4C24-ADCF-5D8BD573EA9A}
2012-04-08 07:38 - 2012-04-08 07:38 - 00000000 ____D C:\Users\aymanh\AppData\Local\{79922540-B695-4749-8EB2-FA39226F75EB}
2012-04-08 07:31 - 2012-04-08 07:31 - 00000000 ____D C:\Users\aymanh\AppData\Local\{D26052A7-4332-4646-81E9-C72AF3C49F9B}
2012-04-08 07:31 - 2012-04-08 07:31 - 00000000 ____D C:\Users\aymanh\AppData\Local\{2E3F5559-E2A6-4135-9F50-4DF85A6C77B0}
2012-04-08 06:20 - 2012-04-08 06:20 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2012-04-08 06:20 - 2012-04-08 06:20 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2012-04-07 19:50 - 2012-04-07 19:50 - 00000000 ____D C:\Users\aymanh\AppData\Local\Apps\2.0
2012-04-07 08:18 - 2012-04-07 08:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-06 14:39 - 2012-04-06 14:39 - 00000000 ____D C:\Users\aymanh\AppData\Local\{45F12F37-C119-4932-8441-1A6557E5A0BD}
2012-04-06 14:39 - 2012-04-06 14:39 - 00000000 ____D C:\Users\aymanh\AppData\Local\{10A5448D-EE44-4C2C-902E-C3E6AE5D3230}
2012-04-06 02:39 - 2012-04-06 02:39 - 00000000 ____D C:\Users\aymanh\AppData\Local\{61F94CC2-F060-46CD-817F-49BDC6D9EFD8}
2012-04-06 02:39 - 2012-04-06 02:39 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4DAABFAC-111F-4954-B500-0445E1644821}
2012-04-06 02:39 - 2012-04-06 02:39 - 00000000 ____D C:\Users\aymanh\AppData\Local\{25B22DD7-CDCC-4948-AE16-C5455E065B04}
2012-04-05 07:23 - 2012-04-05 07:23 - 00000000 ____D C:\Users\aymanh\AppData\Local\{7A869A12-9C50-4FF7-BB5F-BF3EBBD99578}
2012-04-05 07:23 - 2012-04-05 07:23 - 00000000 ____D C:\Users\aymanh\AppData\Local\{4AAFBE3B-9608-446C-92CF-80E90B258315}
2012-04-04 19:23 - 2012-04-04 19:22 - 00000000 ____D C:\Users\aymanh\AppData\Local\{9760BAA6-4D02-4A5E-B125-44DD16E29E63}
2012-04-04 19:22 - 2012-04-04 19:22 - 00000000 ____D C:\Users\aymanh\AppData\Local\{97E23ECF-658C-4E25-A10F-6CCEC55D15B7}
2012-04-04 17:57 - 2012-04-04 17:57 - 00000000 ____D C:\Users\aymanh\AppData\Local\{880A278D-6F05-422B-8082-2BBAD7CF0818}
2012-04-04 17:57 - 2012-04-04 17:57 - 00000000 ____D C:\Users\aymanh\AppData\Local\{77A4B8E1-2D02-4A6C-A16D-2EC92241F46D}
2012-04-04 11:28 - 2012-04-04 11:28 - 00000000 ____D C:\Windows\SysWOW64\Dell
2012-04-04 11:28 - 2012-04-04 11:28 - 00000000 ____D C:\Program Files (x86)\Dell
2012-04-04 09:42 - 2012-04-04 09:42 - 00000000 ____D C:\Users\aymanh\Documents\OneNote Notebooks
2012-04-04 04:43 - 2012-04-04 04:43 - 00000000 ____D C:\Users\aymanh\AppData\Local\{107432E0-AB41-4C55-9E11-BBB957D61E7C}
2012-04-03 18:40 - 2012-04-03 18:39 - 00000000 ____D C:\Users\aymanh\AppData\Local\{11AF294E-B565-4A8A-9B0D-279EE193DD24}
2012-04-03 09:13 - 2012-03-27 14:44 - 00000882 _RASH C:\Users\aymanh\ntuser.pol
2012-04-03 08:16 - 2012-04-03 08:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-03 05:09 - 2012-04-03 05:08 - 00000000 ____D C:\Users\aymanh\AppData\Local\{FBFBCFB2-46B4-445F-B520-42D166A152CC}
2012-04-03 03:32 - 2012-03-27 14:02 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-02 18:28 - 2012-04-02 18:28 - 00000000 ____D C:\Users\aymanh\AppData\Local\Adobe
2012-04-02 18:28 - 2012-03-27 14:45 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Adobe
2012-04-02 18:24 - 2012-04-02 18:24 - 00000000 ____D C:\Users\aymanh\Lync Recordings
2012-04-02 18:22 - 2012-04-02 18:18 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-04-02 18:21 - 2012-04-02 18:21 - 00000000 ____D C:\Windows\en
2012-04-02 18:20 - 2012-03-27 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-02 18:18 - 2012-04-02 18:18 - 00000000 ____D C:\Program Files\Windows Live
2012-04-02 18:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-02 18:17 - 2012-04-02 18:17 - 00000197 ____A C:\Windows\DirectX.log
2012-04-02 15:33 - 2012-03-27 14:29 - 00000039 ____A C:\Windows\vbaddin.ini
2012-03-30 22:05 - 2012-05-10 03:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl(87).exe
2012-03-30 20:39 - 2012-05-10 03:22 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa(89).exe
2012-03-30 20:39 - 2012-05-10 03:22 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-10 03:22 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-10 03:22 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 15:04 - 2012-03-27 15:04 - 00000000 ___HD C:\Windows\$CrmUninstallKB2600640_Mui_1033$
2012-03-27 15:04 - 2012-03-27 15:04 - 00000000 ___HD C:\Windows\$CrmUninstallKB2600640_Client_1033$
2012-03-27 14:46 - 2012-03-27 14:46 - 00000000 ____D C:\Users\aymanh\AppData\Roaming\Macromedia
2012-03-27 14:44 - 2012-03-27 14:44 - 00108840 ____A C:\Users\aymanh\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-27 14:43 - 2012-03-27 14:43 - 00000020 ___SH C:\Users\aymanh\ntuser.ini
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\Templates
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\Start Menu
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\PrintHood
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\NetHood
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\My Documents
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\Documents\My Videos
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\Documents\My Pictures
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\Documents\My Music
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\AppData\Local\Temporary Internet Files
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 __SHD C:\Users\aymanh\AppData\Local\History
2012-03-27 14:31 - 2012-03-27 10:59 - 00000000 ____D C:\Windows\SysWOW64\NV
2012-03-27 14:31 - 2012-03-27 10:59 - 00000000 ____D C:\Windows\System32\NV
2012-03-27 14:30 - 2011-04-11 23:45 - 00000000 ____D C:\Windows\ShellNew
2012-03-27 14:26 - 2012-03-27 14:26 - 00000000 ____D C:\Program Files\Windows Identity Foundation
2012-03-27 14:26 - 2012-03-27 14:26 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2012-03-27 14:26 - 2012-03-27 14:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-03-27 14:26 - 2012-03-27 14:26 - 00000000 ____D C:\Program Files (x86)\Windows Identity Foundation
2012-03-27 14:06 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-03-27 14:05 - 2012-03-27 14:05 - 00000000 ____D C:\Windows\PCHEALTH
2012-03-27 14:05 - 2012-03-27 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-27 14:05 - 2012-03-27 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-03-27 14:03 - 2012-03-27 14:03 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-03-27 14:03 - 2012-03-27 14:03 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-03-27 14:03 - 2012-03-27 14:03 - 00000000 ____D C:\Program Files\Microsoft Office
2012-03-27 14:03 - 2012-03-27 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-27 14:03 - 2012-03-27 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-03-27 14:02 - 2012-03-27 14:02 - 00000000 ____D C:\Program Files (x86)\OCSetup
2012-03-27 14:02 - 2012-03-27 14:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-03-27 14:01 - 2012-03-27 14:01 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-27 14:01 - 2012-03-27 14:01 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-27 14:01 - 2012-03-27 14:01 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-27 14:01 - 2012-03-27 14:01 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-27 14:01 - 2012-03-27 14:01 - 00001945 ____A C:\Windows\epplauncher.mif
2012-03-27 14:01 - 2012-03-27 14:01 - 00000000 ____D C:\Program Files (x86)\Java
2012-03-27 14:01 - 2012-03-27 14:01 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-03-27 14:01 - 2012-03-27 14:01 - 00000000 ____D C:\Program Files (x86)\Absolute Software
2012-03-27 14:00 - 2012-03-27 14:00 - 00004764 ____A C:\Windows\SysWOW64\CcmFramework.ini
2012-03-27 14:00 - 2012-03-27 14:00 - 00000621 ____A C:\Windows\SysWOW64\CcmFramework.h
2012-03-27 14:00 - 2012-03-27 14:00 - 00000000 ____D C:\Windows\SysWOW64\CCM
2012-03-27 14:00 - 2012-03-27 14:00 - 00000000 ____D C:\Windows\ms
2012-03-27 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2012-03-27 13:58 - 2012-03-27 13:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2012-03-27 13:58 - 2012-03-27 13:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2012-03-27 13:58 - 2012-02-15 10:44 - 00005949 ____A C:\Windows\TSSysprep.log
2012-03-27 13:58 - 2009-07-13 20:46 - 00005702 ____A C:\Windows\DtcInstall.log
2012-03-27 13:57 - 2012-03-27 13:57 - 00006354 ____A C:\Windows\DPINST.LOG
2012-03-27 13:57 - 2012-03-27 13:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2012-03-27 13:57 - 2012-03-27 13:57 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-03-27 13:57 - 2012-03-27 13:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-03-27 13:57 - 2012-03-27 13:57 - 00000000 ____D C:\Program Files\IDT
2012-03-27 13:57 - 2012-03-27 13:57 - 00000000 ____D C:\Program Files\DIFX
2012-03-27 13:57 - 2012-03-27 13:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-27 13:57 - 2012-03-27 13:57 - 00000000 ____D C:\Intel
2012-03-27 13:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-03-27 13:56 - 2012-03-27 13:56 - 00000000 ____D C:\Windows\CSC
2012-03-27 13:54 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2012-03-27 13:53 - 2012-03-27 13:53 - 20465256 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 18639360 ____A (Intel Corporation) C:\Windows\System32\ig4icd64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 18580072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 15051368 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 14562304 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 13906944 ____A C:\Windows\SysWOW64\ig4icd32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 13076328 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-03-27 13:53 - 2012-03-27 13:53 - 13011560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 12842600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 12315136 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 12230912 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2012-03-27 13:53 - 2012-03-27 13:53 - 10061416 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 09014784 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 08292352 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 08106088 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 06597736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 06310400 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 06029928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 04936808 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 04378392 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe
2012-03-27 13:53 - 2012-03-27 13:53 - 03182184 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 02954856 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 02871400 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 02579560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 02207336 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 01981696 ____A C:\Windows\System32\iglhxa64.cpa
2012-03-27 13:53 - 2012-03-27 13:53 - 01970280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 01652840 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6420141.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 01398376 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco642061.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00963116 ____A C:\Windows\SysWOW64\igkrng600.bin
2012-03-27 13:53 - 2012-03-27 13:53 - 00963116 ____A C:\Windows\System32\igkrng600.bin
2012-03-27 13:53 - 2012-03-27 13:53 - 00764008 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00645736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00577024 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00510232 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
2012-03-27 13:53 - 2012-03-27 13:53 - 00446056 ____A (NVIDIA Corporation) C:\Windows\System32\nvoptimusmft.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00416024 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe
2012-03-27 13:53 - 2012-03-27 13:53 - 00392472 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe
2012-03-27 13:53 - 2012-03-27 13:53 - 00391784 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00389632 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00380520 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoptimusmft.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00378368 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00376832 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00376832 ____A (Intel Corporation) C:\Windows\System32\iglhsip64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00375296 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00320104 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00293888 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00287232 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00287232 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00286720 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00286720 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00286208 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00285696 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00283648 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00283136 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00282624 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00282624 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2012-03-27 13:53 - 2012-03-27 13:53 - 00239896 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
2012-03-27 13:53 - 2012-03-27 13:53 - 00226920 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00218304 ____A C:\Windows\SysWOW64\igfcg600m.bin
2012-03-27 13:53 - 2012-03-27 13:53 - 00218304 ____A C:\Windows\System32\igfcg600m.bin
2012-03-27 13:53 - 2012-03-27 13:53 - 00211082 ____A C:\Windows\System32\Gfxres.th-TH.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00197902 ____A C:\Windows\System32\Gfxres.el-GR.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00193128 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00182514 ____A C:\Windows\System32\Gfxres.ru-RU.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00179992 ____A C:\Windows\System32\difx64.exe
2012-03-27 13:53 - 2012-03-27 13:53 - 00167704 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
2012-03-27 13:53 - 2012-03-27 13:53 - 00159744 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00156057 ____A C:\Windows\System32\Gfxres.ar-SA.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00152994 ____A C:\Windows\System32\Gfxres.ja-JP.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00148846 ____A C:\Windows\System32\Gfxres.he-IL.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00146432 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00145804 ____A C:\Windows\SysWOW64\igcompkrng600.bin
2012-03-27 13:53 - 2012-03-27 13:53 - 00145804 ____A C:\Windows\System32\igcompkrng600.bin
2012-03-27 13:53 - 2012-03-27 13:53 - 00142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00140077 ____A C:\Windows\System32\Gfxres.it-IT.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00138572 ____A C:\Windows\System32\Gfxres.ko-KR.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00137728 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00137705 ____A C:\Windows\System32\Gfxres.de-DE.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00137506 ____A C:\Windows\System32\Gfxres.es-ES.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00136449 ____A C:\Windows\System32\Gfxres.ro-RO.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00135519 ____A C:\Windows\System32\Gfxres.fr-FR.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00135222 ____A C:\Windows\System32\Gfxres.tr-TR.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00134686 ____A C:\Windows\System32\Gfxres.pt-BR.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00134272 ____A C:\Windows\System32\Gfxres.nl-NL.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00134238 ____A C:\Windows\System32\Gfxres.hu-HU.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00133706 ____A C:\Windows\System32\Gfxres.sv-SE.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00133548 ____A C:\Windows\System32\Gfxres.pt-PT.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00133246 ____A C:\Windows\System32\Gfxres.cs-CZ.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00133014 ____A C:\Windows\System32\Gfxres.pl-PL.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00132752 ____A C:\Windows\System32\Gfxres.fi-FI.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00132650 ____A C:\Windows\System32\Gfxres.sk-SK.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00131705 ____A C:\Windows\System32\Gfxres.hr-HR.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00128863 ____A C:\Windows\System32\Gfxres.sl-SI.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00128667 ____A C:\Windows\System32\Gfxres.nb-NO.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00128407 ____A C:\Windows\System32\Gfxres.da-DK.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2012-03-27 13:53 - 2012-03-27 13:53 - 00123921 ____A C:\Windows\System32\Gfxres.en-US.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00117522 ____A C:\Windows\System32\Gfxres.zh-TW.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00116233 ____A C:\Windows\System32\Gfxres.zh-CN.resources
2012-03-27 13:53 - 2012-03-27 13:53 - 00110080 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00098304 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00098304 ____A (Intel Corporation) C:\Windows\System32\iglhcp64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00094208 ____A C:\Windows\System32\IccLibDll_x64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2418.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00075776 ____A C:\Windows\System32\igdde64.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00067176 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00062464 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00059243 ____A C:\Windows\System32\iglhxo64.vp
2012-03-27 13:53 - 2012-03-27 13:53 - 00059174 ____A C:\Windows\System32\iglhxg64.vp
2012-03-27 13:53 - 2012-03-27 13:53 - 00059062 ____A C:\Windows\System32\iglhxc64.vp
2012-03-27 13:53 - 2012-03-27 13:53 - 00057960 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00056832 ____A C:\Windows\SysWOW64\igdde32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00056344 ____A (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2012-03-27 13:53 - 2012-03-27 13:53 - 00036472 ____A (Intel Corporation) C:\Windows\System32\NicCo36.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00025960 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2012-03-27 13:53 - 2012-03-27 13:53 - 00024576 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00017324 ____A C:\Windows\System32\iglhxs64.vp
2012-03-27 13:53 - 2012-03-27 13:53 - 00011240 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvBridge.kmd
2012-03-27 13:53 - 2012-03-27 13:53 - 00007621 ____A C:\Windows\System32\nvinfo.pb
2012-03-27 13:53 - 2012-03-27 13:53 - 00004096 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll
2012-03-27 13:53 - 2012-03-27 13:53 - 00003114 ____A C:\Windows\System32\e1c62x64.din
2012-03-27 13:53 - 2012-03-27 13:53 - 00001074 ____A C:\Windows\System32\iglhxa64.vp
2012-03-27 13:53 - 2012-03-27 13:53 - 00000151 ____A C:\Windows\System32\GfxUI.exe.config
2012-03-27 13:52 - 2012-03-27 13:57 - 11941376 ____A (IDT, Inc.) C:\Windows\System32\idtsg64.cpl
2012-03-27 13:52 - 2012-03-27 13:57 - 04637184 ____A (IDT, Inc.) C:\Windows\System32\stlang64.dll
2012-03-27 13:52 - 2012-03-27 13:57 - 00442368 ____A (Andrea Electronics Corporation) C:\Windows\System32\AESTEC64.dll
2012-03-27 13:52 - 2012-03-27 13:57 - 00162816 ____A (Andrea Electronics Corporation) C:\Windows\System32\AESTAC64.dll
2012-03-27 13:52 - 2012-03-27 13:57 - 00068608 ____A (Andrea Electronics Corporation) C:\Windows\System32\AESTAR64.dll
2012-03-27 13:52 - 2012-03-27 13:52 - 08505856 ____A (Intel Corporation) C:\Windows\System32\Drivers\NETwNs64.sys
2012-03-27 13:52 - 2012-03-27 13:52 - 02750464 ____A (Intel Corporation) C:\Windows\System32\NETwNr64.dll
2012-03-27 13:52 - 2012-03-27 13:52 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2012-03-27 13:52 - 2012-03-27 13:52 - 01499136 ____A (IDT, Inc.) C:\Windows\System32\stapo64.dll
2012-03-27 13:52 - 2012-03-27 13:52 - 00799232 ____A (Intel Corporation) C:\Windows\System32\NETwNc64.dll
2012-03-27 13:52 - 2012-03-27 13:52 - 00651776 ____N (IDT, Inc.) C:\Windows\System32\stapi64.dll
2012-03-27 13:52 - 2012-03-27 13:52 - 00520192 ____A (IDT, Inc.) C:\Windows\System32\Drivers\stwrt64.sys
2012-03-27 13:52 - 2012-03-27 13:52 - 00438808 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys
2012-03-27 13:52 - 2012-03-27 13:52 - 00431616 ____A (IDT, Inc.) C:\Windows\System32\stcplx64.dll
2012-03-27 13:52 - 2012-03-27 13:52 - 00355960 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Drivers\Apfiltr.sys
2012-03-27 13:52 - 2012-03-27 13:52 - 00220160 ____A (IDT, Inc.) C:\Windows\System32\st646324.dll
2012-03-27 13:52 - 2012-03-27 13:52 - 00110448 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Vxdif.dll
2012-03-27 13:52 - 2012-03-27 13:52 - 00045672 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\cvusbdrv.sys
2012-03-27 13:52 - 2012-03-27 13:52 - 00000000 ____D C:\Program Files\DellTPad
2012-03-27 13:51 - 2012-03-27 13:51 - 01452648 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco642040.dll
2012-03-27 13:51 - 2012-03-27 13:51 - 00174184 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-03-27 13:51 - 2012-03-27 13:51 - 00081520 ____A (ST Microelectronics) C:\Windows\System32\accelernco01.dll
2012-03-27 13:51 - 2012-03-27 13:51 - 00029288 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-03-27 13:51 - 2012-03-27 13:51 - 00027760 ____A (ST Microelectronics) C:\Windows\System32\Drivers\accelern.sys
2012-03-27 13:51 - 2012-03-27 13:51 - 00000000 ____D C:\Program Files\STMicroelectronics
2012-03-27 13:50 - 2012-03-27 13:50 - 01178216 ____A (O2Micro) C:\Windows\System32\O2Icon_2.dll
2012-03-27 13:50 - 2012-03-27 13:50 - 01145448 ____A (O2Micro) C:\Windows\System32\O2Icon.dll
2012-03-27 13:50 - 2012-03-27 13:50 - 00321576 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys
2012-03-27 13:50 - 2012-03-27 13:50 - 00083560 ____A (O2Micro ) C:\Windows\System32\Drivers\o2sdjw7x64.sys
2012-03-27 13:50 - 2012-03-27 13:50 - 00074984 ____A (O2Micro ) C:\Windows\System32\Drivers\O2MDRw7x64.sys
2012-03-27 13:50 - 2012-03-27 13:50 - 00072808 ____A (O2Micro ) C:\Windows\System32\Drivers\o2mdfw7x64.sys
2012-03-27 13:50 - 2012-03-27 13:50 - 00072296 ____A (O2Micro International) C:\Windows\System32\Drivers\o2flash.exe
2012-03-27 13:50 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-03-27 13:50 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-03-27 10:59 - 2012-03-27 10:59 - 00000000 ____D C:\Windows\ccmsetup
2012-03-27 10:59 - 2012-03-27 10:59 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-03-27 10:59 - 2012-02-15 10:47 - 00000000 __SHD C:\Recovery
ZeroAccess:
C:\Users\aymanh\AppData\Local\{bb348e68-11fe-7740-f76e-e899f14425fb}
C:\Users\aymanh\AppData\Local\{bb348e68-11fe-7740-f76e-e899f14425fb}\@
C:\Users\aymanh\AppData\Local\{bb348e68-11fe-7740-f76e-e899f14425fb}\L
C:\Users\aymanh\AppData\Local\{bb348e68-11fe-7740-f76e-e899f14425fb}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 9%
Total physical RAM: 8072.9 MB
Available physical RAM: 7320.58 MB
Total Pagefile: 8071.1 MB
Available Pagefile: 7309.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: (Default) (Fixed) (Total:238.47 GB) (Free:70.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:3.73 GB) (Free:3.5 GB) NTFS
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 238 GB 0 B
Disk 1 Online 3827 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 238 GB 1024 KB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C Default NTFS Partition 238 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 4032 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Removable 3823 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-11 15:13
======================= End Of Log ==========================

Broni · Jun 14, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

AymanH · Jun 14, 2012

Thanks for the prompt response Broni. See below results of the search.txt

Farbar Recovery Scan Tool Version: 13-06-2012 02
Ran by SYSTEM at 2012-06-14 22:06:51
Running from D:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

Broni · Jun 14, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

AymanH · Jun 14, 2012

Used fixlist as asked and run utility to fix. Log below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 13-06-2012 02
Ran by SYSTEM at 2012-06-14 22:32:22 Run:1
Running from D:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Users\aymanh\AppData\Local\{bb348e68-11fe-7740-f76e-e899f14425fb} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

Broni · Jun 14, 2012

Try to boot normally.

AymanH · Jun 14, 2012

Broni - as requested, I booted up normally and let system sit idle. FEP2010 shows GREEN status and no warning or alerts are showing regarding any virus detections. System has been up and stable for over 11 minutes now. So far so good.

What other scans, tools etc. do you recommend I run through to make sure the system is clean.

Thank you for all the help and prompt response.

Broni · Jun 14, 2012

Good news

We need to run more scans to make sure you're clean.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

AymanH · Jun 15, 2012

Broni - about to run combofix. trying to diable FEP2010. Unfortunately for me it is controlled via a GPO. What other way can I diable the antivirus engine prior to running combofix?

Broni · Jun 15, 2012

Run Combofix from safe mode and disregard any warnings.

AymanH · Jun 15, 2012

Combofix.txt

ComboFix 12-06-14.04 - aymanh 06/15/2012 8:58.1.4 - x64 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8073.7230 [GMT -4:00]
Running from: c:\users\aymanh\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3002.abs
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 00:00 . 2012-06-15 06:45 -------- d-----w- C:\FRST
2012-06-14 18:36 . 2012-06-14 18:36 -------- d-----w- c:\users\aymanh\AppData\Roaming\SUPERAntiSpyware.com
2012-06-14 18:36 . 2012-06-14 18:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-14 15:35 . 2012-02-09 17:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0E877EC-AFD9-4E44-849F-9167A49E5FC6}\gapaengine.dll
2012-06-14 15:34 . 2012-05-15 05:41 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CCD9D36-2E14-415F-982E-DB78CFDEC253}\mpengine.dll
2012-06-14 15:26 . 2012-02-09 17:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 04:29 . 2012-06-14 19:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 04:24 . 2012-06-14 19:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-06-13 03:26 . 2012-06-13 03:26 -------- d-----w- c:\users\aymanh\AppData\Roaming\Malwarebytes
2012-06-13 03:26 . 2012-06-14 19:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-13 03:26 . 2012-06-13 03:26 -------- d-----w- c:\programdata\Malwarebytes
2012-06-12 17:06 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 17:06 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 17:06 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 16:56 . 2012-06-14 19:05 -------- d-----w- c:\program files\CCleaner
2012-06-12 13:56 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-06-12 13:20 . 2012-06-12 13:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-12 13:16 . 2012-06-12 13:27 -------- d-----w- c:\programdata\B7E858A700052AA600CCC89DB4EB2331
2012-06-01 02:03 . 2012-05-01 00:56 31344 ----a-w- c:\windows\system32\drivers\VMparport.sys
2012-06-01 02:03 . 2012-05-01 00:56 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-06-01 02:02 . 2012-05-01 00:56 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-06-01 02:02 . 2012-05-01 00:56 433264 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-06-01 02:02 . 2012-05-01 00:54 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-06-01 02:02 . 2012-05-01 00:56 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2012-06-01 02:02 . 2011-08-30 03:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-06-01 02:02 . 2012-06-01 02:02 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-06-01 02:02 . 2012-06-01 02:02 -------- d-----w- c:\program files\Common Files\VMware
2012-05-23 21:59 . 2012-05-23 21:59 -------- d--h--w- c:\windows\$CrmUninstallKB2600644_Mui_1033$
2012-05-23 21:59 . 2012-05-23 21:59 -------- d--h--w- c:\windows\$CrmUninstallKB2600644_Client_1033$
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 02:48 . 2012-04-02 23:36 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-06-15 02:48 . 2012-03-27 22:01 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-06-15 02:48 . 2012-04-02 23:36 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-06-15 02:48 . 2012-04-02 23:36 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-05-11 11:05 . 2012-04-11 14:27 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 11:05 . 2012-02-15 19:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2012-04-02 23:15 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-30 22:26 . 2012-04-30 22:26 252016 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-04-30 21:22 . 2012-04-30 21:22 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-04-30 21:22 . 2012-04-30 21:22 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-04-30 21:22 . 2012-04-30 21:22 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-04-30 21:22 . 2012-04-30 21:22 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-04-30 21:22 . 2012-04-30 21:22 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-04-30 03:34 . 2012-04-30 03:34 98304 ----a-r- c:\users\aymanh\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2012-04-26 08:09 . 2012-04-26 08:09 71272 ----a-w- c:\windows\SysWow64\CRMMS32.dll
2012-04-17 15:32 . 2012-04-02 23:38 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-04-17 15:32 . 2010-02-03 20:21 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-04-16 19:25 . 2012-04-16 19:25 3534848 ----a-w- c:\users\aymanh\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\14.0.0.6029\Microsoft.SharePoint.Portal.Proxy.dll
2012-04-16 19:25 . 2012-04-16 19:25 1576960 ----a-w- c:\users\aymanh\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\14.0.0.6029\Microsoft.Office.Server.Search.Proxy.dll
2012-04-16 19:25 . 2012-04-16 19:25 2646016 ----a-w- c:\users\aymanh\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\14.0.0.6029\Microsoft.SharePoint.Proxy.dll
2012-04-16 19:24 . 2012-04-16 19:24 28672 ----a-w- c:\users\aymanh\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\14.0.0.6029\System.Web.Proxy.dll
2012-04-03 02:18 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-31 06:05 . 2012-05-10 11:22 5559664 ----a-w- c:\windows\system32\ntoskrnl(87).exe
2012-03-31 04:39 . 2012-05-10 11:22 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa(89).exe
2012-03-31 04:39 . 2012-05-10 11:22 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 11:22 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 11:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-27 22:44 . 2011-08-01 15:58 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2012-03-27 22:01 . 2012-03-27 22:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-27 21:53 . 2012-03-27 21:53 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-03-27 21:53 . 2012-03-27 21:53 67176 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-27 21:53 . 2012-03-27 21:53 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-27 21:53 . 2012-03-27 21:53 8106088 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-27 21:53 . 2012-03-27 21:53 764008 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-27 21:53 . 2012-03-27 21:53 645736 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-03-27 21:53 . 2012-03-27 21:53 6029928 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-27 21:53 . 2012-03-27 21:53 446056 ----a-w- c:\windows\system32\nvoptimusmft.dll
2012-03-27 21:53 . 2012-03-27 21:53 380520 ----a-w- c:\windows\SysWow64\nvoptimusmft.dll
2012-03-27 21:53 . 2012-03-27 21:53 25960 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-03-27 21:53 . 2012-03-27 21:53 226920 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-27 21:53 . 2012-03-27 21:53 20465256 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-27 21:53 . 2012-03-27 21:53 193128 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-03-27 21:53 . 2012-03-27 21:53 15051368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-27 21:53 . 2012-03-27 21:53 1398376 ----a-w- c:\windows\system32\nvgenco642061.dll
2012-03-27 21:53 . 2012-03-27 21:53 13076328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-27 21:53 . 2012-03-27 21:53 6597736 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-27 21:53 . 2012-03-27 21:53 4936808 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-27 21:53 . 2012-03-27 21:53 391784 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-27 21:53 . 2012-03-27 21:53 320104 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-27 21:53 . 2012-03-27 21:53 3182184 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-27 21:53 . 2012-03-27 21:53 2954856 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-27 21:53 . 2012-03-27 21:53 2871400 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-27 21:53 . 2012-03-27 21:53 2579560 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-27 21:53 . 2012-03-27 21:53 1652840 ----a-w- c:\windows\system32\nvdispco6420141.dll
2012-03-27 21:53 . 2012-03-27 21:53 12842600 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-27 21:53 . 2012-03-27 21:53 10061416 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-27 21:53 . 2012-03-27 21:53 2207336 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-27 21:53 . 2012-03-27 21:53 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-27 21:53 . 2012-03-27 21:53 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-27 21:53 . 2012-03-27 21:53 1970280 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-27 21:53 . 2012-03-27 21:53 36472 ----a-w- c:\windows\system32\NicCo36.dll
2012-03-27 21:53 . 2012-03-27 21:53 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-03-27 21:53 . 2012-03-27 21:53 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-03-27 21:53 . 2012-03-27 21:53 963116 ----a-w- c:\windows\system32\igkrng600.bin
2012-03-27 21:53 . 2012-03-27 21:53 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-03-27 21:53 . 2012-03-27 21:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2418.dll
2012-03-27 21:53 . 2012-03-27 21:53 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-03-27 21:53 . 2012-03-27 21:53 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-27 21:53 . 2012-03-27 21:53 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-03-27 21:53 . 2012-03-27 21:53 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-03-27 21:53 . 2012-03-27 21:53 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-03-27 21:53 . 2012-03-27 21:53 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-03-27 21:53 . 2012-03-27 21:53 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-03-27 21:53 . 2012-03-27 21:53 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-03-27 21:53 . 2012-03-27 21:53 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-03-27 21:53 . 2012-03-27 21:53 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-03-27 21:53 . 2012-03-27 21:53 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-03-27 21:53 . 2012-03-27 21:53 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-03-27 21:53 . 2012-03-27 21:53 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-03-27 21:53 . 2012-03-27 21:53 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-03-27 21:53 . 2012-03-27 21:53 8292352 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-27 21:53 . 2012-03-27 21:53 6310400 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-27 21:53 . 2012-03-27 21:53 577024 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-03-27 21:53 . 2012-03-27 21:53 416024 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-27 21:53 . 2012-03-27 21:53 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-03-27 21:53 . 2012-03-27 21:53 389632 ----a-w- c:\windows\system32\igfxdev.dll
2012-03-27 21:53 . 2012-03-27 21:53 375296 ----a-w- c:\windows\system32\igfxpph.dll
2012-03-27 21:53 . 2012-03-27 21:53 293888 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-03-27 21:53 . 2012-03-27 21:53 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-03-27 21:53 . 2012-03-27 21:53 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-03-27 21:53 . 2012-03-27 21:53 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-03-27 21:53 . 2012-03-27 21:53 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-03-27 21:53 . 2012-03-27 21:53 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-03-27 21:53 . 2012-03-27 21:53 218304 ----a-w- c:\windows\system32\igfcg600m.bin
2012-03-27 21:53 . 2012-03-27 21:53 159744 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-03-27 21:53 . 2012-03-27 21:53 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-03-27 21:53 . 2012-03-27 21:53 137728 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-03-27 21:53 . 2012-03-27 21:53 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-03-27 21:53 . 2012-03-27 21:53 12230912 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-27 21:53 . 2012-03-27 21:53 75776 ----a-w- c:\windows\system32\igdde64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7601.17827] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[-] 2012-04-24 . B7337E9C9E5936355BB700AA33E0936E . 186880 . . [6.1.7601.21979] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-05-31 05:39 208608 ----a-w- c:\users\aymanh\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-05-31 05:39 208608 ----a-w- c:\users\aymanh\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-05-31 05:39 208608 ----a-w- c:\users\aymanh\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
"SkyDrive"="c:\users\aymanh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-05-31 296672]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-16 11921064]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-03-24 12071200]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-05-01 103536]
.
c:\users\aymanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableUIADesktopToggle"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SASDIFSV;SASDIFSV;D:\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;D:\SASKUTIL64.SYS [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-27 89600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CrmSqlStartupSvc;SQL Server (CRM) On-Demand Shutdown;c:\program files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [2012-04-26 24168]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 116648]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-09-28 2078112]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-20 423536]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-04-30 11839488]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-02 15768]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
R3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 116648]
R3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [x]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 16:43]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 16:43]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610354233-1133782292-1394453194-20955Core.job
- c:\users\aymanh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 03:50]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-610354233-1133782292-1394453194-20955UA.job
- c:\users\aymanh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 03:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-05-31 05:39 232672 ----a-w- c:\users\aymanh\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-05-31 05:39 232672 ----a-w- c:\users\aymanh\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-05-31 05:39 232672 ----a-w- c:\users\aymanh\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-16 21:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-16 21:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-16 21:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-16 21:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-27 608112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-27 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-27 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-27 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-27 525312]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: slalom.com
Trusted Zone: slalom.com\cp
Trusted Zone: slalom.com\my
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,
35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a7,00,36,5f,68,0c,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-15 09:01:39
ComboFix-quarantined-files.txt 2012-06-15 13:01
.
Pre-Run: 88,722,776,064 bytes free
Post-Run: 89,132,736,512 bytes free
.
- - End Of File - - 7FD8E0479A2D0619BF053C8C121F45B5

Broni · Jun 15, 2012

Looks good.

Any current issues?

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

AymanH · Jun 15, 2012

MalwareBytes Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.15.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
aymanh :: 18020-E6420 [administrator]
6/15/2012 4:07:31 PM
mbam-log-2012-06-15 (16-07-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229249
Time elapsed: 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

AymanH · Jun 15, 2012

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-15 16:11:13
-----------------------------
16:11:13.045 OS Version: Windows x64 6.1.7601 Service Pack 1
16:11:13.045 Number of processors: 4 586 0x2A07
16:11:13.045 ComputerName: 18020-E6420 UserName: aymanh
16:11:13.357 Initialize success
16:11:38.668 AVAST engine defs: 12061500
16:11:46.795 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:11:46.795 Disk 0 Vendor: SAMSUNG_ CXM0 Size: 244198MB BusType: 8
16:11:46.811 Disk 0 MBR read successfully
16:11:46.811 Disk 0 MBR scan
16:11:46.811 Disk 0 Windows 7 default MBR code
16:11:46.811 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 244196 MB offset 2048
16:11:46.842 Disk 0 scanning C:\Windows\system32\drivers
16:11:52.427 Service scanning
16:12:06.249 Modules scanning
16:12:06.249 Disk 0 trace - called modules:
16:12:06.249 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
16:12:06.249 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008dcc060]
16:12:06.249 3 CLASSPNP.SYS[fffff8800185a43f] -> nt!IofCallDriver -> [0xfffffa8008cd3af0]
16:12:06.764 5 stdcfltn.sys[fffff88001b9ad12] -> nt!IofCallDriver -> [0xfffffa8007bd8b20]
16:12:06.764 7 ACPI.sys[fffff88000f867a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007bd9050]
16:12:07.029 AVAST engine scan C:\Windows
16:12:08.448 AVAST engine scan C:\Windows\system32
16:14:03.935 AVAST engine scan C:\Windows\system32\drivers
16:14:10.877 AVAST engine scan C:\Users\aymanh
16:15:43.308 AVAST engine scan C:\ProgramData
16:15:53.151 Scan finished successfully
16:18:41.319 Disk 0 MBR has been saved successfully to "C:\Users\aymanh\Desktop\MBR.dat"
16:18:41.351 The log file has been saved successfully to "C:\Users\aymanh\Desktop\aswMBR.txt"

AymanH · Jun 15, 2012

Broni - so far no issues or symptoms of the trojan is evident. What else should I do to cover all bases?

Thank you very much for all your help. This has been a learning experience. Do let me know if I need to do additional items to verify and also if there is a recommended malware tool which I should use alongside my AV.

Broni · Jun 15, 2012

Looks good so far

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

AymanH · Jun 17, 2012

OTL.txt

Paste 1 (too many characters)

OTL logfile created on: 6/15/2012 7:59:22 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\aymanh\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 78.48% Memory free
15.77 Gb Paging File | 14.01 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.47 Gb Total Space | 84.77 Gb Free Space | 35.55% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.48 Gb Free Space | 93.11% Space Free | Partition Type: NTFS

Computer Name: 18020-E6420 | User Name: aymanh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/06/15 17:27:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\aymanh\Desktop\OTL.exe
PRC - [2012/05/31 01:39:18 | 000,296,672 | ---- | M] (Microsoft Corporation) -- C:\Users\aymanh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012/05/16 17:52:58 | 011,921,064 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/04/30 20:56:16 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/04/30 20:56:04 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/04/30 20:55:40 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/04/30 19:53:30 | 011,839,488 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012/04/30 17:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/04/26 04:09:04 | 000,024,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
PRC - [2012/04/17 11:32:47 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/19 20:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
PRC - [2011/08/19 20:32:40 | 000,423,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
PRC - [2011/06/01 12:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 12:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/04 17:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/15 19:46:04 | 000,792,576 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\wx._gdi_.pyd
MOD - [2012/06/15 19:46:04 | 000,571,392 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\pysqlite2._sqlite.pyd
MOD - [2012/06/15 19:46:04 | 000,354,304 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\pythoncom26.dll
MOD - [2012/06/15 19:46:04 | 000,263,168 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\win32com.shell.shell.pyd
MOD - [2012/06/15 19:46:04 | 000,153,088 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\pyexpat.pyd
MOD - [2012/06/15 19:46:04 | 000,096,256 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\win32api.pyd
MOD - [2012/06/15 19:46:04 | 000,086,016 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\_elementtree.pyd
MOD - [2012/06/15 19:46:04 | 000,073,728 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\_ctypes.pyd
MOD - [2012/06/15 19:46:04 | 000,070,656 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\wx._html2.pyd
MOD - [2012/06/15 19:46:04 | 000,040,448 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\_socket.pyd
MOD - [2012/06/15 19:46:04 | 000,011,776 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\win32crypt.pyd
MOD - [2012/06/15 19:46:03 | 001,169,408 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\wx._core_.pyd
MOD - [2012/06/15 19:46:03 | 001,056,256 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\wx._controls_.pyd
MOD - [2012/06/15 19:46:03 | 001,018,368 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\_cacheinvalidation.pyd
MOD - [2012/06/15 19:46:03 | 000,807,424 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\wx._windows_.pyd
MOD - [2012/06/15 19:46:03 | 000,731,136 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\wx._misc_.pyd
MOD - [2012/06/15 19:46:03 | 000,645,120 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\_ssl.pyd
MOD - [2012/06/15 19:46:03 | 000,311,808 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\_hashlib.pyd
MOD - [2012/06/15 19:46:03 | 000,121,856 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\wx._wizard.pyd
MOD - [2012/06/15 19:46:03 | 000,111,104 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\win32file.pyd
MOD - [2012/06/15 19:46:03 | 000,110,592 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\pywintypes26.dll
MOD - [2012/06/15 19:46:03 | 000,039,424 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\win32inet.pyd
MOD - [2012/06/15 19:46:03 | 000,036,352 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\win32process.pyd
MOD - [2012/06/15 19:46:03 | 000,022,528 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\win32pdh.pyd
MOD - [2012/06/15 19:46:03 | 000,017,920 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\win32event.pyd
MOD - [2012/06/15 19:46:03 | 000,011,776 | ---- | M] () -- C:\Users\aymanh\AppData\Local\Temp\_MEI31842\select.pyd
MOD - [2012/06/15 14:26:06 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/15 14:21:43 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/15 14:21:39 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/15 14:21:24 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 14:21:19 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/11 03:25:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 03:25:53 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/11 03:25:33 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/11 03:25:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 03:25:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 03:25:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 03:25:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/06/01 12:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 12:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 12:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 12:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/04 17:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/05/04 17:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/05/04 17:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/22 18:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/03/22 18:57:42 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/27 17:52:34 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/03/27 17:52:34 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2012/03/27 17:50:44 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/02 19:03:05 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WinHttpAutoProxySvc)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/30 20:56:16 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/04/30 20:56:04 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/04/30 19:53:30 | 011,839,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/04/30 17:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/04/26 04:09:04 | 000,024,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe -- (CrmSqlStartupSvc) SQL Server (CRM)
SRV - [2012/04/17 11:32:47 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/08/19 20:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-worker)
SRV - [2011/08/19 20:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server)
SRV - [2011/08/19 20:32:40 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 17:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/30 20:56:40 | 000,031,344 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012/04/30 20:56:36 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/04/30 20:54:56 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/04/30 17:22:42 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/04/30 17:22:42 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/03/27 17:53:52 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2012/03/27 17:53:45 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/03/27 17:53:24 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/27 17:52:35 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/27 17:52:19 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2012/03/27 17:52:11 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2012/03/27 17:52:07 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/03/27 17:52:00 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012/03/27 17:51:52 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/27 17:51:48 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2012/03/27 17:50:45 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2012/03/27 17:50:44 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2012/03/27 17:50:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2012/03/27 17:50:40 | 000,321,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 01:07:58 | 000,138,352 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:64bit: - [2011/11/14 01:01:46 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:64bit: - [2011/08/29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/07/20 16:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/07/16 00:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 09:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 F0 46 5B 6B 0C CD 01 [binary data]
IE - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\aymanh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\aymanh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\aymanh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\aymanh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

[2012/05/16 16:01:36 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2012/06/15 09:00:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-610354233-1133782292-1394453194-20955..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-610354233-1133782292-1394453194-20955..\Run: [SkyDrive] C:\Users\aymanh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O15 - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\..Trusted Domains: slalom.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\..Trusted Domains: slalom.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\..Trusted Domains: slalom.com ([cp] https in Trusted sites)
O15 - HKU\S-1-5-21-610354233-1133782292-1394453194-20955\..Trusted Domains: slalom.com ([my] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://I.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://btc.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = 2d.hq
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB3BD9E-800A-4D5F-86CA-62CE6E7E3EBD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B886C171-B320-479E-96B6-B42BE3EC073C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

AymanH · Jun 17, 2012

paste two of otl.txt

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 19:57:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\aymanh\Desktop\OTL.exe
[2012/06/15 17:19:14 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\Diagnostics
[2012/06/15 16:34:27 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{0473906C-BAB8-4A78-A0DE-5C10A6520D13}
[2012/06/15 16:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/15 16:06:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/15 16:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/15 14:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/15 09:23:52 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{0B78EBF0-2DA2-4D49-AD8B-286D722AC9AF}
[2012/06/15 09:23:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/15 09:01:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/15 08:57:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/14 22:49:16 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{01E5527F-4313-4DFA-8FCD-34F6B4118372}
[2012/06/14 20:00:59 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/14 15:52:41 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{B705DA7A-F48F-40A8-994F-5E51A3149759}
[2012/06/14 14:53:59 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{E2CF3B84-334A-49CA-B162-96975CCFC3D5}
[2012/06/14 14:49:52 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{F3526EDA-3C1E-4E06-8A3C-E876AD8E87F2}
[2012/06/14 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/14 14:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/14 11:50:31 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{7330C731-1C51-4EBD-90E7-C6446D950479}
[2012/06/14 11:48:24 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{B25D581F-97E3-4EE0-9AD5-C25FE27596E6}
[2012/06/14 11:09:21 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{0A766A86-C024-4773-A969-278031034F5E}
[2012/06/14 10:33:30 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{59D7A61C-90C9-4B9A-B546-A15EABB4D0FF}
[2012/06/13 21:49:02 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{D5FE9CDA-5F28-4B88-9854-1C3AF0D7B59E}
[2012/06/13 09:48:31 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{DB77BC3A-EB80-4DE5-81CB-EC99D1662C47}
[2012/06/13 09:48:24 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{D63FF5E9-4E16-4A31-9B73-CB45B734D887}
[2012/06/13 00:31:51 | 000,000,000 | ---D | C] -- C:\Users\aymanh\Documents\ProcAlyzer Dumps
[2012/06/13 00:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/12 23:26:46 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Roaming\Malwarebytes
[2012/06/12 23:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/12 20:53:39 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{BFFCBFDF-ED42-417C-B6D7-79BC27EDF28E}
[2012/06/12 20:53:18 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{B11D25DF-D503-4DDE-8EA2-95B1C95F66C2}
[2012/06/12 12:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/06/12 12:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/12 09:56:00 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/06/12 09:20:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/12 09:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700052AA600CCC89DB4EB2331
[2012/06/12 08:52:55 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{3DFC2E60-76B7-4941-8707-E62B2B20E971}
[2012/06/12 08:52:46 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{32D4EBD7-8427-4ED1-B3A0-D5479E57188E}
[2012/06/12 08:52:36 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{5176700C-A91D-4836-B595-80F5EA5E6025}
[2012/06/12 08:52:27 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{687BACC1-D0F7-48A5-A538-954EE20A115C}
[2012/06/11 20:52:04 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{FA240629-4662-4D2D-BE3B-ADB08C7DAFD8}
[2012/06/11 08:51:32 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{686E0935-D6FA-4D5E-B266-533C8DC07EBD}
[2012/06/11 08:51:22 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{1F1B3A19-7894-407D-9ACF-9B4C32C11331}
[2012/06/10 11:30:34 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{026CB8D2-A4E2-4BBA-A9FB-5A8B7BC6E697}
[2012/06/10 11:30:13 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{AAD95F6E-81A1-401C-8CFF-A66219E4CAE8}
[2012/06/09 23:29:50 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{5C91F6CA-CC87-4247-AE07-4AB6F8F4E723}
[2012/06/09 11:27:00 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{ABFF5705-6A9F-426D-BAA5-E69897A2E986}
[2012/06/09 11:26:40 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{6C90BC26-3387-4154-96FA-5130E6603152}
[2012/06/08 23:26:16 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{7C3BF20D-4AB0-4DE7-A686-E48EC25E6559}
[2012/06/08 11:25:44 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{2D7C1014-B589-4C9A-83AC-728AF2E553E7}
[2012/06/08 11:25:35 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{21010683-6ADD-4480-90E3-50BCA7AE241B}
[2012/06/08 11:25:26 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{EBD054B6-F60A-424A-9901-D7C452B3C55B}
[2012/06/08 11:25:16 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{7C0CD159-1054-4D90-A485-6CEDEAA101A2}
[2012/06/07 23:24:53 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{6C4FC1BA-4959-43BA-8201-AE3DAE0C70D4}
[2012/06/07 11:24:22 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{F07CF9C3-2056-45E7-A81A-92BD103F2012}
[2012/06/07 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{E55EADFE-8384-40BC-9F4E-DBE9651323A5}
[2012/06/07 11:23:54 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{C492575B-A2C2-40B2-9D77-EC48819314A0}
[2012/06/06 22:20:39 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{F474E0B4-51CA-41ED-9E4B-F02D4A2B58B9}
[2012/06/06 22:20:19 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{042B9A73-D233-4C04-8A37-D86E95714F53}
[2012/06/06 10:19:55 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{50BFB023-DCD2-43E1-8C3D-5D82A099B087}
[2012/06/06 10:19:46 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{49F7C4D5-4500-4D15-9FDF-E9797CD4F80A}
[2012/06/05 22:19:26 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{8F00FB63-E266-442E-BB05-2BFCB62C32B8}
[2012/06/05 09:10:49 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{CB68736B-41D8-4A99-930C-6CCFDD1FE359}
[2012/06/05 09:09:34 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{6C96DDD1-CFE1-4E1B-9072-8DCA5AE09399}
[2012/06/04 16:40:42 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{E5B80928-EA1F-4615-88E6-AA6EA33508B9}
[2012/06/04 16:40:22 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{527830C3-5D11-4375-BB10-1C5C307C7A43}
[2012/06/04 04:30:22 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{42396869-D95B-4347-935A-9B493586E430}
[2012/06/03 16:29:50 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{051E821A-6B78-4537-BF9A-C853A8BB6F6A}
[2012/06/03 04:29:18 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{AC247F66-9E07-4A56-A062-1CA54CB40DB4}
[2012/06/02 16:28:46 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{B1D6FCD3-13FE-415A-9B1B-089D218D4D84}
[2012/06/02 04:28:15 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{E2D81F3A-CB2D-4A82-BF7D-E887FA954F6A}
[2012/06/01 16:27:42 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{CB7DEFC7-FEAA-4FDA-8A6F-2387F7516BD3}
[2012/06/01 16:27:33 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{7A13FD8B-9E56-46DC-8C3D-08830CBB5D6B}
[2012/06/01 04:27:12 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{58E6DEE2-1B91-45B3-8671-2351F828E003}
[2012/06/01 04:26:51 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{F442995B-EE84-4F7C-87AF-7381BE52B9E2}
[2012/05/31 22:03:09 | 000,063,088 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012/05/31 22:03:09 | 000,031,344 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMparport.sys
[2012/05/31 22:02:52 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012/05/31 22:02:51 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012/05/31 22:02:51 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012/05/31 22:02:48 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012/05/31 22:02:46 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012/05/31 22:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012/05/31 22:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012/05/31 16:26:28 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{9E8B3832-20FD-4560-AC1B-E8A3B9D66992}
[2012/05/31 16:26:19 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{98004457-BEFF-4CD2-BFF1-27C0CBCADD0B}
[2012/05/31 04:25:58 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{45DC0870-6DEB-40F5-8B0E-CCC9BD015AC0}
[2012/05/30 16:25:20 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{205E4846-1873-4DBB-98C3-B8ACD97717F5}
[2012/05/30 16:25:03 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{7B4BF414-F91B-4100-82AF-5D15D966A816}
[2012/05/30 16:21:26 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{0D3EC36C-7AC3-4D7B-809A-7B55CEB19B2A}
[2012/05/29 23:35:01 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{4DE3C574-5331-44D2-A098-AEDFACA95183}
[2012/05/29 23:34:51 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{AD0DC94F-36B1-4F19-B303-5C5E6B46BD64}
[2012/05/29 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{7C8EC434-390F-4EB0-BAF5-96EDA39C4B32}
[2012/05/29 11:34:12 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{25F1FA27-A500-441B-936D-75F38BCF2563}
[2012/05/29 11:34:03 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{481C8670-9383-4B0A-82F4-DB098F2AD223}
[2012/05/28 23:33:42 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{21AA06EA-C897-4859-8CA1-390375350898}
[2012/05/28 11:33:10 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{45CC4CAA-2102-4D95-BC1A-A53F42BF8BF5}
[2012/05/27 23:32:50 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{922435CC-050E-4E53-9A26-3FA01A2171FD}
[2012/05/27 11:32:19 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{E78B5A3A-2AF7-44D2-8886-B40F9D24AF0A}
[2012/05/26 23:00:31 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{53760101-447E-4A53-95EA-A844684DDE2F}
[2012/05/26 23:00:21 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{593A9D2F-D210-4688-A950-DEE050B982CB}
[2012/05/26 10:59:58 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{CA7701D7-4268-40F5-87FF-3A3D46646B19}
[2012/05/25 21:06:19 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{00E77EF4-F3A7-4387-B2AD-3DDA4F540F2A}
[2012/05/25 21:06:10 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{2E8DDDCA-5B04-41D0-BDAC-260392906BDE}
[2012/05/25 09:05:50 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{4E3BE758-2D2E-4428-83CE-887091B86BBC}
[2012/05/25 09:05:40 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{F5840025-FE0B-4B30-A039-2F1F893D3A7B}
[2012/05/24 16:27:43 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{BAE3543F-7980-4373-B260-C2F900B49DB3}
[2012/05/24 16:00:33 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{1A0FAF98-3B6C-4123-B522-72D375795747}
[2012/05/24 15:56:26 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{D3339A4B-A9C5-4984-978E-CE64522D9F46}
[2012/05/24 04:27:16 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{1D678444-D161-40D7-B00F-E3F0694E8102}
[2012/05/23 17:59:52 | 000,000,000 | -H-D | C] -- C:\Windows\$CrmUninstallKB2600644_Mui_1033$
[2012/05/23 17:59:42 | 000,000,000 | -H-D | C] -- C:\Windows\$CrmUninstallKB2600644_Client_1033$
[2012/05/23 10:13:09 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{94A5AD52-996E-4D8C-A0D7-9651852A766B}
[2012/05/23 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{5DF70016-E452-4E5A-BF87-FCC12F1192ED}
[2012/05/22 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{EF30597F-E6E9-4846-9639-6D8997E2B851}
[2012/05/22 07:16:15 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{E5F550C3-34E3-42ED-9133-55E91A6DE188}
[2012/05/21 12:08:47 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{69CF7954-5376-40B8-925B-281EA841CD02}
[2012/05/21 12:08:38 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{890B34F5-A78E-4A3F-A48C-A02886DB6538}
[2012/05/21 00:55:29 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Roaming\Mozilla
[2012/05/21 00:08:17 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{8BED8D63-6561-42C3-BD98-FAA4B1A9E201}
[2012/05/20 12:07:57 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{D8145C38-C49D-4A55-A857-565EC614A44D}
[2012/05/19 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{A20460A2-6CF9-42D3-8B04-4E35950E6059}
[2012/05/19 09:52:24 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{8CB1668B-949B-40DC-BD6B-2201FBD23844}
[2012/05/18 21:51:52 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{E3D9D1B1-8FA7-4D5B-8236-3119ABF61AF0}
[2012/05/18 09:51:20 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{B7619558-2DD4-44B4-BDFB-8B5C3960F15A}
[2012/05/18 09:51:11 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{A8B1235C-6DAD-4F61-951C-06E8CA44C5E1}
[2012/05/17 21:50:51 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{3E3B78A7-E0D0-4A80-A657-F20FD9D28EDF}
[2012/05/17 21:50:30 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{9DEC14F4-77AF-44F5-B292-88AD66487B94}
[2012/05/17 09:50:07 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{74D0162A-EC4C-4224-8CAA-3C5208BAA24B}
[2012/05/17 09:49:58 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{439F56D7-1C45-4A09-A27A-31D5AB80D475}
[2012/05/16 21:49:37 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{8AB41F8A-C1FC-4A3E-ABE3-803183F75894}
[2012/05/16 21:49:27 | 000,000,000 | ---D | C] -- C:\Users\aymanh\AppData\Local\{89863D76-EF77-4D06-8410-0614D34F1D9A}

========== Files - Modified Within 30 Days ==========

[2012/06/15 19:58:57 | 000,795,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/15 19:58:57 | 000,672,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/15 19:58:57 | 000,126,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/15 19:55:10 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-610354233-1133782292-1394453194-20955UA.job
[2012/06/15 19:48:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 19:47:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 18:23:37 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 18:23:37 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 18:16:54 | 000,000,392 | ---- | M] () -- C:\Windows\SMSCFG.INI
[2012/06/15 18:16:35 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012/06/15 18:16:31 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/06/15 18:16:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 17:27:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\aymanh\Desktop\OTL.exe
[2012/06/15 16:55:40 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/15 16:18:41 | 000,000,512 | ---- | M] () -- C:\Users\aymanh\Documents\MBR.dat
[2012/06/15 14:39:14 | 000,046,522 | ---- | M] () -- C:\Users\aymanh\Documents\cc_20120615_143907.reg
[2012/06/15 14:12:05 | 000,009,008 | RHS- | M] () -- C:\ProgramData\3002.abs
[2012/06/15 09:20:52 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012/06/15 09:20:38 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2012/06/15 09:00:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/14 23:55:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-610354233-1133782292-1394453194-20955Core.job
[2012/06/12 22:57:50 | 000,254,947 | ---- | M] () -- C:\Users\aymanh\AppData\Local\census.cache
[2012/06/12 22:57:48 | 000,089,208 | ---- | M] () -- C:\Users\aymanh\AppData\Local\ars.cache
[2012/06/12 09:55:33 | 000,000,036 | ---- | M] () -- C:\Users\aymanh\AppData\Local\housecall.guid.cache
[2012/06/11 13:42:31 | 000,873,651 | ---- | M] () -- C:\Users\aymanh\Desktop\MOSDAL - June 11.pdf
[2012/06/06 16:33:27 | 000,001,303 | ---- | M] () -- C:\Users\aymanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/05 14:46:06 | 018,350,026 | ---- | M] () -- C:\Users\aymanh\Desktop\666795_IntroWinServ2012.pdf
[2012/06/05 14:02:43 | 004,112,488 | ---- | M] () -- C:\Users\aymanh\Desktop\cbsi_msft_webcast_06052012_presentation_final.pdf
[2012/06/05 13:25:45 | 000,020,458 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/31 22:03:11 | 000,001,035 | ---- | M] () -- C:\Users\aymanh\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2012/05/31 22:02:45 | 000,810,898 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/23 17:59:40 | 000,001,566 | ---- | M] () -- C:\Windows\CrmClient.mif
[2012/05/23 17:59:35 | 000,000,916 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012/05/22 17:46:25 | 000,002,036 | -H-- | M] () -- C:\Users\aymanh\Documents\Default.rdp
[2012/05/18 14:13:44 | 000,435,386 | ---- | M] () -- C:\Users\aymanh\Desktop\System Center 2012 Licensing Datasheet.pdf

========== Files Created - No Company Name ==========

[2012/06/15 16:55:37 | 000,414,656 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/15 16:18:41 | 000,000,512 | ---- | C] () -- C:\Users\aymanh\Documents\MBR.dat
[2012/06/15 14:39:12 | 000,046,522 | ---- | C] () -- C:\Users\aymanh\Documents\cc_20120615_143907.reg
[2012/06/15 14:12:05 | 000,009,008 | RHS- | C] () -- C:\ProgramData\3002.abs
[2012/06/12 10:00:23 | 000,254,947 | ---- | C] () -- C:\Users\aymanh\AppData\Local\census.cache
[2012/06/12 10:00:18 | 000,089,208 | ---- | C] () -- C:\Users\aymanh\AppData\Local\ars.cache
[2012/06/12 09:55:33 | 000,000,036 | ---- | C] () -- C:\Users\aymanh\AppData\Local\housecall.guid.cache
[2012/06/11 13:42:31 | 000,873,651 | ---- | C] () -- C:\Users\aymanh\Desktop\MOSDAL - June 11.pdf
[2012/06/05 14:44:05 | 018,350,026 | ---- | C] () -- C:\Users\aymanh\Desktop\666795_IntroWinServ2012.pdf
[2012/06/05 14:02:43 | 004,112,488 | ---- | C] () -- C:\Users\aymanh\Desktop\cbsi_msft_webcast_06052012_presentation_final.pdf
[2012/05/31 22:03:11 | 000,001,035 | ---- | C] () -- C:\Users\aymanh\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2012/05/18 14:13:44 | 000,435,386 | ---- | C] () -- C:\Users\aymanh\Desktop\System Center 2012 Licensing Datasheet.pdf
[2012/04/23 00:49:48 | 000,000,017 | ---- | C] () -- C:\Users\aymanh\AppData\Local\resmon.resmoncfg
[2012/04/08 23:38:15 | 000,004,096 | -H-- | C] () -- C:\Users\aymanh\AppData\Local\keyfile3.drm
[2012/04/02 19:36:25 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012/04/02 19:36:06 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2012/03/27 18:31:26 | 000,020,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/27 18:00:17 | 000,810,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/27 18:00:17 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/03/27 17:53:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/27 17:53:24 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/27 17:53:23 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/27 17:53:23 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/27 17:53:22 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/27 14:59:24 | 000,000,392 | ---- | C] () -- C:\Windows\SMSCFG.INI

========== LOP Check ==========

[2012/04/23 23:09:58 | 000,000,000 | ---D | M] -- C:\Users\aymanh\AppData\Roaming\Leadertech
[2012/04/23 23:12:59 | 000,000,000 | ---D | M] -- C:\Users\aymanh\AppData\Roaming\Memeo
[2012/04/23 23:23:25 | 000,000,000 | ---D | M] -- C:\Users\aymanh\AppData\Roaming\Seagate
[2012/04/23 00:48:59 | 000,000,000 | ---D | M] -- C:\Users\aymanh\AppData\Roaming\Spotify
[2012/05/07 12:33:31 | 000,000,000 | ---D | M] -- C:\Users\aymanh\AppData\Roaming\webex
[2012/06/15 19:46:17 | 000,024,902 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/04/19 16:50:41 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/11/20 23:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/02/15 14:39:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/06/15 18:16:21 | 4170,080,255 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/27 18:45:47 | 000,000,221 | -HS- | M] () -- C:\Users\aymanh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/15 17:27:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\aymanh\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/15 19:47:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 19:48:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 23:55:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-610354233-1133782292-1394453194-20955Core.job
[2012/06/15 19:55:10 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-610354233-1133782292-1394453194-20955UA.job
[2012/06/15 19:47:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/15 19:46:17 | 000,024,902 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/06/05 13:31:54 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/06/05 13:31:54 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/06/05 13:25:45 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/06/05 13:25:45 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/03/27 18:44:15 | 000,000,402 | -HS- | M] () -- C:\Users\aymanh\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/06/15 14:12:05 | 000,009,008 | RHS- | M] () -- C:\ProgramData\3002.abs
[2012/06/05 13:25:45 | 000,020,458 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
< End of report >

AymanH · Jun 17, 2012

Extras.txt

OTL Extras logfile created on: 6/15/2012 7:59:22 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\aymanh\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 78.48% Memory free
15.77 Gb Paging File | 14.01 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.47 Gb Total Space | 84.77 Gb Free Space | 35.55% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.48 Gb Free Space | 93.11% Space Free | Partition Type: NTFS

Computer Name: 18020-E6420 | User Name: aymanh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078EDA38-D86C-4A54-965D-1C2A9D6EBA70}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2AFA6D84-DBFA-4482-9691-E9C1FE71F5E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6EA8CA3B-15D6-4FFA-B095-5FB4D2E9F0B7}" = lport=56789 | protocol=6 | dir=in | name=vmware vcenter converter standalone - server |
"{86B3D66D-4B3C-4708-B690-3108026C242C}" = lport=9089 | protocol=6 | dir=in | name=vmware vcenter converter standalone - agent |
"{F815FA14-E222-406D-80B7-8737516D7043}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6A7BF2-9978-4CC5-B682-BC3EBD465ED8}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |
"{12B507BE-5642-4CCE-9522-4CDD222BEC5A}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |
"{1C20B872-9985-445E-A261-0A4DB05E49EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1E3B064A-1D1F-418C-BC10-1B02D13A8E69}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{2393601D-7B59-4D2A-B25F-850535BC4D92}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{2B61BC15-EAD8-4A48-A4AD-887189974970}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{2D57056B-0BDC-45AE-9DD8-AC1642BD5F2E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5C0B0F9A-62DA-45D9-808F-55B20903EAE8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5FBED183-C7A3-4AA2-A356-EA42E923F7C4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{7B599DC3-F87B-4EBF-BDC9-D73424FBC117}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{82B0CB0B-3725-439E-A34C-BDC35D94E9FD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{8817B85D-F978-49F1-A785-8A5D4C378DDB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A947BA7-CABE-46D3-949C-D8F3893B225D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{9E9FDF16-12A1-4D04-8773-5731C350F472}" = protocol=6 | dir=in | app=c:\users\aymanh\appdata\local\microsoft\skydrive\skydrive.exe |
"{A38E43F3-E546-443A-96FF-7184396A249E}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{A8C4CABA-B9D9-40AA-B879-88A8C0B30583}" = protocol=17 | dir=in | app=c:\users\aymanh\appdata\roaming\spotify\spotify.exe |
"{AB245F8C-F321-4DC9-A53D-D940FB70BEA4}" = protocol=17 | dir=in | app=c:\users\aymanh\appdata\local\microsoft\skydrive\skydrive.exe |
"{C72A8B12-7F49-4C93-AF0E-C83E9EBB0B86}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{CB7D2D2A-88D3-4EAA-B31D-531C1CD75351}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CBA0108C-8F7A-402F-85D9-36309E053EFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{D6C05348-CA46-4981-A0E1-0CA57213F52B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D7707DF5-5BAF-490A-8113-60F106226C4C}" = protocol=6 | dir=in | app=c:\users\aymanh\appdata\roaming\spotify\spotify.exe |
"{E08E1BA9-2940-46B9-A91B-4112B96FEE28}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E0A7E79E-2CB0-4116-9240-4ECF903483CC}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |
"{E23936A8-21EF-426B-A096-ABAA5FFAA0E1}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{E29121E4-D05A-43C3-B32A-02F165220FB4}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{F1598BDE-C7AB-41A5-9414-4B6AC5410B32}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F2C00EDA-A664-427A-BD9F-296BFC9676CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{F2D561A7-1A2A-405E-8767-EB0F0EE6894E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{F5B6C3FF-213C-4DEC-8457-3AEAEA3EDB52}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{F609EDA1-662C-4698-A115-7C04CEAB21C2}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{F9D6B83A-D8C4-4D50-9A50-9B5D221FDCAA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{388E6D99-3E62-48FA-90DC-FD001BCF23CF}C:\users\aymanh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\aymanh\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C69E8A65-704D-4E5C-8146-B04AEB2272CF}C:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"TCP Query User{E4842A15-3E86-4502-9ADE-E6D684860AA2}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"UDP Query User{0C1636B7-30D4-4E7F-B1C6-2B00B5F88565}C:\users\aymanh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\aymanh\appdata\roaming\spotify\spotify.exe |
"UDP Query User{33778263-9EF4-425D-AC31-79E0A84B27CA}C:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"UDP Query User{C340F04A-1CD2-47A1-901A-4262BBEA6D8E}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E0818E4-C87B-4211-9791-E958BD34B96C}" = Microsoft Forefront Endpoint Protection 2010 Server Management
"{11849FBC-C416-4742-8279-17C3A2C85F72}" = Microsoft Lync 2010
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2BE3C45C-B0E3-4061-A3C5-C6ED9639C813}" = VmciSockets
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{43CC9C53-A217-4850-B5B2-8C347920E500}" = Microsoft Online Services Module for Windows PowerShell
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}" = Microsoft Online Services Sign-in Assistant
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F39076D7-7168-44CD-A2C6-EBC1CDA7DC1C}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Forefront Endpoint Protection 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C524D20-0409-0050-8A9E-0C4C490E4E54}" = Microsoft Dynamics CRM 2011 for Microsoft Office Outlook
"{0C524DC1-0409-0050-8121-88490F4D5549}" = Microsoft Dynamics CRM 2011 English (United States) Language Pack
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28DA3304-9EC2-4097-BC64-B59A1958841F}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{5542B6FC-191D-4D38-A4AF-BED6451A038B}" = Google Drive
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3E339483-11EC-4876-B01F-E760E6F7652C}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2010
"{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8C80871-125D-4667-BC0A-E3EEE62597E8}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010
"{90140000-0017-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{E1BDB3A3-E0ED-4347-A84D-5D4A747259CA}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJSTD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJSTD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJSTD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJSTD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2010
"{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{A09B3E3D-EAFA-45B3-B61F-53D9090E2E27}" =
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{4B6C7318-4589-4253-B0FF-30C55D7C2939}" =
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJSTD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJSTD_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDF0C1D5-D980-48F9-BA19-0ECEDEF8C5D4}" = VMware vCenter Converter Standalone
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"ActiveTouchMeetingClient" = WebEx
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft CRM Client" = Microsoft Dynamics CRM 2011 for Microsoft Office Outlook
"Office14.PRJSTD" = Microsoft Project Standard 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.SharePointDesigner" = Microsoft SharePoint Designer 2010
"Office14.VISIO" = Microsoft Visio Professional 2010
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-610354233-1133782292-1394453194-20955\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
"WinImage" = WinImage

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2012 11:27:41 PM | Computer Name = 18020-E6420.2d.hq | Source = Application Hang | ID = 1002
Description = The program SDFiles.exe version 2.0.8.128 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e90 Start
Time: 01cd49dd1ee2b315 Termination Time: 0 Application Path: C:\Program Files (x86)\Spybot
- Search & Destroy 2\SDFiles.exe Report Id: e3415bb7-b5d0-11e1-9b2f-005056c00009

Error - 6/14/2012 9:33:22 AM | Computer Name = 18020-E6420.2d.hq | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 9:33:52 AM | Computer Name = 18020-E6420.2d.hq | Source = Application Error | ID = 1000
Description = Faulting application name: SkyDrive.exe, version: 16.4.4111.525, time
stamp: 0x4fbfb5e9 Faulting module name: SyncEngine.DLL, version: 16.4.4111.525,
time stamp: 0x4fbfb5c6 Exception code: 0xc0000005 Fault offset: 0x000a7b98 Faulting
process id: 0x122c Faulting application start time: 0x01cd4a3255516b4a Faulting application
path: C:\Users\aymanh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe Faulting module
path: C:\Users\aymanh\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SyncEngine.DLL
Report
Id: 94079eed-b625-11e1-b6d4-005056c00009

Error - 6/14/2012 10:32:33 AM | Computer Name = 18020-E6420.2d.hq | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 10:33:19 AM | Computer Name = 18020-E6420.2d.hq | Source = Application Error | ID = 1000
Description = Faulting application name: SkyDrive.exe, version: 16.4.4111.525, time
stamp: 0x4fbfb5e9 Faulting module name: SyncEngine.DLL, version: 16.4.4111.525,
time stamp: 0x4fbfb5c6 Exception code: 0xc0000005 Fault offset: 0x000a7b98 Faulting
process id: 0x123c Faulting application start time: 0x01cd4a3aa3718158 Faulting application
path: C:\Users\aymanh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe Faulting module
path: C:\Users\aymanh\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SyncEngine.DLL
Report
Id: e24fa757-b62d-11e1-a44f-005056c00009

Error - 6/14/2012 10:42:44 AM | Computer Name = 18020-E6420.2d.hq | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 11:09:06 AM | Computer Name = 18020-E6420.2d.hq | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 11:48:08 AM | Computer Name = 18020-E6420.2d.hq | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 11:50:14 AM | Computer Name = 18020-E6420.2d.hq | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 11:59:19 AM | Computer Name = 18020-E6420.2d.hq | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/14/2012 9:05:41 AM | Computer Name = 18020-E6420.2d.hq | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 5/14/2012 9:06:17 AM | Computer Name = 18020-E6420.2d.hq | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 5/14/2012 9:06:19 AM | Computer Name = 18020-E6420.2d.hq | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 5/14/2012 9:07:04 AM | Computer Name = 18020-E6420.2d.hq | Source = DCOM | ID = 10016
Description =

Error - 5/14/2012 9:09:22 AM | Computer Name = 18020-E6420.2d.hq | Source = TermService | ID = 1067
Description =

Error - 5/14/2012 1:53:08 PM | Computer Name = 18020-E6420.2d.hq | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain 2D due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 5/14/2012 5:48:18 PM | Computer Name = 18020-E6420.2d.hq | Source = TermService | ID = 1067
Description =

Error - 5/14/2012 5:52:29 PM | Computer Name = 18020-E6420.2d.hq | Source = TermService | ID = 1067
Description =

Error - 5/14/2012 6:38:39 PM | Computer Name = 18020-E6420.2d.hq | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain 2D due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 5/14/2012 6:45:02 PM | Computer Name = 18020-E6420.2d.hq | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

< End of report >

Broni · Jun 17, 2012

OTL logs are clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

AymanH · Jun 18, 2012

checkup.txt from SecurityCheck.exe
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 5 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
``````````End of Log````````````

AymanH · Jun 18, 2012

fss.txt

Farbar Service Scanner Version: 09-06-2012
Ran by aymanh (administrator) on 17-06-2012 at 23:36:09
Running from "D:\"
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 13:06] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Solved WIN64/Sirefer.y Infection - requesting help with removal kindly

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 56,041 +516

Attachments

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 22 +0

Similar threads