Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT LOG


  • This topic is locked This topic is locked
17 replies to this topic

#1 moselbee

moselbee

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 02 January 2013 - 12:36 PM

I know my husband has put a key logger on my pc and also my cell phone some type of spywear.. I am trying to double check that I have removed it from my pc.. it is still running as if something is here but i can't find anything when I have done a scan...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:31:06 PM, on 1/2/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Users\Mariam\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mariam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [881F1976821F29C34790AB10E70E46494D706409._service_run] "C:\Users\Mariam\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2956428168-404915347-396044097-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2956428168-404915347-396044097-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Mariam\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: http://*.taobao.com
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} (DVRemoteControl Class) - http://76.236.90.16:88/DVRemoteAx.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=972
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: AirPrint - Apple Inc. - C:\Program Files (x86)\AirPrint\airprint.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CyberLink Product - 2011/11/18 20:14:48 (CLKMSVC10_9EC60124) - CyberLink - c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19199 bytes

BC AdBot (Login to Remove)

 


#2 moselbee

moselbee
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 03 January 2013 - 02:09 AM

NO one? even if i am clean? Please

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:54 PM

Posted 05 January 2013 - 11:50 AM

moselbee,

We sincerely apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:


Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

We no longer use HijackThis as it does not show enough information to deal with current malware infections.

Posted Image OTL

  • Please download OTL, and save it to your Desktop
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:54 PM

Posted 08 January 2013 - 06:46 PM

moselbee,

It has been three days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:54 PM

Posted 11 January 2013 - 06:55 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:54 PM

Posted 16 January 2013 - 09:24 PM

This topic has been re-opened at the request of the person who originally posted.

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:54 PM

Posted 16 January 2013 - 09:24 PM

This topic has been re-opened at the request of the person who originally posted.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 moselbee

moselbee
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 16 January 2013 - 09:27 PM

Thank YOU! the scan is running right now! you want them as attachments or in the post?

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:54 PM

Posted 16 January 2013 - 09:28 PM

Just copy/paste the logs into your post.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 moselbee

moselbee
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 16 January 2013 - 10:09 PM

:thumbsup:
OTL logfile created on: 1/16/2013 10:01:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mariam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 46.80% Memory free
7.79 Gb Paging File | 5.27 Gb Available in Paging File | 67.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 199.74 Gb Free Space | 44.77% Space Free | Partition Type: NTFS
Drive E: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.06% Space Free | Partition Type: FAT32
Drive F: | 14.89 Gb Total Space | 10.80 Gb Free Space | 72.54% Space Free | Partition Type: FAT32

Computer Name: MARIAM-PC | User Name: Mariam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012/12/21 22:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mariam\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/05 18:53:26 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPrint\airprint.exe
PRC - [2012/10/05 15:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mariam\Desktop\OTL.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
PRC - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
PRC - [2011/09/22 11:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/22 11:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/09/22 11:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/09/21 11:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/04/22 11:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/21 22:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/13 11:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/10 03:39:35 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll
MOD - [2013/01/10 03:39:23 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll
MOD - [2013/01/10 03:39:20 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll
MOD - [2013/01/10 03:38:41 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/10 03:36:43 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013/01/10 03:36:33 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 03:36:31 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013/01/10 03:36:30 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013/01/10 03:36:23 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 03:36:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/10 03:36:06 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 03:35:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:35:52 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:35:50 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 03:35:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 03:35:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:35:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:35:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:35:33 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
MOD - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/09/22 11:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/08 08:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 02:43:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/06 02:35:55 | 000,148,480 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/01/06 02:35:50 | 000,376,320 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/05 18:53:26 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\AirPrint\airprint.exe -- (AirPrint)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/09/22 11:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/09/16 14:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/11 19:04:58 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/04/22 11:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 22:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/06 02:35:52 | 000,088,600 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 18:04:34 | 000,050,808 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SeratoUsb.sys -- (SeratoUsb)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 12:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/01/25 12:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/01/25 12:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012/01/25 12:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/12/14 19:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/11/18 22:03:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/18 22:03:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 20:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/20 08:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/17 10:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/05/17 10:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/04/22 11:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/31 18:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/31 10:24:46 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/10 20:32:20 | 000,172,632 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 19:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/12 21:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{0FC81F71-F60D-4C98-9F29-D2905FD74C62}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{20CC3833-BB4E-4914-87CC-117DA9D4F7AF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0FC81F71-F60D-4C98-9F29-D2905FD74C62}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852&q={searchTerms}
IE - HKLM\..\SearchScopes\{FDD1BA80-49D1-4815-AE74-524DADA993A7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 B4 C1 7B 3E 8C CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E7 3F E5 01 98 3C F9 40 91 D5 EF 7F EC 5B DD 4C [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B607A7F5-BDF3-4B7F-96FB-AB803B5CBC5B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=snRkY83kjg3B-dnD8BPuwBGE2Ic?q={searchTerms}
IE - HKCU\..\SearchScopes\{AC96E587-8FCE-4AF7-825E-C83E1B282BC6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_enUS453
IE - HKCU\..\SearchScopes\{B607A7F5-BDF3-4B7F-96FB-AB803B5CBC5B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_enUS453
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"
FF - prefs.js..extensions.enabledAddons: LogMeInClient@logmein.com:1.0.0.932
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mariam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mariam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mariam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mariam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/26 18:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/26 18:04:18 | 000,000,000 | ---D | M]

[2012/05/19 02:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mariam\AppData\Roaming\Mozilla\Extensions
[2013/01/13 03:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mariam\AppData\Roaming\Mozilla\Firefox\Profiles\1x3hkuu5.default\extensions
[2012/07/05 09:12:54 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Mariam\AppData\Roaming\Mozilla\Firefox\Profiles\1x3hkuu5.default\extensions\LogMeInClient@logmein.com
[2012/08/27 18:02:43 | 000,340,132 | ---- | M] () (No name found) -- C:\Users\Mariam\AppData\Roaming\Mozilla\Firefox\Profiles\1x3hkuu5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/09/06 17:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/09/06 17:27:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Mariam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Mariam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Drive = C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Facebook Invite All Friends PRO = C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkifjigoeilijkcnpfdjbpdjgnbfibec\3.4.2.0_0\
CHR - Extension: Gmail = C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/10 18:22:28 | 000,444,298 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15287 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mariam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} http://76.236.90.16:88/DVRemoteAx.cab (DVRemoteControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{244DC0AF-7218-438C-B8BE-567BF584E7A8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FADD2416-5B62-4F8C-A35D-AEDE24BE1063}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 360 Days ==========

[2013/01/16 21:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/16 21:18:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mariam\Desktop\OTL.exe
[2013/01/16 21:17:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/13 03:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2013/01/13 02:43:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
[2013/01/11 02:18:10 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\iMobie_Inc
[2013/01/11 02:12:46 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\iMobie
[2013/01/11 02:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
[2013/01/11 02:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMobie
[2013/01/10 03:08:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/01/09 16:12:12 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 16:12:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 16:11:55 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 16:11:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 16:11:51 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 16:11:51 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 16:11:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 16:11:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 16:11:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 16:11:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 16:11:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 16:11:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 16:11:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 16:11:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 16:11:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 16:11:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 16:11:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 16:11:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 16:11:51 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 16:11:51 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 16:11:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 16:11:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 16:11:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 16:11:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 16:11:51 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 16:11:51 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 16:11:50 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 16:11:50 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 16:11:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 16:11:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 16:11:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 16:11:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 16:11:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 16:11:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 16:11:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 16:11:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 16:11:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 16:11:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 16:11:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 16:11:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 16:11:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 16:11:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 16:11:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 16:11:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 16:11:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 16:11:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 16:11:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 16:11:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 16:11:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 16:11:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 16:11:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 16:11:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 16:11:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 16:11:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 16:11:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 16:11:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 16:11:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 16:11:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 16:11:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 16:11:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 16:11:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 16:11:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 16:11:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 16:11:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 16:11:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 16:11:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 16:11:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 16:11:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 16:11:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 16:11:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 16:11:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 16:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 16:11:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 16:11:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 16:11:09 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/08 14:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013/01/08 14:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2013/01/08 02:21:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion Limited
[2013/01/08 02:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2013/01/07 22:15:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/06 04:07:00 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Media Player Lite
[2013/01/06 04:05:52 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaPlayerLite
[2013/01/06 04:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaPlayerLite
[2013/01/06 04:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/01/06 02:38:41 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Programs
[2013/01/05 19:29:52 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\BETH
[2013/01/05 16:17:06 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2013/01/05 16:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013/01/05 16:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2013/01/05 14:43:05 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\MOD Jan
[2013/01/04 14:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/04 14:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/04 14:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/04 14:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/04 14:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/04 13:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSConfig CleanUp
[2013/01/04 13:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSConfig CleanUp
[2013/01/04 00:55:08 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\Virus
[2013/01/04 00:30:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/04 00:30:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/04 00:30:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/04 00:24:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/04 00:24:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/04 00:00:04 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\Mariam\Desktop\ComboFix.exe
[2013/01/03 21:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/02 12:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/12/29 15:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/28 00:36:39 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\QFX Software
[2012/12/28 00:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/12/27 23:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/12/27 23:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/27 23:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/12/27 22:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/12/26 22:06:27 | 065,087,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/12/26 18:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012/12/26 18:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/12/26 18:03:24 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/12/26 18:03:11 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/12/26 18:03:11 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/12/26 18:03:11 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/12/26 18:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/12/26 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\Mot 12
[2012/12/24 23:00:41 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\SD 12242012
[2012/12/22 03:00:34 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/22 03:00:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/22 03:00:33 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/22 03:00:32 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/21 19:34:18 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Documents\SnowFox Total Video Converter
[2012/12/17 16:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012/12/17 16:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012/12/15 02:23:15 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{E9E5C94D-CA7B-4EBE-9B55-AE02EE2802D8}
[2012/12/14 03:43:20 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Documents\Graboid
[2012/12/13 05:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JustCloud
[2012/12/13 03:02:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/13 03:02:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/13 03:02:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/13 03:02:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/13 03:02:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/13 03:02:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/13 03:02:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/13 03:02:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/13 03:02:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/13 03:02:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/13 03:02:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/13 03:02:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/13 03:02:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/13 03:02:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/13 03:02:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 14:03:08 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 14:03:08 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/10 21:18:10 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{55ECF249-51AC-4D8B-98F3-B8AD352AF8E8}
[2012/12/10 09:17:58 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{31CEF3D0-12BF-4EC5-9ACA-FE8FEAAB79E8}
[2012/12/09 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{1AB1D2EA-8A08-4391-85D9-94B64193011A}
[2012/12/09 09:17:34 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{EFB0A900-7DD1-48E4-8B8A-A6992C445370}
[2012/12/08 21:17:20 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{9B8635A6-B38D-45B5-9A15-82823CD5A292}
[2012/12/07 17:22:29 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{BB866A1E-F74A-4709-BFB9-CCB86012D0D4}
[2012/12/07 05:22:17 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{C2D45AB3-1D31-4EDF-BC17-6EC40AD2AAA0}
[2012/12/06 17:22:05 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{DD1A599B-D709-422C-B66A-6C5CDB6F4986}
[2012/12/04 22:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2012/12/04 22:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2012/12/04 01:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\QUALCOMM
[2012/12/04 01:13:19 | 000,000,000 | ---D | C] -- C:\Windows\Dell
[2012/12/03 19:43:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/12/03 19:43:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/12/03 19:43:28 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/12/03 18:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/12/03 18:41:46 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/12/03 03:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/12/03 03:41:25 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\Movies
[2012/11/30 21:13:55 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\iLivid
[2012/11/23 16:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/23 16:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/11/13 19:28:39 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/13 19:28:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/13 19:22:16 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/13 19:22:16 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/13 19:22:16 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/13 19:22:16 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/13 18:53:56 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/13 18:53:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/13 18:53:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/13 18:53:50 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/13 18:53:50 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/13 18:53:50 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/13 18:53:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/13 18:53:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/13 18:53:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/13 18:53:37 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/13 18:53:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/13 06:50:42 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\vlc
[2012/11/13 01:45:51 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Geckofx
[2012/11/13 01:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/13 01:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/11/11 17:35:48 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{8A27664D-7897-4B17-B570-417234D23840}
[2012/11/11 17:35:48 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\{4B43DA3D-2F0E-4D9C-B055-337DA6546C7F}
[2012/11/11 17:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/11/10 21:52:51 | 000,050,808 | ---- | C] (Cristalink Ltd) -- C:\Windows\SysNative\drivers\SeratoUsb.sys
[2012/11/10 21:52:47 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
[2012/11/10 21:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serato
[2012/11/10 21:51:46 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/10/31 17:53:27 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\YourFileDownloader
[2012/10/31 17:53:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2012/10/29 16:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2012/10/29 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\OpenCandy
[2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/22 17:24:58 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\ApplicationHistory
[2012/10/22 17:24:34 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bagatrix
[2012/10/22 17:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bagatrix
[2012/10/15 21:33:28 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\yaser
[2012/10/11 20:31:32 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/11 20:31:32 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/11 20:31:30 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/11 20:31:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/11 20:30:55 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/11 20:30:54 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/05 18:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirPrint
[2012/10/03 21:39:40 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\BDBF4927-1269-4A00-B57A-684474E34437.aplzod
[2012/10/03 19:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/03 19:19:49 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/28 16:52:26 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\Police Package
[2012/09/28 10:32:56 | 005,989,776 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012/09/28 10:32:56 | 000,053,760 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2012/09/26 08:14:46 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/24 21:12:23 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\avidemux
[2012/09/24 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\HandBrake
[2012/09/24 20:02:05 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/09/24 20:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/09/24 20:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012/09/24 18:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCMS
[2012/09/24 18:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iCMS
[2012/09/24 16:30:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/09/23 22:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2012/09/23 22:43:16 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Backup Assistant Plus
[2012/09/15 14:52:50 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Skype
[2012/09/15 14:52:37 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/15 14:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/15 14:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/15 14:51:36 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/09/15 14:51:36 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/09/14 03:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/14 03:22:08 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/13 20:40:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/13 20:40:27 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/13 20:40:26 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/13 20:40:26 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/26 22:34:18 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\JDownloader 0.9
[2012/08/17 15:36:49 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/17 15:36:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/17 15:35:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/17 15:35:34 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/17 15:35:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/17 15:35:24 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/05 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\MOT
[2012/08/05 17:17:41 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\8 SD CARD
[2012/07/10 18:51:12 | 000,000,000 | ---D | C] -- C:\backup
[2012/07/10 18:49:38 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\SpeedyPC Software
[2012/07/10 18:49:38 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\DriverCure
[2012/07/10 18:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/10 17:07:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 17:07:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 17:07:10 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 17:07:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/03 19:42:26 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Macromedia
[2012/06/20 19:45:07 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/20 19:45:07 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/20 19:45:07 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/20 19:44:46 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/20 19:44:46 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/20 19:44:46 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/20 19:44:29 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/20 19:44:29 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/13 16:18:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 16:18:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 16:18:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 16:18:26 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/06 19:59:42 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/05/31 18:17:10 | 000,000,000 | ---D | C] -- C:\Users\Mariam\contenttemp
[2012/05/31 18:17:10 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A+LS
[2012/05/19 02:45:59 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Mozilla
[2012/05/19 02:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/19 02:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/05/19 02:04:59 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\ProgSense
[2012/05/19 02:04:57 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\GrabPro
[2012/05/19 02:04:57 | 000,000,000 | ---D | C] -- C:\downloads
[2012/05/19 02:04:53 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Orbit
[2012/05/13 18:51:06 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Motorola
[2012/05/13 18:51:02 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Motosftemp
[2012/05/13 17:53:01 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Motorola
[2012/05/13 17:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/05/13 17:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/05/13 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/05/12 14:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/05/12 14:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/05/12 14:27:23 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\NCH Software
[2012/05/11 20:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/05/11 20:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/05/11 20:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/05/11 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Conduit
[2012/05/11 20:37:41 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Documents\Freecorder
[2012/05/11 20:37:40 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\FLVService
[2012/05/11 19:50:33 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Powercinema
[2012/05/11 19:49:11 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\CyberLink
[2012/05/10 18:25:02 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/10 17:36:37 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/06 18:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/04/21 15:36:38 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Documents\SPSSInc
[2012/04/21 15:33:24 | 000,000,000 | ---D | C] -- C:\Users\Mariam\.spss
[2012/04/21 15:33:22 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\IBM
[2012/04/21 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\javasharedresources
[2012/04/21 15:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
[2012/04/21 15:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IBM
[2012/04/21 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\Mariam\DownloadDirector
[2012/04/17 08:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Bradford Networks
[2012/04/14 18:36:49 | 000,000,000 | ---D | C] -- C:\HP LJ2300
[2012/04/11 22:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD YouTube Downloader & Converter
[2012/04/11 22:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD YouTube Downloader & Converter
[2012/04/11 02:00:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 02:00:35 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/01 15:13:42 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\redsn0w
[2012/03/29 21:23:48 | 000,000,000 | R--D | C] -- C:\Users\Mariam\Dropbox
[2012/03/29 21:22:59 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/03/29 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Dropbox
[2012/03/28 20:33:55 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Apple Computer
[2012/03/28 20:33:39 | 000,125,872 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/03/28 20:33:39 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/03/28 20:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/03/28 20:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/03/28 20:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/03/28 16:35:01 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Apple Computer
[2012/03/28 16:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/28 16:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/03/28 16:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/03/28 16:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/03/13 13:51:02 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 13:51:02 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/12 19:52:29 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Citrix
[2012/03/08 16:42:27 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Desktop\Studio
[2012/02/29 00:02:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/26 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2012/02/15 07:27:51 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 07:27:46 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 07:27:46 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 07:27:41 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/10 21:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/02/10 21:36:43 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/09 23:08:56 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Calibre Library
[2012/02/09 23:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\calibre
[2012/02/09 23:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/02/09 23:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/02/09 22:26:29 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\ZinioReader4
[2012/02/09 19:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/02/09 18:43:57 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\Real
[2012/02/09 18:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2012/02/09 18:43:40 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Roaming\RealNetworks
[2012/02/04 02:48:10 | 000,000,000 | ---D | C] -- C:\Users\Mariam\AppData\Local\Apple
[2012/02/01 18:53:14 | 000,088,600 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/02/01 18:53:14 | 000,088,008 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll.000.bak
[2012/02/01 18:53:14 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2012/02/01 18:53:14 | 000,035,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/02/01 18:53:10 | 000,084,472 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/02/01 18:53:10 | 000,080,800 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll.000.bak
[2012/02/01 18:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2012/01/27 16:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/25 12:58:02 | 000,027,136 | ---- | C] (Motorola Mobility Inc) -- C:\Windows\SysNative\drivers\Motousbnet.sys
[2012/01/25 12:57:50 | 000,030,720 | ---- | C] (Motorola Mobility Inc) -- C:\Windows\SysNative\drivers\motmodem.sys
[2012/01/25 12:57:46 | 000,009,728 | ---- | C] (Motorola Mobility Inc) -- C:\Windows\SysNative\drivers\motccgpfl.sys
[2012/01/25 12:57:38 | 000,022,016 | ---- | C] (Motorola Mobility Inc) -- C:\Windows\SysNative\drivers\motccgp.sys
[2012/01/23 13:37:12 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/01/23 13:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series
[2012/01/23 13:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2012/01/23 13:36:52 | 000,344,064 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMA5.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkUS.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkSE.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkRU.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkPT.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkPL.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkNL.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkIT.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkID.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkGR.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkFR.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkFI.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkES.DLL
[2012/01/23 13:36:49 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkDE.DLL
[2012/01/23 13:36:49 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkTR.DLL
[2012/01/23 13:36:49 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkTH.DLL
[2012/01/23 13:36:49 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkNO.DLL
[2012/01/23 13:36:49 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkKR.DLL
[2012/01/23 13:36:49 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkJP.DLL
[2012/01/23 13:36:49 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkHU.DLL
[2012/01/23 13:36:49 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkDK.DLL
[2012/01/23 13:36:49 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkCZ.DLL
[2012/01/23 13:36:49 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkAR.DLL
[2012/01/23 13:36:49 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkTW.DLL
[2012/01/23 13:36:49 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLkCN.DLL
[2012/01/23 13:36:48 | 000,343,552 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCF2Lk.DLL
[2012/01/23 13:36:48 | 000,182,272 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFMSk.EXE
[2012/01/23 13:30:54 | 000,000,000 | R--D | C] -- C:\Users\Mariam\Documents\Scanned Documents
[2012/01/23 13:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mariam\Documents\Fax

========== Files - Modified Within 360 Days ==========

[2013/01/16 22:04:49 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 22:04:49 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 21:57:50 | 005,026,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/16 21:57:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 21:56:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/16 21:55:59 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/16 21:49:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/16 21:44:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002UA.job
[2013/01/16 21:42:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/16 21:06:18 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\Mariam\Desktop\ComboFix.exe
[2013/01/16 17:45:47 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002Core.job
[2013/01/13 02:42:54 | 000,002,257 | ---- | M] () -- C:\Users\Mariam\Desktop\Google Chrome.lnk
[2013/01/11 04:23:18 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/01/11 02:18:26 | 000,215,848 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/11 02:12:22 | 000,002,058 | ---- | M] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\PhoneClean.lnk
[2013/01/10 20:44:19 | 000,797,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/10 20:44:19 | 000,672,624 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/10 20:44:19 | 000,126,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/10 18:22:28 | 000,444,298 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/10 03:14:07 | 000,791,666 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 02:43:18 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 02:43:18 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 14:22:08 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/01/06 04:05:53 | 000,001,911 | ---- | M] () -- C:\Users\Mariam\Desktop\MediaPlayerLite.lnk
[2013/01/06 02:38:58 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/06 02:35:52 | 000,088,600 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/01/06 02:35:51 | 000,084,472 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/01/06 02:35:51 | 000,035,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2013/01/05 14:36:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2013/01/05 14:35:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2013/01/05 14:35:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2013/01/05 14:35:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2013/01/05 14:35:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2013/01/04 14:51:51 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/04 14:15:10 | 000,444,240 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130110-182228.backup
[2013/01/04 14:14:57 | 000,444,240 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130104-141510.backup
[2013/01/04 13:39:36 | 000,001,044 | ---- | M] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\MSConfigCleanUp.lnk
[2013/01/04 13:39:36 | 000,001,020 | ---- | M] () -- C:\Users\Mariam\Desktop\MSConfigCleanUp.lnk
[2013/01/04 00:55:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130104-141457.backup
[2012/12/29 15:55:35 | 000,001,077 | ---- | M] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012/12/29 15:55:35 | 000,001,053 | ---- | M] () -- C:\Users\Mariam\Desktop\Orbit.lnk
[2012/12/28 02:35:22 | 000,445,135 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121231-193952.backup
[2012/12/28 02:35:22 | 000,445,135 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130103-025622.backup
[2012/12/28 02:35:22 | 000,445,135 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130103-025553.backup
[2012/12/28 02:35:00 | 000,445,135 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121228-023522.backup
[2012/12/27 23:33:58 | 000,001,284 | ---- | M] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/12/27 22:08:45 | 000,006,186 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/12/27 20:11:29 | 000,001,216 | ---- | M] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/26 18:04:29 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/12/26 18:03:24 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/12/26 18:03:11 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/12/26 18:03:11 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/12/26 18:03:11 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/12/26 15:13:45 | 000,001,055 | ---- | M] () -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/26 15:13:39 | 000,001,025 | ---- | M] () -- C:\Users\Mariam\Desktop\Dropbox.lnk
[2012/12/25 03:12:28 | 007,175,493 | ---- | M] () -- C:\Users\Mariam\AppData\Local\census.cache
[2012/12/25 03:08:40 | 000,124,064 | ---- | M] () -- C:\Users\Mariam\AppData\Local\ars.cache
[2012/12/21 21:49:23 | 000,836,907 | ---- | M] () -- C:\Users\Mariam\Documents\IMG_0654.mp3
[2012/12/21 21:22:41 | 011,329,384 | ---- | M] () -- C:\Users\Mariam\Documents\IMG_0652.3gp
[2012/12/21 16:35:39 | 330,266,769 | ---- | M] () -- C:\Users\Mariam\Documents\Secret Societies Conspiracy Theory Jesse Ventura.flv
[2012/12/21 16:17:17 | 028,669,378 | ---- | M] () -- C:\Users\Mariam\Documents\JFK Deathbed confession - Conspiracy Theory with Jesse Ventura trutv.flv
[2012/12/21 16:09:14 | 199,134,097 | ---- | M] () -- C:\Users\Mariam\Documents\Conspiracy Theory W_ Jesse Ventura_ HAARP [Season 1, Episode 1] (Full Length • HD).flv
[2012/12/21 16:07:04 | 198,443,710 | ---- | M] () -- C:\Users\Mariam\Documents\Banned Episode_ Conspiracy Theory with Jesse Ventura - Police State.flv
[2012/12/21 15:30:14 | 013,070,849 | ---- | M] () -- C:\Users\Mariam\Documents\Former CIA Agent's Message to America - WATCH NOW.flv
[2012/12/21 15:28:38 | 027,252,888 | ---- | M] () -- C:\Users\Mariam\Documents\This is how they plan to KILL us - Elite Insider George Green.flv
[2012/12/21 15:22:31 | 014,998,043 | ---- | M] () -- C:\Users\Mariam\Documents\Parents smiling and waiting in line to be interviewed at Sandy Hooks school shooting..flv
[2012/12/21 15:19:55 | 019,109,423 | ---- | M] () -- C:\Users\Mariam\Documents\Sandy Hook Hoax _Medical Examiner_ Wayne Carver.flv
[2012/12/21 02:57:07 | 014,825,046 | ---- | M] () -- C:\Users\Mariam\Documents\27 Dead in Conn., 22 students stabbed in China. Today..mp4
[2012/12/21 00:47:45 | 046,024,223 | ---- | M] () -- C:\Users\Mariam\Documents\CONN. SCHOOL SHOOTING EXPOSED FALSE FLAG 100% PROOF ILLUMINATI.flv
[2012/12/21 00:41:46 | 008,289,149 | ---- | M] () -- C:\Users\Mariam\Documents\Gun Inconsistencies in Sandy Hook School Mass Shooting.flv
[2012/12/21 00:19:44 | 012,203,716 | ---- | M] () -- C:\Users\Mariam\Documents\Man Stabs 22 Children at Chinese Elementary School Vicious Attack Angers Parents!.flv
[2012/12/20 02:05:16 | 027,666,926 | ---- | M] () -- C:\Users\Mariam\Documents\9-11 The Most Important Video Ever What Happened to WTC Building 7.flv
[2012/12/20 01:58:30 | 037,015,115 | ---- | M] () -- C:\Users\Mariam\Documents\Connecticut Shooting Government Conspiracy Exposed! MUST SEE!.flv
[2012/12/20 01:35:33 | 028,847,521 | ---- | M] () -- C:\Users\Mariam\Documents\Rare Never before seen footage of 9_11 Wtc Attacks Controlled Demolition Septembre 11th.flv
[2012/12/20 01:32:03 | 007,349,699 | ---- | M] () -- C:\Users\Mariam\Documents\9_11 Evidence of (Controlled Demolition)Bombs Devil Face in Smoke.flv
[2012/12/20 01:26:30 | 179,461,348 | ---- | M] () -- C:\Users\Mariam\Documents\Watch this and you will know we're in END TIMES!.flv
[2012/12/20 01:19:13 | 003,318,737 | ---- | M] () -- C:\Users\Mariam\Documents\1 DAY BEFORE 911 WTC Attacks, An Amazing Thing Happened.flv
[2012/12/20 01:18:32 | 043,887,290 | ---- | M] () -- C:\Users\Mariam\Documents\DID 3000 PEOPLE REALLY DIE ON 9-11 __.flv
[2012/12/20 01:18:27 | 094,690,077 | ---- | M] () -- C:\Users\Mariam\Documents\TRUMP_ OSAMA BIN LADEN DEATH WAS A SCAM!.flv
[2012/12/20 01:04:31 | 026,007,037 | ---- | M] () -- C:\Users\Mariam\Documents\Disturbing Footage! The US Army Doesn't Want You To See THIS!.flv
[2012/12/20 00:50:05 | 034,653,425 | ---- | M] () -- C:\Users\Mariam\Documents\Mysterious Deaths of 9_11 Witnesses (MUST SEE).flv
[2012/12/20 00:44:48 | 019,735,124 | ---- | M] () -- C:\Users\Mariam\Documents\9_11 Fake_ DEBUNKED! Live Footage No Plane Seen Before South Tower Explosion.flv
[2012/12/20 00:30:44 | 006,966,934 | ---- | M] () -- C:\Users\Mariam\Documents\The missile that hit WTC 2 in Slow Motion.flv
[2012/12/20 00:12:11 | 000,593,909 | ---- | M] () -- C:\Users\Mariam\Documents\Here's something the government didn't want you to see.flv
[2012/12/19 23:55:29 | 004,954,023 | ---- | M] () -- C:\Users\Mariam\Documents\Sandy Hook IN BATMAN movie!!!! Another reference to the Connecticut shooting !!!.flv
[2012/12/19 23:53:27 | 076,538,472 | ---- | M] () -- C:\Users\Mariam\Documents\father ROBBIE PARKER of emilie parker speaks out FULL LENGTH.flv
[2012/12/19 23:28:52 | 008,167,009 | ---- | M] () -- C:\Users\Mariam\Documents\Who Shot JFK_!_!.flv
[2012/12/19 23:24:22 | 021,392,773 | ---- | M] () -- C:\Users\Mariam\Documents\2012_ The Year Of The 2nd American Revolution.flv
[2012/12/19 23:15:26 | 008,010,377 | ---- | M] () -- C:\Users\Mariam\Documents\Obama's crocodile tears - Fake crying after Sandy Hook shooting.mp4
[2012/12/19 22:18:07 | 206,172,126 | ---- | M] () -- C:\Users\Mariam\Documents\SANDY HOOK MASSACRE ~ FALSE FLAG.mp4
[2012/12/19 22:13:07 | 028,880,807 | ---- | M] () -- C:\Users\Mariam\Documents\Sandyhook Hurricane Clackamas Aurora Shootings and MORE. FALSE FLAG. FOR NWO GUN GRAB.flv
[2012/12/19 21:59:32 | 022,116,397 | ---- | M] () -- C:\Users\Mariam\Documents\Sandy Hook school news FLASH!.flv
[2012/12/19 21:40:41 | 019,277,533 | ---- | M] () -- C:\Users\Mariam\Documents\Welcome the Family Known as the _Bullcrap's_ (sandy-hook HOAX!).mp4
[2012/12/19 21:35:39 | 003,673,067 | ---- | M] () -- C:\Users\Mariam\Documents\Sandy Hook Shooting Exposed As a Fruad.flv
[2012/12/17 18:41:35 | 040,277,843 | ---- | M] () -- C:\Users\Mariam\Documents\7_21_2012 -- FBI theater attack warning issued on May 17, 2012.mp4
[2012/12/17 17:22:19 | 109,440,853 | ---- | M] () -- C:\Users\Mariam\Documents\Sandy Hook Massacre Exposed_ (With Evidence) 2_2.mp4
[2012/12/17 17:13:57 | 114,025,955 | ---- | M] () -- C:\Users\Mariam\Documents\Sandy Hook Massacre Exposed_ (With Evidence) 1_2.mp4
[2012/12/17 16:45:39 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/07 08:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012/12/07 08:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012/12/07 07:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2012/12/07 07:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2012/12/07 06:20:04 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2012/12/07 06:20:03 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2012/12/07 06:20:03 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2012/12/07 06:20:01 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2012/12/07 06:20:01 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2012/12/07 06:20:01 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2012/12/07 06:20:00 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2012/12/07 06:19:59 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2012/12/07 06:19:58 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2012/12/07 06:19:57 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2012/12/07 06:19:57 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2012/12/07 06:19:57 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2012/12/07 06:19:56 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2012/12/07 06:19:55 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2012/12/07 05:46:42 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2012/12/07 05:46:42 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2012/12/07 05:46:41 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2012/12/07 05:46:41 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2012/12/07 05:46:41 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2012/12/07 05:46:41 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2012/12/07 05:46:40 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2012/12/07 05:46:39 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2012/12/07 05:46:39 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2012/12/07 05:46:38 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2012/12/07 05:46:37 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2012/12/07 05:46:37 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2012/12/07 05:46:36 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2012/12/07 05:46:36 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2012/12/03 18:41:47 | 000,001,266 | ---- | M] () -- C:\Users\Mariam\Desktop\Revo Uninstaller.lnk
[2012/11/30 21:16:15 | 000,001,044 | ---- | M] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2012/11/30 21:16:14 | 000,001,042 | ---- | M] () -- C:\Users\Mariam\Desktop\iLivid.lnk
[2012/11/30 00:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/11/30 00:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/11/30 00:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/11/30 00:45:14 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/11/30 00:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/11/30 00:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/11/30 00:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/11/30 00:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/11/30 00:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/30 00:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/30 00:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/30 00:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/11/30 00:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/30 00:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/30 00:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/30 00:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/11/30 00:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/30 00:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/11/30 00:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/11/30 00:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/11/30 00:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/11/30 00:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/30 00:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/30 00:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/11/29 23:54:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/11/29 23:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/29 23:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/29 23:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/11/29 23:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/11/29 23:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/29 23:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/11/29 23:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/11/29 23:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/11/29 23:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/11/29 23:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/29 23:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/29 23:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/29 23:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/11/29 23:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/29 23:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/11/29 22:23:48 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/11/29 21:44:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/11/29 21:44:04 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/11/29 21:44:04 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/11/29 21:44:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/11/29 21:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/11/29 21:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/29 21:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/29 21:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/11/28 15:19:16 | 065,087,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/11/23 18:34:01 | 000,001,135 | ---- | M] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/11/22 22:13:57 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2012/11/22 00:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2012/11/20 00:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/11/14 01:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/14 01:02:49 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/14 01:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/14 00:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/14 00:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/14 00:57:35 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/14 00:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/14 00:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/14 00:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/13 20:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/13 20:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/13 20:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/13 20:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/13 20:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/13 20:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/13 01:44:40 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/12 03:04:05 | 001,125,406 | ---- | M] () -- C:\Users\Mariam\Desktop\beth mortgage.tif
[2012/11/10 21:52:48 | 000,002,146 | ---- | M] () -- C:\Users\Mariam\Desktop\Scratch Live.lnk
[2012/11/09 00:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/11/08 23:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/11/08 20:15:28 | 000,088,008 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll.000.bak
[2012/11/02 00:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/11/02 00:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/22 17:24:59 | 000,000,094 | ---- | M] () -- C:\Users\Mariam\AppData\Local\fusioncache.dat
[2012/10/22 17:24:34 | 000,002,254 | ---- | M] () -- C:\Users\Mariam\Desktop\Algebra 2 Solved!.lnk
[2012/10/09 13:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/10/09 13:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/10/09 12:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/10/05 15:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mariam\Desktop\OTL.exe
[2012/10/03 12:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/10/03 12:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/10/03 12:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/10/03 11:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/10/03 11:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/10/03 11:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/09/28 10:32:56 | 005,989,776 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2012/09/25 17:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/09/25 17:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/09/24 23:16:33 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/24 20:02:05 | 000,000,786 | ---- | M] () -- C:\Users\Mariam\Desktop\Handbrake.lnk
[2012/09/14 03:21:49 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/14 03:21:49 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/10 18:04:34 | 000,050,808 | ---- | M] (Cristalink Ltd) -- C:\Windows\SysNative\drivers\SeratoUsb.sys
[2012/08/30 13:03:45 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/08/30 12:12:02 | 003,968,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/08/30 12:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/08/26 22:35:08 | 000,002,079 | ---- | M] () -- C:\Users\Mariam\Desktop\JDownloader.lnk
[2012/08/26 22:35:08 | 000,002,031 | ---- | M] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/08/24 13:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/08/22 13:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 13:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/21 16:01:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/08/21 13:01:20 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/08/21 13:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/08/02 12:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/07/25 23:55:47 | 000,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/07/25 23:47:34 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\wdf01000.sys.mui
[2012/07/25 22:08:53 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/07/25 22:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/07/25 22:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/07/25 22:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/07/25 21:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/07/12 19:03:59 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll.000.bak
[2012/07/04 17:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/07/04 17:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/07/04 16:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/07/04 15:26:03 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/06/27 14:26:47 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2012/06/14 20:21:17 | 000,104,447 | ---- | M] () -- C:\Users\Mariam\Documents\vip2.pdf
[2012/06/06 19:59:42 | 001,070,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/06/06 01:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/06/06 00:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/06/02 17:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 17:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 17:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 17:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 17:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 17:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 14:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 14:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 09:57:51 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/06/02 09:35:15 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/06/02 00:41:28 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/02 00:41:27 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/05/19 11:58:39 | 000,000,047 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/18 23:01:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/05/14 00:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/05/13 18:20:51 | 000,002,597 | ---- | M] () -- C:\Users\Public\Desktop\RSD Lite.lnk
[2012/05/05 03:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/05/04 06:00:43 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/05/04 04:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/04/26 00:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/26 00:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/26 00:34:27 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/22 13:08:54 | 000,006,475 | ---- | M] () -- C:\Users\Mariam\Output2.spv
[2012/04/22 13:06:43 | 000,006,475 | ---- | M] () -- C:\Users\Mariam\Documents\Output2.spv
[2012/04/21 15:27:57 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.tgz
[2012/04/21 15:27:57 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/04/21 15:27:57 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2012/04/21 15:27:57 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/04/21 15:27:57 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\servdat.slm
[2012/04/21 15:04:41 | 000,000,043 | ---- | M] () -- C:\Users\Mariam\dlmgr_.pro
[2012/04/11 22:32:35 | 007,925,228 | ---- | M] () -- C:\Users\Mariam\Documents\Studio 4 Mardi Gras with Dubstep track by James Dennis & Synbeatz.flv
[2012/04/11 22:31:00 | 021,699,096 | ---- | M] () -- C:\Users\Mariam\Documents\Studio 4 THURSDAY NIGHT LIVE.mp4
[2012/04/07 07:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/04/02 22:59:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/03/03 01:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/03/01 01:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/02/25 02:58:51 | 000,000,036 | ---- | M] () -- C:\Users\Mariam\AppData\Local\housecall.guid.cache
[2012/02/17 01:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/17 00:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/11 01:36:01 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/02/09 23:08:45 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/02/01 18:53:09 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/01/25 12:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) -- C:\Windows\SysNative\drivers\Motousbnet.sys
[2012/01/25 12:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) -- C:\Windows\SysNative\drivers\motmodem.sys
[2012/01/25 12:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) -- C:\Windows\SysNative\drivers\motccgpfl.sys
[2012/01/25 12:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) -- C:\Windows\SysNative\drivers\motccgp.sys

========== Files Created - No Company Name ==========

[2013/01/11 02:12:22 | 000,002,058 | ---- | C] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\PhoneClean.lnk
[2013/01/08 14:22:08 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/01/06 04:05:53 | 000,001,911 | ---- | C] () -- C:\Users\Mariam\Desktop\MediaPlayerLite.lnk
[2013/01/06 02:38:58 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/05 14:36:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2013/01/05 14:35:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2013/01/05 14:35:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2013/01/05 14:35:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2013/01/05 14:35:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2013/01/04 14:51:51 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/04 13:39:36 | 000,001,044 | ---- | C] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\MSConfigCleanUp.lnk
[2013/01/04 13:39:36 | 000,001,020 | ---- | C] () -- C:\Users\Mariam\Desktop\MSConfigCleanUp.lnk
[2013/01/04 13:37:07 | 000,001,055 | ---- | C] () -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/04 00:30:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/04 00:30:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/04 00:30:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/04 00:30:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/04 00:30:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/29 15:40:24 | 000,002,257 | ---- | C] () -- C:\Users\Mariam\Desktop\Google Chrome.lnk
[2012/12/27 23:33:58 | 000,001,284 | ---- | C] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/12/27 22:06:10 | 000,006,186 | ---- | C] () -- C:\WirelessDiagLog.csv
[2012/12/26 18:04:29 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/12/21 21:49:21 | 000,836,907 | ---- | C] () -- C:\Users\Mariam\Documents\IMG_0654.mp3
[2012/12/21 21:22:27 | 011,329,384 | ---- | C] () -- C:\Users\Mariam\Documents\IMG_0652.3gp
[2012/12/21 16:07:05 | 028,669,378 | ---- | C] () -- C:\Users\Mariam\Documents\JFK Deathbed confession - Conspiracy Theory with Jesse Ventura trutv.flv
[2012/12/21 15:30:16 | 330,266,769 | ---- | C] () -- C:\Users\Mariam\Documents\Secret Societies Conspiracy Theory Jesse Ventura.flv
[2012/12/21 15:28:39 | 199,134,097 | ---- | C] () -- C:\Users\Mariam\Documents\Conspiracy Theory W_ Jesse Ventura_ HAARP [Season 1, Episode 1] (Full Length • HD).flv
[2012/12/21 15:24:34 | 198,443,710 | ---- | C] () -- C:\Users\Mariam\Documents\Banned Episode_ Conspiracy Theory with Jesse Ventura - Police State.flv
[2012/12/21 15:23:57 | 013,070,849 | ---- | C] () -- C:\Users\Mariam\Documents\Former CIA Agent's Message to America - WATCH NOW.flv
[2012/12/21 15:21:04 | 027,252,888 | ---- | C] () -- C:\Users\Mariam\Documents\This is how they plan to KILL us - Elite Insider George Green.flv
[2012/12/21 15:19:58 | 014,998,043 | ---- | C] () -- C:\Users\Mariam\Documents\Parents smiling and waiting in line to be interviewed at Sandy Hooks school shooting..flv
[2012/12/21 15:16:49 | 019,109,423 | ---- | C] () -- C:\Users\Mariam\Documents\Sandy Hook Hoax _Medical Examiner_ Wayne Carver.flv
[2012/12/21 02:53:50 | 014,825,046 | ---- | C] () -- C:\Users\Mariam\Documents\27 Dead in Conn., 22 students stabbed in China. Today..mp4
[2012/12/21 00:38:44 | 008,289,149 | ---- | C] () -- C:\Users\Mariam\Documents\Gun Inconsistencies in Sandy Hook School Mass Shooting.flv
[2012/12/21 00:38:00 | 046,024,223 | ---- | C] () -- C:\Users\Mariam\Documents\CONN. SCHOOL SHOOTING EXPOSED FALSE FLAG 100% PROOF ILLUMINATI.flv
[2012/12/21 00:16:00 | 012,203,716 | ---- | C] () -- C:\Users\Mariam\Documents\Man Stabs 22 Children at Chinese Elementary School Vicious Attack Angers Parents!.flv
[2012/12/20 01:58:35 | 027,666,926 | ---- | C] () -- C:\Users\Mariam\Documents\9-11 The Most Important Video Ever What Happened to WTC Building 7.flv
[2012/12/20 01:50:13 | 037,015,115 | ---- | C] () -- C:\Users\Mariam\Documents\Connecticut Shooting Government Conspiracy Exposed! MUST SEE!.flv
[2012/12/20 01:44:55 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 01:44:52 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/20 01:31:18 | 028,847,521 | ---- | C] () -- C:\Users\Mariam\Documents\Rare Never before seen footage of 9_11 Wtc Attacks Controlled Demolition Septembre 11th.flv
[2012/12/20 01:29:02 | 007,349,699 | ---- | C] () -- C:\Users\Mariam\Documents\9_11 Evidence of (Controlled Demolition)Bombs Devil Face in Smoke.flv
[2012/12/20 01:18:28 | 003,318,737 | ---- | C] () -- C:\Users\Mariam\Documents\1 DAY BEFORE 911 WTC Attacks, An Amazing Thing Happened.flv
[2012/12/20 01:10:22 | 043,887,290 | ---- | C] () -- C:\Users\Mariam\Documents\DID 3000 PEOPLE REALLY DIE ON 9-11 __.flv
[2012/12/20 01:02:52 | 094,690,077 | ---- | C] () -- C:\Users\Mariam\Documents\TRUMP_ OSAMA BIN LADEN DEATH WAS A SCAM!.flv
[2012/12/20 00:57:30 | 179,461,348 | ---- | C] () -- C:\Users\Mariam\Documents\Watch this and you will know we're in END TIMES!.flv
[2012/12/20 00:56:36 | 026,007,037 | ---- | C] () -- C:\Users\Mariam\Documents\Disturbing Footage! The US Army Doesn't Want You To See THIS!.flv
[2012/12/20 00:42:56 | 034,653,425 | ---- | C] () -- C:\Users\Mariam\Documents\Mysterious Deaths of 9_11 Witnesses (MUST SEE).flv
[2012/12/20 00:42:43 | 019,735,124 | ---- | C] () -- C:\Users\Mariam\Documents\9_11 Fake_ DEBUNKED! Live Footage No Plane Seen Before South Tower Explosion.flv
[2012/12/20 00:30:39 | 006,966,934 | ---- | C] () -- C:\Users\Mariam\Documents\The missile that hit WTC 2 in Slow Motion.flv
[2012/12/20 00:12:11 | 000,593,909 | ---- | C] () -- C:\Users\Mariam\Documents\Here's something the government didn't want you to see.flv
[2012/12/19 23:54:34 | 004,954,023 | ---- | C] () -- C:\Users\Mariam\Documents\Sandy Hook IN BATMAN movie!!!! Another reference to the Connecticut shooting !!!.flv
[2012/12/19 23:46:59 | 076,538,472 | ---- | C] () -- C:\Users\Mariam\Documents\father ROBBIE PARKER of emilie parker speaks out FULL LENGTH.flv
[2012/12/19 23:26:55 | 008,167,009 | ---- | C] () -- C:\Users\Mariam\Documents\Who Shot JFK_!_!.flv
[2012/12/19 23:21:31 | 021,392,773 | ---- | C] () -- C:\Users\Mariam\Documents\2012_ The Year Of The 2nd American Revolution.flv
[2012/12/19 23:15:18 | 008,010,377 | ---- | C] () -- C:\Users\Mariam\Documents\Obama's crocodile tears - Fake crying after Sandy Hook shooting.mp4
[2012/12/19 22:07:18 | 028,880,807 | ---- | C] () -- C:\Users\Mariam\Documents\Sandyhook Hurricane Clackamas Aurora Shootings and MORE. FALSE FLAG. FOR NWO GUN GRAB.flv
[2012/12/19 22:03:46 | 206,172,126 | ---- | C] () -- C:\Users\Mariam\Documents\SANDY HOOK MASSACRE ~ FALSE FLAG.mp4
[2012/12/19 21:55:29 | 022,116,397 | ---- | C] () -- C:\Users\Mariam\Documents\Sandy Hook school news FLASH!.flv
[2012/12/19 21:39:25 | 019,277,533 | ---- | C] () -- C:\Users\Mariam\Documents\Welcome the Family Known as the _Bullcrap's_ (sandy-hook HOAX!).mp4
[2012/12/19 21:35:23 | 003,673,067 | ---- | C] () -- C:\Users\Mariam\Documents\Sandy Hook Shooting Exposed As a Fruad.flv
[2012/12/17 18:34:34 | 040,277,843 | ---- | C] () -- C:\Users\Mariam\Documents\7_21_2012 -- FBI theater attack warning issued on May 17, 2012.mp4
[2012/12/17 16:58:55 | 109,440,853 | ---- | C] () -- C:\Users\Mariam\Documents\Sandy Hook Massacre Exposed_ (With Evidence) 2_2.mp4
[2012/12/17 16:51:32 | 114,025,955 | ---- | C] () -- C:\Users\Mariam\Documents\Sandy Hook Massacre Exposed_ (With Evidence) 1_2.mp4
[2012/12/17 16:45:39 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/12/03 18:41:47 | 000,001,266 | ---- | C] () -- C:\Users\Mariam\Desktop\Revo Uninstaller.lnk
[2012/11/30 21:16:15 | 000,001,050 | ---- | C] () -- C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2012/11/30 21:16:15 | 000,001,044 | ---- | C] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2012/11/30 21:16:14 | 000,001,042 | ---- | C] () -- C:\Users\Mariam\Desktop\iLivid.lnk
[2012/11/13 19:28:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/13 19:22:16 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 01:44:40 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/12 03:04:05 | 001,125,406 | ---- | C] () -- C:\Users\Mariam\Desktop\beth mortgage.tif
[2012/11/10 21:52:48 | 000,002,146 | ---- | C] () -- C:\Users\Mariam\Desktop\Scratch Live.lnk
[2012/10/29 16:57:32 | 000,001,077 | ---- | C] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012/10/29 16:57:32 | 000,001,053 | ---- | C] () -- C:\Users\Mariam\Desktop\Orbit.lnk
[2012/10/22 17:24:59 | 000,000,094 | ---- | C] () -- C:\Users\Mariam\AppData\Local\fusioncache.dat
[2012/10/22 17:24:34 | 000,002,254 | ---- | C] () -- C:\Users\Mariam\Desktop\Algebra 2 Solved!.lnk
[2012/09/24 22:50:34 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System\vdremote.dll
[2012/09/24 22:50:34 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System\vdsvrlnk.dll
[2012/09/24 20:02:05 | 000,000,786 | ---- | C] () -- C:\Users\Mariam\Desktop\Handbrake.lnk
[2012/08/26 22:35:09 | 000,002,079 | ---- | C] () -- C:\Users\Mariam\Desktop\JDownloader.lnk
[2012/08/26 22:35:08 | 000,002,031 | ---- | C] () -- C:\Users\Mariam\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/08/26 22:35:08 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012/08/26 22:35:07 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/08/26 22:35:07 | 000,002,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012/08/01 17:23:56 | 000,215,848 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/06/14 20:21:17 | 000,104,447 | ---- | C] () -- C:\Users\Mariam\Documents\vip2.pdf
[2012/05/19 11:58:39 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/05/18 23:01:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/05/13 18:20:51 | 000,002,609 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk
[2012/05/13 18:20:51 | 000,002,597 | ---- | C] () -- C:\Users\Public\Desktop\RSD Lite.lnk
[2012/05/10 18:25:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/22 13:08:54 | 000,006,475 | ---- | C] () -- C:\Users\Mariam\Output2.spv
[2012/04/21 20:47:21 | 000,006,475 | ---- | C] () -- C:\Users\Mariam\Documents\Output2.spv
[2012/04/21 15:27:57 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.tgz
[2012/04/21 15:27:57 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/04/21 15:27:57 | 000,000,219 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.tgz
[2012/04/21 15:27:57 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/04/21 15:27:57 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\servdat.slm
[2012/04/21 15:04:33 | 000,000,043 | ---- | C] () -- C:\Users\Mariam\dlmgr_.pro
[2012/04/11 22:30:47 | 021,699,096 | ---- | C] () -- C:\Users\Mariam\Documents\Studio 4 THURSDAY NIGHT LIVE.mp4
[2012/04/11 22:30:32 | 007,925,228 | ---- | C] () -- C:\Users\Mariam\Documents\Studio 4 Mardi Gras with Dubstep track by James Dennis & Synbeatz.flv
[2012/04/02 22:59:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/03/29 21:23:48 | 000,001,025 | ---- | C] () -- C:\Users\Mariam\Desktop\Dropbox.lnk
[2012/03/28 20:28:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/25 03:16:53 | 007,175,493 | ---- | C] () -- C:\Users\Mariam\AppData\Local\census.cache
[2012/02/25 03:13:56 | 000,124,064 | ---- | C] () -- C:\Users\Mariam\AppData\Local\ars.cache
[2012/02/25 02:58:51 | 000,000,036 | ---- | C] () -- C:\Users\Mariam\AppData\Local\housecall.guid.cache
[2012/02/09 23:08:45 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/02/01 18:53:08 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/02/01 18:53:00 | 000,000,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2011/12/25 02:46:33 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/18 21:40:39 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/11/18 21:40:34 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/11/18 21:40:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/11/18 21:40:32 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/11/18 21:40:31 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2011/02/10 11:10:51 | 000,791,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#11 moselbee

moselbee
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 16 January 2013 - 10:12 PM

I actually think i stopped whatever the spywear was, but i really want to know when it was put on and if it is gone... I believe it was tied in chrome bc it was always running.. it went with a spywear that is also on my cell phone which i am working on removing, but trying to pin point the time of installation.. humm Thank you much for any help! AND it only opened one report?

Edited by moselbee, 16 January 2013 - 10:15 PM.


#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:54 PM

Posted 17 January 2013 - 12:33 PM

moselbee,

I don't see any malware in that report. However, a couple other things...

:step1: It looks like Combofix was run. If it exists, please copy/paste the Combofix log located at C:\Combofix.txt into your next reply.

:step2: Do you recognize this program?

LogMeIn

I ask because it is a legitimate program, allowing remote access to your computer. If you don't recognize/use this program, I would recommend uninstalling it.

:step3: TDSSkiller
  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply


In your next reply, please include:
  • Combofix log (if it exists, it'll be located at C:\Combofix.txt)
  • Do you recognize LogMeIn?
  • TDSSkiller log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 moselbee

moselbee
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 17 January 2013 - 02:47 PM

Thank You!!!!

ComboFix 13-01-16.01 - Mariam 01/16/2013 21:08:35.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3990.2006 [GMT -5:00]
Running from: c:\users\Mariam\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 )))))))))))))))))))))))))))))))
.
.
2013-01-17 02:14 . 2013-01-17 02:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-17 02:14 . 2013-01-17 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-17 01:28 . 2013-01-17 01:28 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EB8E159-1FB6-4D84-9D7F-6622B0AE3A35}\offreg.dll
2013-01-16 22:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EB8E159-1FB6-4D84-9D7F-6622B0AE3A35}\mpengine.dll
2013-01-11 07:18 . 2013-01-11 07:18 -------- d-----w- c:\users\Mariam\AppData\Local\iMobie_Inc
2013-01-11 07:12 . 2013-01-11 07:12 -------- d-----w- c:\users\Mariam\AppData\Roaming\iMobie
2013-01-11 07:12 . 2013-01-11 07:12 -------- d-----w- c:\program files (x86)\iMobie
2013-01-10 08:08 . 2013-01-10 08:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-01-09 21:12 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 21:12 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-08 19:22 . 2013-01-08 19:22 -------- d-----w- c:\program files (x86)\FileASSASSIN
2013-01-08 07:21 . 2013-01-08 07:21 -------- d-----w- c:\program files (x86)\Research In Motion Limited
2013-01-08 07:21 . 2013-01-08 07:21 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2013-01-06 09:07 . 2013-01-06 09:07 -------- d-----w- c:\users\Mariam\AppData\Roaming\Media Player Lite
2013-01-06 09:05 . 2013-01-06 09:05 -------- d-----w- c:\program files (x86)\MediaPlayerLite
2013-01-06 09:03 . 2013-01-06 09:03 -------- d-----w- c:\programdata\APN
2013-01-06 07:38 . 2013-01-06 07:38 -------- d-----w- c:\users\Mariam\AppData\Local\Programs
2013-01-05 21:17 . 2013-01-05 21:17 -------- d-----w- c:\program files (x86)\KeyScrambler
2013-01-05 21:17 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2013-01-04 19:51 . 2013-01-04 19:51 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-04 19:51 . 2013-01-04 19:51 -------- d-----w- c:\program files\iTunes
2013-01-04 19:51 . 2013-01-04 19:51 -------- d-----w- c:\program files (x86)\iTunes
2013-01-04 19:51 . 2013-01-04 19:51 -------- d-----w- c:\program files\iPod
2013-01-04 18:39 . 2013-01-04 18:39 -------- d-----w- c:\program files (x86)\MSConfig CleanUp
2013-01-04 02:42 . 2013-01-04 02:42 -------- d-----w- c:\program files (x86)\ESET
2013-01-02 17:27 . 2013-01-02 17:27 388096 ----a-r- c:\users\Mariam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-02 17:27 . 2013-01-02 17:27 -------- d-----w- c:\program files (x86)\Trend Micro
2012-12-28 05:36 . 2012-12-28 05:36 -------- d-----w- c:\users\Mariam\AppData\Roaming\QFX Software
2012-12-28 05:36 . 2012-12-28 05:36 -------- d-----w- c:\programdata\QFX Software
2012-12-28 04:33 . 2013-01-11 21:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-28 04:33 . 2012-12-28 04:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-12-28 03:10 . 2012-12-28 03:10 -------- d-----w- c:\program files\Dell Support Center
2012-12-26 23:04 . 2012-12-26 23:04 -------- d-----w- c:\programdata\RealNetworks
2012-12-26 23:03 . 2012-12-26 23:03 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-12-26 23:03 . 2012-12-26 23:03 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-12-26 23:03 . 2012-12-26 23:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 08:05 . 2011-11-26 01:20 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 07:43 . 2012-05-10 23:25 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 07:43 . 2011-11-19 01:23 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-06 07:35 . 2012-02-01 23:53 88600 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-01-06 07:35 . 2012-02-01 23:53 35832 ----a-w- c:\windows\system32\LMIport.dll
2013-01-06 07:35 . 2012-02-01 23:53 84472 ----a-w- c:\windows\system32\LMIinit.dll
2012-12-14 21:49 . 2012-01-02 03:23 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 21:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 08:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 08:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 08:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 08:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 08:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 08:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 08:02 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 08:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 08:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 08:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 08:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 08:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 08:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 08:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 08:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-11 02:52 . 2012-11-11 02:52 122880 ----a-r- c:\users\Mariam\AppData\Roaming\Microsoft\Installer\{1173F828-08FB-4C84-A7F5-B3222757A926}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2012-11-11 02:52 . 2012-11-11 02:52 122880 ----a-r- c:\users\Mariam\AppData\Roaming\Microsoft\Installer\{1173F828-08FB-4C84-A7F5-B3222757A926}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2012-11-09 05:45 . 2012-12-12 19:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 19:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-09 01:15 . 2012-02-01 23:53 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-11-02 05:59 . 2012-12-12 19:03 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 19:03 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-22 22:24 . 2012-10-22 22:24 61440 ----a-r- c:\users\Mariam\AppData\Roaming\Microsoft\Installer\{E51E08E3-BBD2-40AD-8F9F-4BF9DEA54B44}\NewShortcut2_E51E08E3BBD240AD8F9F4BF9DEA54B44.exe
2012-10-22 22:24 . 2012-10-22 22:24 61440 ----a-r- c:\users\Mariam\AppData\Roaming\Microsoft\Installer\{E51E08E3-BBD2-40AD-8F9F-4BF9DEA54B44}\NewShortcut1_E51E08E3BBD240AD8F9F4BF9DEA54B44.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-11-29 20:26 3908192 ----a-w- c:\program files (x86)\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Mariam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Mariam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Mariam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Mariam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-07-27 1261512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mariam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/11/18 20:14;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-12 248304]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-01-31 121960]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-14 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AirPrint;AirPrint;c:\program files (x86)\AirPrint\airprint.exe [2012-10-05 234784]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-01-06 376320]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 222904]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 21:06 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 07:43]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 06:44]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 06:44]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002Core.job
- c:\users\Mariam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 05:59]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002UA.job
- c:\users\Mariam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 05:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Mariam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Mariam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Mariam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Mariam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: dell.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://76.236.90.16:88/DVRemoteAx.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-16 21:17:16
ComboFix-quarantined-files.txt 2013-01-17 02:17
ComboFix2.txt 2013-01-09 21:25
ComboFix3.txt 2013-01-04 19:06
ComboFix4.txt 2013-01-04 18:53
ComboFix5.txt 2013-01-17 02:06
.
Pre-Run: 200,256,880,640 bytes free
Post-Run: 199,813,853,184 bytes free
.
- - End Of File - - 213D0F40F8DEDE950CFB797D1E2A77BA


Yes I do use log me in.. It is definitely mine...

Kap seems clean?!
14:44:10.0779 4080 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:44:11.0151 4080 ============================================================
14:44:11.0151 4080 Current date / time: 2013/01/17 14:44:11.0151
14:44:11.0151 4080 SystemInfo:
14:44:11.0151 4080
14:44:11.0151 4080 OS Version: 6.1.7601 ServicePack: 1.0
14:44:11.0151 4080 Product type: Workstation
14:44:11.0151 4080 ComputerName: MARIAM-PC
14:44:11.0151 4080 UserName: Mariam
14:44:11.0151 4080 Windows directory: C:\Windows
14:44:11.0151 4080 System windows directory: C:\Windows
14:44:11.0151 4080 Running under WOW64
14:44:11.0151 4080 Processor architecture: Intel x64
14:44:11.0152 4080 Number of processors: 8
14:44:11.0152 4080 Page size: 0x1000
14:44:11.0152 4080 Boot type: Normal boot
14:44:11.0152 4080 ============================================================
14:44:12.0382 4080 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:44:12.0399 4080 ============================================================
14:44:12.0399 4080 \Device\Harddisk0\DR0:
14:44:12.0402 4080 MBR partitions:
14:44:12.0402 4080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
14:44:12.0402 4080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
14:44:12.0402 4080 ============================================================
14:44:12.0456 4080 C: <-> \Device\Harddisk0\DR0\Partition2
14:44:12.0456 4080 ============================================================
14:44:12.0456 4080 Initialize success
14:44:12.0456 4080 ============================================================
14:44:40.0338 2848 ============================================================
14:44:40.0338 2848 Scan started
14:44:40.0338 2848 Mode: Manual; TDLFS;
14:44:40.0338 2848 ============================================================
14:44:41.0855 2848 ================ Scan system memory ========================
14:44:41.0855 2848 System memory - ok
14:44:41.0855 2848 ================ Scan services =============================
14:44:42.0660 2848 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:44:42.0661 2848 1394ohci - ok
14:44:42.0719 2848 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:44:42.0720 2848 ACPI - ok
14:44:42.0757 2848 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:44:42.0757 2848 AcpiPmi - ok
14:44:42.0975 2848 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:44:42.0976 2848 AdobeARMservice - ok
14:44:43.0848 2848 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:43.0849 2848 AdobeFlashPlayerUpdateSvc - ok
14:44:43.0889 2848 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:44:43.0893 2848 adp94xx - ok
14:44:44.0057 2848 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:44:44.0058 2848 adpahci - ok
14:44:44.0107 2848 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:44:44.0108 2848 adpu320 - ok
14:44:44.0147 2848 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:44:44.0147 2848 AeLookupSvc - ok
14:44:44.0236 2848 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:44:44.0237 2848 AERTFilters - ok
14:44:44.0320 2848 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:44:44.0322 2848 AFD - ok
14:44:44.0377 2848 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:44:44.0378 2848 agp440 - ok
14:44:44.0494 2848 AirPrint - ok
14:44:44.0518 2848 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:44:44.0519 2848 ALG - ok
14:44:44.0556 2848 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:44:44.0557 2848 aliide - ok
14:44:44.0607 2848 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:44:44.0607 2848 amdide - ok
14:44:44.0636 2848 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:44:44.0636 2848 AmdK8 - ok
14:44:44.0705 2848 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:44:44.0706 2848 AmdPPM - ok
14:44:44.0721 2848 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:44:44.0722 2848 amdsata - ok
14:44:44.0757 2848 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:44:44.0758 2848 amdsbs - ok
14:44:44.0772 2848 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:44:44.0772 2848 amdxata - ok
14:44:44.0945 2848 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
14:44:44.0946 2848 AMPPAL - ok
14:44:45.0005 2848 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
14:44:45.0007 2848 AMPPALP - ok
14:44:45.0282 2848 [ 864C632B999BE1237A3DC46736E71F27 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
14:44:45.0290 2848 AMPPALR3 - ok
14:44:45.0369 2848 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:44:45.0370 2848 AppID - ok
14:44:45.0409 2848 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:44:45.0409 2848 AppIDSvc - ok
14:44:45.0432 2848 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:44:45.0433 2848 Appinfo - ok
14:44:45.0629 2848 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:44:45.0630 2848 Apple Mobile Device - ok
14:44:45.0728 2848 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:44:45.0729 2848 arc - ok
14:44:45.0752 2848 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:44:45.0753 2848 arcsas - ok
14:44:46.0052 2848 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:44:46.0053 2848 aspnet_state - ok
14:44:46.0079 2848 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:46.0079 2848 AsyncMac - ok
14:44:46.0129 2848 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:44:46.0129 2848 atapi - ok
14:44:46.0221 2848 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:44:46.0224 2848 AudioEndpointBuilder - ok
14:44:46.0376 2848 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:44:46.0381 2848 AudioSrv - ok
14:44:46.0543 2848 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:44:46.0544 2848 AxInstSV - ok
14:44:46.0662 2848 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:44:46.0665 2848 b06bdrv - ok
14:44:46.0743 2848 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:44:46.0745 2848 b57nd60a - ok
14:44:46.0803 2848 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:44:46.0804 2848 BDESVC - ok
14:44:46.0926 2848 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:44:46.0926 2848 Beep - ok
14:44:47.0060 2848 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:44:47.0065 2848 BFE - ok
14:44:47.0225 2848 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:44:47.0229 2848 BITS - ok
14:44:47.0306 2848 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:44:47.0306 2848 blbdrive - ok
14:44:47.0394 2848 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:44:47.0397 2848 Bonjour Service - ok
14:44:47.0484 2848 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:44:47.0485 2848 bowser - ok
14:44:47.0502 2848 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:44:47.0502 2848 BrFiltLo - ok
14:44:47.0514 2848 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:44:47.0514 2848 BrFiltUp - ok
14:44:47.0589 2848 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:44:47.0590 2848 BridgeMP - ok
14:44:47.0709 2848 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:44:47.0710 2848 Browser - ok
14:44:47.0800 2848 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:44:47.0802 2848 Brserid - ok
14:44:47.0882 2848 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:44:47.0883 2848 BrSerWdm - ok
14:44:47.0895 2848 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:44:47.0895 2848 BrUsbMdm - ok
14:44:47.0911 2848 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:44:47.0911 2848 BrUsbSer - ok
14:44:47.0937 2848 [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
14:44:47.0937 2848 BTCFilterService - ok
14:44:47.0958 2848 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:44:47.0959 2848 BTHMODEM - ok
14:44:48.0014 2848 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:44:48.0015 2848 bthserv - ok
14:44:48.0062 2848 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
14:44:48.0063 2848 BTHSSecurityMgr - ok
14:44:48.0094 2848 catchme - ok
14:44:48.0128 2848 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:44:48.0129 2848 cdfs - ok
14:44:48.0212 2848 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:44:48.0213 2848 cdrom - ok
14:44:48.0435 2848 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:44:48.0436 2848 CertPropSvc - ok
14:44:48.0502 2848 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:44:48.0502 2848 circlass - ok
14:44:48.0588 2848 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:44:48.0591 2848 CLFS - ok
14:44:48.0811 2848 [ BB86F147B2A7152E4B4D71A2F0A87D41 ] CLKMSVC10_9EC60124 c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
14:44:48.0813 2848 CLKMSVC10_9EC60124 - ok
14:44:49.0096 2848 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:44:49.0098 2848 clr_optimization_v2.0.50727_32 - ok
14:44:49.0281 2848 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:44:49.0282 2848 clr_optimization_v2.0.50727_64 - ok
14:44:49.0502 2848 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:44:49.0503 2848 clr_optimization_v4.0.30319_32 - ok
14:44:49.0544 2848 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:44:49.0545 2848 clr_optimization_v4.0.30319_64 - ok
14:44:49.0611 2848 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:44:49.0611 2848 CmBatt - ok
14:44:49.0635 2848 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:44:49.0636 2848 cmdide - ok
14:44:49.0740 2848 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:44:49.0743 2848 CNG - ok
14:44:49.0803 2848 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:44:49.0804 2848 Compbatt - ok
14:44:49.0851 2848 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:44:49.0851 2848 CompositeBus - ok
14:44:49.0863 2848 COMSysApp - ok
14:44:49.0881 2848 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:44:49.0881 2848 crcdisk - ok
14:44:49.0993 2848 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:44:49.0994 2848 CryptSvc - ok
14:44:50.0174 2848 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:44:50.0175 2848 CtClsFlt - ok
14:44:50.0369 2848 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:44:50.0373 2848 DcomLaunch - ok
14:44:50.0548 2848 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:44:50.0550 2848 defragsvc - ok
14:44:50.0634 2848 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:44:50.0635 2848 DfsC - ok
14:44:50.0692 2848 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:44:50.0695 2848 Dhcp - ok
14:44:50.0727 2848 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:44:50.0727 2848 discache - ok
14:44:50.0764 2848 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:44:50.0765 2848 Disk - ok
14:44:50.0787 2848 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:44:50.0789 2848 Dnscache - ok
14:44:50.0858 2848 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:44:50.0860 2848 dot3svc - ok
14:44:50.0928 2848 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:44:50.0929 2848 Dot4 - ok
14:44:50.0967 2848 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:44:50.0967 2848 Dot4Print - ok
14:44:51.0075 2848 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:44:51.0076 2848 dot4usb - ok
14:44:51.0137 2848 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:44:51.0138 2848 DPS - ok
14:44:51.0286 2848 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:44:51.0286 2848 drmkaud - ok
14:44:51.0521 2848 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:44:51.0527 2848 DXGKrnl - ok
14:44:51.0618 2848 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:44:51.0619 2848 EapHost - ok
14:44:52.0219 2848 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:44:52.0233 2848 ebdrv - ok
14:44:52.0300 2848 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:44:52.0302 2848 EFS - ok
14:44:52.0523 2848 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:44:52.0526 2848 ehRecvr - ok
14:44:52.0623 2848 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:44:52.0624 2848 ehSched - ok
14:44:52.0748 2848 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:44:52.0751 2848 elxstor - ok
14:44:52.0810 2848 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:44:52.0811 2848 ErrDev - ok
14:44:52.0918 2848 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:44:52.0921 2848 EventSystem - ok
14:44:53.0515 2848 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:44:53.0522 2848 EvtEng - ok
14:44:53.0740 2848 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:44:53.0742 2848 exfat - ok
14:44:53.0855 2848 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:44:53.0856 2848 fastfat - ok
14:44:54.0005 2848 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:44:54.0010 2848 Fax - ok
14:44:54.0055 2848 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:44:54.0055 2848 fdc - ok
14:44:54.0080 2848 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:44:54.0081 2848 fdPHost - ok
14:44:54.0100 2848 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:44:54.0101 2848 FDResPub - ok
14:44:54.0134 2848 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:44:54.0134 2848 FileInfo - ok
14:44:54.0154 2848 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:44:54.0154 2848 Filetrace - ok
14:44:54.0176 2848 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:44:54.0176 2848 flpydisk - ok
14:44:54.0223 2848 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:44:54.0225 2848 FltMgr - ok
14:44:54.0449 2848 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:44:54.0457 2848 FontCache - ok
14:44:54.0559 2848 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:44:54.0559 2848 FontCache3.0.0.0 - ok
14:44:54.0586 2848 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:44:54.0586 2848 FsDepends - ok
14:44:54.0619 2848 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:44:54.0620 2848 Fs_Rec - ok
14:44:54.0710 2848 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:44:54.0712 2848 fvevol - ok
14:44:54.0776 2848 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:44:54.0777 2848 gagp30kx - ok
14:44:54.0869 2848 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:44:54.0870 2848 GEARAspiWDM - ok
14:44:55.0007 2848 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:44:55.0012 2848 gpsvc - ok
14:44:55.0154 2848 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:44:55.0155 2848 gupdate - ok
14:44:55.0193 2848 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:44:55.0194 2848 gupdatem - ok
14:44:55.0241 2848 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:44:55.0242 2848 hcw85cir - ok
14:44:55.0276 2848 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:44:55.0277 2848 HDAudBus - ok
14:44:55.0303 2848 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:44:55.0304 2848 HidBatt - ok
14:44:55.0324 2848 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:44:55.0325 2848 HidBth - ok
14:44:55.0395 2848 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:44:55.0395 2848 HidIr - ok
14:44:55.0431 2848 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:44:55.0432 2848 hidserv - ok
14:44:55.0506 2848 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:44:55.0506 2848 HidUsb - ok
14:44:55.0717 2848 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:44:55.0719 2848 hkmsvc - ok
14:44:55.0752 2848 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:44:55.0753 2848 HomeGroupListener - ok
14:44:55.0818 2848 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:44:55.0821 2848 HomeGroupProvider - ok
14:44:55.0920 2848 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:44:55.0921 2848 HpSAMD - ok
14:44:56.0063 2848 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:44:56.0067 2848 HTTP - ok
14:44:56.0136 2848 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:44:56.0136 2848 hwpolicy - ok
14:44:56.0182 2848 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:44:56.0183 2848 i8042prt - ok
14:44:56.0268 2848 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
14:44:56.0270 2848 iaStor - ok
14:44:56.0361 2848 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:44:56.0364 2848 iaStorV - ok
14:44:56.0470 2848 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:44:56.0474 2848 idsvc - ok
14:44:58.0352 2848 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:44:58.0404 2848 igfx - ok
14:44:58.0447 2848 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:44:58.0448 2848 iirsp - ok
14:44:58.0588 2848 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:44:58.0592 2848 IKEEXT - ok
14:44:58.0703 2848 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
14:44:58.0704 2848 Impcd - ok
14:44:58.0851 2848 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
14:44:58.0852 2848 intaud_WaveExtensible - ok
14:44:59.0250 2848 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:44:59.0262 2848 IntcAzAudAddService - ok
14:44:59.0366 2848 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:44:59.0367 2848 IntcDAud - ok
14:44:59.0449 2848 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:44:59.0449 2848 intelide - ok
14:44:59.0557 2848 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:44:59.0558 2848 intelppm - ok
14:44:59.0607 2848 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:44:59.0608 2848 IPBusEnum - ok
14:44:59.0672 2848 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:59.0673 2848 IpFilterDriver - ok
14:44:59.0773 2848 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:44:59.0777 2848 iphlpsvc - ok
14:44:59.0803 2848 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:44:59.0803 2848 IPMIDRV - ok
14:44:59.0822 2848 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:44:59.0823 2848 IPNAT - ok
14:45:00.0025 2848 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:45:00.0029 2848 iPod Service - ok
14:45:00.0086 2848 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:45:00.0087 2848 IRENUM - ok
14:45:00.0110 2848 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:45:00.0110 2848 isapnp - ok
14:45:00.0155 2848 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:45:00.0157 2848 iScsiPrt - ok
14:45:00.0186 2848 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
14:45:00.0187 2848 ivusb - ok
14:45:00.0231 2848 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
14:45:00.0232 2848 iwdbus - ok
14:45:00.0285 2848 [ 43F319DE026E04B9CF9219A14BF24FE8 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
14:45:00.0286 2848 JMCR - ok
14:45:00.0456 2848 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:45:00.0456 2848 kbdclass - ok
14:45:00.0472 2848 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:45:00.0472 2848 kbdhid - ok
14:45:00.0485 2848 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:45:00.0486 2848 KeyIso - ok
14:45:00.0565 2848 [ E3CF421210EBDDACB4590AE67A0226DC ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
14:45:00.0567 2848 KeyScrambler - ok
14:45:00.0603 2848 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:45:00.0604 2848 KSecDD - ok
14:45:00.0735 2848 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:45:00.0736 2848 KSecPkg - ok
14:45:00.0780 2848 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:45:00.0781 2848 ksthunk - ok
14:45:00.0874 2848 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:45:00.0876 2848 KtmRm - ok
14:45:00.0944 2848 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:45:00.0946 2848 LanmanServer - ok
14:45:00.0967 2848 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:45:00.0969 2848 LanmanWorkstation - ok
14:45:01.0006 2848 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:45:01.0006 2848 lltdio - ok
14:45:01.0087 2848 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:45:01.0089 2848 lltdsvc - ok
14:45:01.0154 2848 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:45:01.0155 2848 lmhosts - ok
14:45:01.0383 2848 [ 6DE9FEEC4001C81E77CFB67E577F2F2E ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
14:45:01.0385 2848 LMIGuardianSvc - ok
14:45:01.0461 2848 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
14:45:01.0461 2848 LMIInfo - ok
14:45:01.0515 2848 [ 80E542FC3BCB6B3A8A37A7A0DFAEE455 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
14:45:01.0515 2848 LMIMaint - ok
14:45:01.0574 2848 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
14:45:01.0575 2848 lmimirr - ok
14:45:01.0619 2848 LMIRfsClientNP - ok
14:45:01.0709 2848 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
14:45:01.0710 2848 LMIRfsDriver - ok
14:45:01.0855 2848 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:45:01.0856 2848 LMS - ok
14:45:02.0215 2848 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
14:45:02.0217 2848 LogMeIn - ok
14:45:02.0250 2848 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:45:02.0251 2848 LSI_FC - ok
14:45:02.0276 2848 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:45:02.0277 2848 LSI_SAS - ok
14:45:02.0307 2848 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:45:02.0307 2848 LSI_SAS2 - ok
14:45:02.0328 2848 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:45:02.0329 2848 LSI_SCSI - ok
14:45:02.0368 2848 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:45:02.0369 2848 luafv - ok
14:45:02.0420 2848 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:45:02.0421 2848 Mcx2Svc - ok
14:45:02.0444 2848 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:45:02.0445 2848 megasas - ok
14:45:02.0481 2848 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:45:02.0483 2848 MegaSR - ok
14:45:02.0549 2848 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:45:02.0549 2848 MEIx64 - ok
14:45:02.0756 2848 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:45:02.0757 2848 Microsoft Office Groove Audit Service - ok
14:45:02.0796 2848 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:45:02.0797 2848 MMCSS - ok
14:45:02.0825 2848 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:45:02.0825 2848 Modem - ok
14:45:02.0844 2848 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:45:02.0845 2848 monitor - ok
14:45:02.0866 2848 [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys
14:45:02.0866 2848 motandroidusb - ok
14:45:02.0911 2848 [ 85198FB1E5CC4A9DB03443A385EA0AD2 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
14:45:02.0911 2848 motccgp - ok
14:45:02.0981 2848 [ 577399C75CF85AC68E7830EB150F45EF ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
14:45:02.0982 2848 motccgpfl - ok
14:45:03.0106 2848 [ 3CC500C9B0E4D476802D277353CB2C89 ] MotDev C:\Windows\system32\DRIVERS\motodrv.sys
14:45:03.0107 2848 MotDev - ok
14:45:03.0161 2848 [ 0EF6B989AF403C1C1B6EBCBD2A280612 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
14:45:03.0161 2848 motmodem - ok
14:45:03.0242 2848 [ 290750346F5937B02F62594B8EB03215 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
14:45:03.0243 2848 MotoHelper - ok
14:45:03.0300 2848 [ EBD05F60CAFC5BBA2602B8D7101082D3 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
14:45:03.0301 2848 MotoSwitchService - ok
14:45:03.0341 2848 [ 7E1BD35249F4D5A745144B3C77F9FB85 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
14:45:03.0341 2848 Motousbnet - ok
14:45:03.0369 2848 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:45:03.0369 2848 mouclass - ok
14:45:03.0414 2848 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
14:45:03.0415 2848 mouhid - ok
14:45:03.0427 2848 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:45:03.0428 2848 mountmgr - ok
14:45:03.0475 2848 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:45:03.0476 2848 mpio - ok
14:45:03.0492 2848 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:45:03.0493 2848 mpsdrv - ok
14:45:03.0663 2848 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:45:03.0667 2848 MpsSvc - ok
14:45:03.0751 2848 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:45:03.0752 2848 MRxDAV - ok
14:45:03.0809 2848 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:45:03.0810 2848 mrxsmb - ok
14:45:03.0885 2848 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:45:03.0886 2848 mrxsmb10 - ok
14:45:03.0896 2848 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:45:03.0897 2848 mrxsmb20 - ok
14:45:03.0934 2848 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:45:03.0935 2848 msahci - ok
14:45:03.0962 2848 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:45:03.0963 2848 msdsm - ok
14:45:03.0999 2848 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:45:04.0001 2848 MSDTC - ok
14:45:04.0079 2848 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:45:04.0080 2848 Msfs - ok
14:45:04.0096 2848 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:45:04.0097 2848 mshidkmdf - ok
14:45:04.0111 2848 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:45:04.0111 2848 msisadrv - ok
14:45:04.0156 2848 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:45:04.0157 2848 MSiSCSI - ok
14:45:04.0160 2848 msiserver - ok
14:45:04.0197 2848 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:45:04.0198 2848 MSKSSRV - ok
14:45:04.0280 2848 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:45:04.0280 2848 MSPCLOCK - ok
14:45:04.0284 2848 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:45:04.0284 2848 MSPQM - ok
14:45:04.0344 2848 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:45:04.0346 2848 MsRPC - ok
14:45:04.0361 2848 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:45:04.0361 2848 mssmbios - ok
14:45:04.0365 2848 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:45:04.0365 2848 MSTEE - ok
14:45:04.0375 2848 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:45:04.0375 2848 MTConfig - ok
14:45:04.0393 2848 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:45:04.0394 2848 Mup - ok
14:45:04.0471 2848 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
14:45:04.0473 2848 MyWiFiDHCPDNS - ok
14:45:04.0544 2848 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:45:04.0547 2848 napagent - ok
14:45:04.0636 2848 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:45:04.0637 2848 NativeWifiP - ok
14:45:04.0762 2848 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:45:04.0766 2848 NDIS - ok
14:45:04.0821 2848 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:45:04.0822 2848 NdisCap - ok
14:45:04.0876 2848 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:45:04.0876 2848 NdisTapi - ok
14:45:04.0885 2848 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:45:04.0886 2848 Ndisuio - ok
14:45:04.0917 2848 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:45:04.0918 2848 NdisWan - ok
14:45:04.0929 2848 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:45:04.0930 2848 NDProxy - ok
14:45:04.0970 2848 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:45:04.0971 2848 NetBIOS - ok
14:45:04.0992 2848 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:45:04.0994 2848 NetBT - ok
14:45:05.0007 2848 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:45:05.0008 2848 Netlogon - ok
14:45:05.0105 2848 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:45:05.0130 2848 Netman - ok
14:45:05.0286 2848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:05.0287 2848 NetMsmqActivator - ok
14:45:05.0290 2848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:05.0291 2848 NetPipeActivator - ok
14:45:05.0350 2848 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:45:05.0353 2848 netprofm - ok
14:45:05.0356 2848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:05.0357 2848 NetTcpActivator - ok
14:45:05.0360 2848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:05.0361 2848 NetTcpPortSharing - ok
14:45:06.0482 2848 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
14:45:06.0520 2848 NETwNs64 - ok
14:45:06.0569 2848 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:45:06.0570 2848 nfrd960 - ok
14:45:06.0655 2848 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:45:06.0657 2848 NlaSvc - ok
14:45:06.0676 2848 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:45:06.0676 2848 Npfs - ok
14:45:06.0695 2848 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:45:06.0696 2848 nsi - ok
14:45:06.0726 2848 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:45:06.0726 2848 nsiproxy - ok
14:45:06.0911 2848 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:45:06.0919 2848 Ntfs - ok
14:45:07.0032 2848 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:45:07.0033 2848 Null - ok
14:45:07.0078 2848 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
14:45:07.0079 2848 nusb3hub - ok
14:45:07.0134 2848 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:45:07.0135 2848 nusb3xhc - ok
14:45:08.0985 2848 [ 573B0941A37AEBEE96085D56A103F57B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:45:09.0054 2848 nvlddmkm - ok
14:45:09.0092 2848 [ 43AF7EBEAC2AB623468E32CADDCB61A4 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
14:45:09.0093 2848 nvpciflt - ok
14:45:09.0147 2848 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:45:09.0148 2848 nvraid - ok
14:45:09.0202 2848 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:45:09.0203 2848 nvstor - ok
14:45:09.0251 2848 [ 92D06926C5DA2A2E62E8FB5104F44D92 ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
14:45:09.0252 2848 NvStUSB - ok
14:45:09.0361 2848 [ C500760572C6059918FB0C960967695B ] NVSvc C:\Windows\system32\nvvsvc.exe
14:45:09.0366 2848 NVSvc - ok
14:45:09.0750 2848 [ F28169A7ADF7B41809CF92D369E744F0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:45:09.0763 2848 nvUpdatusService - ok
14:45:09.0842 2848 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:45:09.0843 2848 nv_agp - ok
14:45:10.0036 2848 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:45:10.0039 2848 odserv - ok
14:45:10.0060 2848 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:45:10.0060 2848 ohci1394 - ok
14:45:10.0118 2848 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:45:10.0119 2848 ose - ok
14:45:10.0180 2848 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:45:10.0182 2848 p2pimsvc - ok
14:45:10.0238 2848 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:45:10.0241 2848 p2psvc - ok
14:45:10.0321 2848 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:45:10.0322 2848 Parport - ok
14:45:10.0379 2848 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:45:10.0379 2848 partmgr - ok
14:45:10.0394 2848 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:45:10.0395 2848 PcaSvc - ok
14:45:10.0425 2848 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:45:10.0426 2848 pci - ok
14:45:10.0439 2848 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:45:10.0440 2848 pciide - ok
14:45:10.0504 2848 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:45:10.0506 2848 pcmcia - ok
14:45:10.0574 2848 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:45:10.0575 2848 pcw - ok
14:45:10.0674 2848 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:45:10.0678 2848 PEAUTH - ok
14:45:11.0213 2848 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:45:11.0213 2848 PerfHost - ok
14:45:11.0614 2848 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:45:11.0625 2848 pla - ok
14:45:11.0761 2848 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:45:11.0765 2848 PlugPlay - ok
14:45:11.0850 2848 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:45:11.0851 2848 PNRPAutoReg - ok
14:45:11.0908 2848 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:45:11.0910 2848 PNRPsvc - ok
14:45:12.0006 2848 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:45:12.0009 2848 PolicyAgent - ok
14:45:12.0118 2848 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:45:12.0121 2848 Power - ok
14:45:12.0183 2848 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:45:12.0184 2848 PptpMiniport - ok
14:45:12.0219 2848 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:45:12.0220 2848 Processor - ok
14:45:12.0242 2848 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:45:12.0244 2848 ProfSvc - ok
14:45:12.0262 2848 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:45:12.0263 2848 ProtectedStorage - ok
14:45:12.0307 2848 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:45:12.0308 2848 Psched - ok
14:45:12.0365 2848 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:45:12.0365 2848 PxHlpa64 - ok
14:45:12.0398 2848 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
14:45:12.0398 2848 qicflt - ok
14:45:12.0694 2848 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:45:12.0704 2848 ql2300 - ok
14:45:12.0774 2848 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:45:12.0775 2848 ql40xx - ok
14:45:12.0839 2848 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:45:12.0841 2848 QWAVE - ok
14:45:12.0873 2848 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:45:12.0874 2848 QWAVEdrv - ok
14:45:12.0892 2848 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:45:12.0893 2848 RasAcd - ok
14:45:12.0930 2848 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:45:12.0931 2848 RasAgileVpn - ok
14:45:12.0996 2848 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:45:12.0998 2848 RasAuto - ok
14:45:13.0013 2848 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:45:13.0014 2848 Rasl2tp - ok
14:45:13.0057 2848 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:45:13.0060 2848 RasMan - ok
14:45:13.0239 2848 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:45:13.0240 2848 RasPppoe - ok
14:45:13.0309 2848 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:45:13.0310 2848 RasSstp - ok
14:45:13.0370 2848 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:45:13.0372 2848 rdbss - ok
14:45:13.0426 2848 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:45:13.0426 2848 rdpbus - ok
14:45:13.0458 2848 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:45:13.0459 2848 RDPCDD - ok
14:45:13.0557 2848 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:45:13.0558 2848 RDPENCDD - ok
14:45:13.0630 2848 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:45:13.0631 2848 RDPREFMP - ok
14:45:13.0748 2848 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:45:13.0750 2848 RDPWD - ok
14:45:13.0787 2848 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:45:13.0788 2848 rdyboost - ok
14:45:13.0953 2848 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
14:45:13.0953 2848 RealNetworks Downloader Resolver Service - ok
14:45:14.0218 2848 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:45:14.0222 2848 RegSrvc - ok
14:45:14.0250 2848 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:45:14.0251 2848 RemoteAccess - ok
14:45:14.0311 2848 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:45:14.0314 2848 RemoteRegistry - ok
14:45:14.0585 2848 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
14:45:14.0592 2848 RoxMediaDB12OEM - ok
14:45:14.0665 2848 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
14:45:14.0666 2848 RoxWatch12 - ok
14:45:14.0690 2848 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:45:14.0692 2848 RpcEptMapper - ok
14:45:14.0717 2848 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:45:14.0718 2848 RpcLocator - ok
14:45:14.0846 2848 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:45:14.0850 2848 RpcSs - ok
14:45:14.0896 2848 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:45:14.0896 2848 rspndr - ok
14:45:15.0106 2848 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:45:15.0122 2848 RTL8167 - ok
14:45:15.0160 2848 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:45:15.0161 2848 SamSs - ok
14:45:15.0179 2848 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:45:15.0179 2848 sbp2port - ok
14:45:15.0662 2848 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:45:15.0671 2848 SBSDWSCService - ok
14:45:15.0728 2848 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:45:15.0730 2848 SCardSvr - ok
14:45:15.0780 2848 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:45:15.0780 2848 scfilter - ok
14:45:15.0877 2848 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:45:15.0885 2848 Schedule - ok
14:45:15.0964 2848 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:45:15.0965 2848 SCPolicySvc - ok
14:45:16.0322 2848 [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
14:45:16.0329 2848 ScrybeUpdater - ok
14:45:16.0381 2848 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:45:16.0382 2848 sdbus - ok
14:45:16.0457 2848 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:45:16.0459 2848 SDRSVC - ok
14:45:16.0486 2848 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:45:16.0487 2848 secdrv - ok
14:45:16.0516 2848 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:45:16.0517 2848 seclogon - ok
14:45:16.0555 2848 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:45:16.0556 2848 SENS - ok
14:45:16.0586 2848 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:45:16.0587 2848 SensrSvc - ok
14:45:16.0797 2848 [ 37D531579FEC9E7B6123816D47918D53 ] SeratoUsb C:\Windows\system32\Drivers\SeratoUsb.sys
14:45:16.0798 2848 SeratoUsb - ok
14:45:16.0870 2848 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:45:16.0871 2848 Serenum - ok
14:45:16.0925 2848 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:45:16.0926 2848 Serial - ok
14:45:16.0977 2848 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:45:16.0977 2848 sermouse - ok
14:45:17.0001 2848 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:45:17.0003 2848 SessionEnv - ok
14:45:17.0028 2848 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:45:17.0029 2848 sffdisk - ok
14:45:17.0035 2848 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:45:17.0035 2848 sffp_mmc - ok
14:45:17.0059 2848 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:45:17.0059 2848 sffp_sd - ok
14:45:17.0096 2848 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:45:17.0096 2848 sfloppy - ok
14:45:17.0428 2848 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:45:17.0439 2848 SftService - ok
14:45:17.0571 2848 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:45:17.0574 2848 SharedAccess - ok
14:45:17.0629 2848 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:45:17.0632 2848 ShellHWDetection - ok
14:45:17.0747 2848 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:45:17.0747 2848 SiSRaid2 - ok
14:45:17.0755 2848 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:45:17.0756 2848 SiSRaid4 - ok
14:45:17.0909 2848 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:45:17.0910 2848 SkypeUpdate - ok
14:45:18.0009 2848 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:45:18.0009 2848 Smb - ok
14:45:18.0038 2848 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:45:18.0039 2848 SNMPTRAP - ok
14:45:18.0060 2848 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:45:18.0060 2848 spldr - ok
14:45:18.0211 2848 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:45:18.0214 2848 Spooler - ok
14:45:18.0733 2848 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:45:18.0754 2848 sppsvc - ok
14:45:18.0783 2848 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:45:18.0785 2848 sppuinotify - ok
14:45:18.0863 2848 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:45:18.0866 2848 srv - ok
14:45:18.0970 2848 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:45:18.0972 2848 srv2 - ok
14:45:19.0112 2848 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:45:19.0113 2848 srvnet - ok
14:45:19.0200 2848 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:45:19.0203 2848 SSDPSRV - ok
14:45:19.0267 2848 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:45:19.0269 2848 SstpSvc - ok
14:45:19.0410 2848 [ 0683504BBB3FFC0A73D9D217B63DD0E0 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:45:19.0412 2848 Stereo Service - ok
14:45:19.0499 2848 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:45:19.0500 2848 stexstor - ok
14:45:19.0588 2848 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:45:19.0592 2848 stisvc - ok
14:45:19.0650 2848 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:45:19.0651 2848 stllssvr - ok
14:45:19.0671 2848 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:45:19.0671 2848 swenum - ok
14:45:19.0755 2848 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:45:19.0759 2848 swprv - ok
14:45:20.0156 2848 [ 8DF6C536ECE3B538978B53C223AB905D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:45:20.0164 2848 SynTP - ok
14:45:20.0431 2848 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:45:20.0441 2848 SysMain - ok
14:45:20.0507 2848 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:45:20.0508 2848 TabletInputService - ok
14:45:20.0629 2848 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:45:20.0632 2848 TapiSrv - ok
14:45:20.0694 2848 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:45:20.0695 2848 TBS - ok
14:45:21.0268 2848 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:45:21.0278 2848 Tcpip - ok
14:45:21.0593 2848 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:45:21.0602 2848 TCPIP6 - ok
14:45:21.0712 2848 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:45:21.0713 2848 tcpipreg - ok
14:45:21.0744 2848 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:45:21.0745 2848 TDPIPE - ok
14:45:21.0772 2848 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:45:21.0772 2848 TDTCP - ok
14:45:21.0791 2848 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:45:21.0792 2848 tdx - ok
14:45:21.0831 2848 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:45:21.0831 2848 TermDD - ok
14:45:22.0123 2848 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:45:22.0129 2848 TermService - ok
14:45:22.0219 2848 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:45:22.0221 2848 Themes - ok
14:45:22.0314 2848 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:45:22.0315 2848 THREADORDER - ok
14:45:22.0329 2848 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:45:22.0331 2848 TrkWks - ok
14:45:22.0384 2848 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:45:22.0385 2848 TrustedInstaller - ok
14:45:22.0453 2848 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:45:22.0454 2848 tssecsrv - ok
14:45:22.0530 2848 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:45:22.0530 2848 TsUsbFlt - ok
14:45:22.0537 2848 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:45:22.0538 2848 TsUsbGD - ok
14:45:22.0610 2848 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:45:22.0611 2848 tunnel - ok
14:45:22.0687 2848 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
14:45:22.0688 2848 TurboB - ok
14:45:22.0751 2848 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:45:22.0752 2848 TurboBoost - ok
14:45:22.0770 2848 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:45:22.0771 2848 uagp35 - ok
14:45:22.0831 2848 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:45:22.0833 2848 udfs - ok
14:45:22.0897 2848 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:45:22.0899 2848 UI0Detect - ok
14:45:22.0925 2848 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:45:22.0925 2848 uliagpkx - ok
14:45:22.0943 2848 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:45:22.0944 2848 umbus - ok
14:45:22.0975 2848 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:45:22.0975 2848 UmPass - ok
14:45:23.0338 2848 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:45:23.0351 2848 UNS - ok
14:45:23.0431 2848 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:45:23.0435 2848 upnphost - ok
14:45:23.0508 2848 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:45:23.0508 2848 USBAAPL64 - ok
14:45:23.0565 2848 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:45:23.0566 2848 usbccgp - ok
14:45:23.0620 2848 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:45:23.0621 2848 usbcir - ok
14:45:23.0777 2848 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:45:23.0779 2848 usbehci - ok
14:45:23.0911 2848 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:45:23.0912 2848 usbhub - ok
14:45:23.0958 2848 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:45:23.0959 2848 usbohci - ok
14:45:24.0009 2848 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:45:24.0010 2848 usbprint - ok
14:45:24.0024 2848 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:45:24.0025 2848 usbscan - ok
14:45:24.0041 2848 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:45:24.0041 2848 USBSTOR - ok
14:45:24.0096 2848 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:45:24.0097 2848 usbuhci - ok
14:45:24.0132 2848 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:45:24.0133 2848 usbvideo - ok
14:45:24.0173 2848 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:45:24.0175 2848 UxSms - ok
14:45:24.0195 2848 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:45:24.0196 2848 VaultSvc - ok
14:45:24.0249 2848 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:45:24.0249 2848 vdrvroot - ok
14:45:24.0327 2848 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:45:24.0332 2848 vds - ok
14:45:24.0409 2848 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:45:24.0409 2848 vga - ok
14:45:24.0420 2848 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:45:24.0420 2848 VgaSave - ok
14:45:24.0472 2848 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:45:24.0474 2848 vhdmp - ok
14:45:24.0496 2848 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:45:24.0497 2848 viaide - ok
14:45:24.0516 2848 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:45:24.0516 2848 volmgr - ok
14:45:24.0585 2848 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:45:24.0586 2848 volmgrx - ok
14:45:24.0740 2848 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:45:24.0742 2848 volsnap - ok
14:45:24.0782 2848 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:45:24.0783 2848 vsmraid - ok
14:45:25.0034 2848 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:45:25.0043 2848 VSS - ok
14:45:25.0097 2848 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:45:25.0098 2848 vwifibus - ok
14:45:25.0193 2848 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:45:25.0194 2848 vwififlt - ok
14:45:25.0219 2848 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:45:25.0219 2848 vwifimp - ok
14:45:25.0266 2848 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:45:25.0269 2848 W32Time - ok
14:45:25.0344 2848 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:45:25.0344 2848 WacomPen - ok
14:45:25.0383 2848 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:45:25.0384 2848 WANARP - ok
14:45:25.0400 2848 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:45:25.0400 2848 Wanarpv6 - ok
14:45:25.0612 2848 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:45:25.0617 2848 WatAdminSvc - ok
14:45:26.0024 2848 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:45:26.0032 2848 wbengine - ok
14:45:26.0049 2848 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:45:26.0051 2848 WbioSrvc - ok
14:45:26.0161 2848 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:45:26.0166 2848 wcncsvc - ok
14:45:26.0286 2848 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:45:26.0288 2848 WcsPlugInService - ok
14:45:26.0331 2848 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:45:26.0331 2848 Wd - ok
14:45:26.0497 2848 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:45:26.0501 2848 Wdf01000 - ok
14:45:26.0566 2848 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:45:26.0567 2848 WdiServiceHost - ok
14:45:26.0570 2848 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:45:26.0572 2848 WdiSystemHost - ok
14:45:26.0606 2848 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:45:26.0609 2848 WebClient - ok
14:45:26.0769 2848 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:45:26.0771 2848 Wecsvc - ok
14:45:26.0785 2848 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:45:26.0786 2848 wercplsupport - ok
14:45:26.0838 2848 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:45:26.0840 2848 WerSvc - ok
14:45:26.0939 2848 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:45:26.0940 2848 WfpLwf - ok
14:45:26.0962 2848 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
14:45:26.0963 2848 WimFltr - ok
14:45:26.0981 2848 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:45:26.0982 2848 WIMMount - ok
14:45:26.0998 2848 WinDefend - ok
14:45:27.0002 2848 WinHttpAutoProxySvc - ok
14:45:27.0128 2848 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:45:27.0130 2848 Winmgmt - ok
14:45:27.0338 2848 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:45:27.0349 2848 WinRM - ok
14:45:27.0447 2848 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:45:27.0448 2848 WinUsb - ok
14:45:27.0600 2848 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:45:27.0607 2848 Wlansvc - ok
14:45:27.0738 2848 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:45:27.0739 2848 wlcrasvc - ok
14:45:28.0108 2848 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:45:28.0118 2848 wlidsvc - ok
14:45:28.0182 2848 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:45:28.0182 2848 WmiAcpi - ok
14:45:28.0221 2848 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:45:28.0223 2848 wmiApSrv - ok
14:45:28.0271 2848 WMPNetworkSvc - ok
14:45:28.0301 2848 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:45:28.0302 2848 WPCSvc - ok
14:45:28.0331 2848 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:45:28.0333 2848 WPDBusEnum - ok
14:45:28.0364 2848 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:45:28.0364 2848 ws2ifsl - ok
14:45:28.0392 2848 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:45:28.0393 2848 wscsvc - ok
14:45:28.0472 2848 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
14:45:28.0472 2848 WSDPrintDevice - ok
14:45:28.0491 2848 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
14:45:28.0492 2848 WSDScan - ok
14:45:28.0494 2848 WSearch - ok
14:45:28.0825 2848 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:45:28.0836 2848 wuauserv - ok
14:45:28.0980 2848 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:45:28.0981 2848 WudfPf - ok
14:45:29.0059 2848 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:29.0061 2848 WUDFRd - ok
14:45:29.0084 2848 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:45:29.0086 2848 wudfsvc - ok
14:45:29.0140 2848 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:45:29.0143 2848 WwanSvc - ok
14:45:29.0153 2848 ================ Scan global ===============================
14:45:29.0246 2848 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:45:29.0306 2848 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:45:29.0318 2848 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:45:29.0407 2848 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:45:29.0500 2848 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:45:29.0502 2848 [Global] - ok
14:45:29.0503 2848 ================ Scan MBR ==================================
14:45:29.0520 2848 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:45:33.0596 2848 \Device\Harddisk0\DR0 - ok
14:45:33.0597 2848 ================ Scan VBR ==================================
14:45:33.0645 2848 [ 16741D998596715D9F0C7949401B9946 ] \Device\Harddisk0\DR0\Partition1
14:45:33.0654 2848 \Device\Harddisk0\DR0\Partition1 - ok
14:45:33.0716 2848 [ 94E3A9D1F06424214BAE0DEC5ECED9A7 ] \Device\Harddisk0\DR0\Partition2
14:45:33.0719 2848 \Device\Harddisk0\DR0\Partition2 - ok
14:45:33.0719 2848 ============================================================
14:45:33.0719 2848 Scan finished
14:45:33.0719 2848 ============================================================
14:45:33.0729 7556 Detected object count: 0
14:45:33.0730 7556 Actual detected object count: 0




The computer is running better... the issues were originally noticed when I ran ccleaner, it always asked me to force close Chrome, which I didn't even have open or using...I just feel like I might have stopped it but the party has the ability to restart if I didn't completely uninstall it?! I think i'm parinoid at this point to... Not because Im doing anything to hide but bc he is parinoid and needs to keep a step ahead of me and I know he is sneeky... I am still getting pop ups occasionally, but I think the key logger that was there is either gone or currently disabled.

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:54 PM

Posted 17 January 2013 - 03:02 PM

The computer is running better... the issues were originally noticed when I ran ccleaner, it always asked me to force close Chrome, which I didn't even have open or using...I just feel like I might have stopped it but the party has the ability to restart if I didn't completely uninstall it?! I think i'm parinoid at this point to... Not because Im doing anything to hide but bc he is parinoid and needs to keep a step ahead of me and I know he is sneeky... I am still getting pop ups occasionally, but I think the key logger that was there is either gone or currently disabled.


I don't see any keylogging software. There is a legitimate program installed called KeyScrambler that encrypts your keystrokes, so that they can't be logged.

:step1: adwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

:step2: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 moselbee

moselbee
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 17 January 2013 - 03:28 PM

THANK YOU!!!!!

I think for now I am clean.. I installed keyscrambler to help the problem before I started cleaning


I think I am good for now... until I leave my pc unattended again, sigh... .. I just will be scan happy for a while lol.. I appreciate your help so much! ! ! !


# AdwCleaner v2.106 - Logfile created 01/17/2013 at 15:25:20
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mariam - MARIAM-PC
# Boot Mode : Normal
# Running from : C:\Users\Mariam\Desktop\Virus\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Mariam\Desktop\iLivid.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Ilivid
Folder Found : C:\Program Files (x86)\MyAshampoo
Folder Found : C:\Program Files (x86)\yourfiledownloader
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Mariam\AppData\Local\Conduit
Folder Found : C:\Users\Mariam\AppData\Local\Ilivid
Folder Found : C:\Users\Mariam\AppData\Local\Ilivid Player
Folder Found : C:\Users\Mariam\AppData\LocalLow\Conduit
Folder Found : C:\Users\Mariam\AppData\LocalLow\MyAshampoo
Folder Found : C:\Users\Mariam\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Mariam\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Mariam\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Mariam\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\MyAshampoo
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2602BFC4-CEE4-42D0-AF29-55E25612081F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{92612362-AE92-4FEF-BDF4-E312F09C56D3}
Key Found : HKLM\Software\MyAshampoo
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2602BFC4-CEE4-42D0-AF29-55E25612081F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{92612362-AE92-4FEF-BDF4-E312F09C56D3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28B624B1-3014-4C96-BF22-2C68BA6F7989}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKU\S-1-5-21-2956428168-404915347-396044097-1002\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-2956428168-404915347-396044097-1002\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Mariam\AppData\Roaming\Mozilla\Firefox\Profiles\1x3hkuu5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9767 octets] - [17/01/2013 15:25:20]

########## EOF - C:\AdwCleaner[R1].txt - [9827 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users