Jesus777
-
Posts
43 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Jesus777
-
Typo,*mini-mod and off-topic but it's wrong section.
-
Mini mod and off-topic,but since it's not really malware-removal case,guess I'm allowed to reply? You can view fresh malware samples over Research Center or Malware Domain List
-
And now I'm thinking to listen Guns N' Roses' November Rain...
-
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
I'm very grateful that you've cleaned my PC I wish I could donate to you,but this days I'm poor and broken ;_; But you've earned a lot of my respect,sir. This thread can be closed,thank you again,you've saved my life. -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Emsisoft Anti-Malware Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (21.0) ````````Process Check: objlist.exe by Laurent```````` Tall Emu Online Armor OAcat.exe Emsisoft Anti-Malware a2service.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Thank you,it's downloading gine now :/ Maybe that guy's site is having some problems,I'll post what I've to in my next post. -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
No luck,could I have another link (or you can upload that file to Mediafire or attach it over this forums) -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
I'm very sorry to tell you but IDM still says this...---> http://postimg.org/image/am6fj6k9t/ -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Do we need any further cleaning? -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Noteable differences The random blank screen flashing is gone now (that blank screen flash were appering while shutting down and/or switching users (currently deleted my standard account which was used for banking purpose,and my bank account's passed is changed (thx to my iPod) now) PC boots faster The random browsing slowdowns and memory spikes are gone now (My PC was probably a zombie) -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Here's the Adwcleaner log # AdwCleaner v2.303 - Logfile created 06/12/2013 at 22:30:18 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Backup - BACKUP-PC # Boot Mode : Normal # Running from : C:\Users\Backup\Downloads\Programs\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\foxydeal.sqlite ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16521 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\prefs.js [OK] File is clean. File : C:\Users\Standard Alien\AppData\Roaming\Mozilla\Firefox\Profiles\i94acoka.default\prefs.js [OK] File is clean. File : C:\Users\Personal account\AppData\Roaming\Mozilla\Firefox\Profiles\keb82onf.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1162 octets] - [12/06/2013 20:58:50] AdwCleaner[R2].txt - [1222 octets] - [12/06/2013 22:29:59] AdwCleaner[s1].txt - [1155 octets] - [12/06/2013 22:30:18] ########## EOF - C:\AdwCleaner[s1].txt - [1215 octets] ########## Thank you sooooooooo much for your assistance -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
OTL log : All processes killed ========== OTL ========== ADS C:\ProgramData\TEMP:07BF512B deleted successfully. C:\Windows\assembly\Desktop.ini moved successfully. File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found. File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Backup ->Temp folder emptied: 162080 bytes ->Temporary Internet Files folder emptied: 133 bytes ->FireFox cache emptied: 50765867 bytes ->Flash cache emptied: 651 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6580 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 201.00 mb [EMPTYJAVA] User: All Users User: Backup User: Default User: Default User User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Backup ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public User: UpdatusUser Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06122013_222305 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Nothing found. I'll run the custom fix given by you now. -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Okay...e.e -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Eset scan will take longer time,can I just scan with EAM? -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
It'll take a while to update Eset Online Scanner. I'll reply in a few minutes (pasting Eset,OTL & Adwcleaner logs) -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
I know,but it was funny and ironic that the most effectibe cleaning tool was infected by a simple trojan.Log file : OTL logfile created on: 6/12/2013 9:10:30 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Backup\Downloads\Programs Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy 2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.37% Memory free 4.00 Gb Paging File | 2.91 Gb Available in Paging File | 72.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48.83 Gb Total Space | 29.87 Gb Free Space | 61.18% Space Free | Partition Type: NTFS Drive D: | 83.01 Gb Total Space | 82.67 Gb Free Space | 99.59% Space Free | Partition Type: NTFS Drive E: | 83.01 Gb Total Space | 82.92 Gb Free Space | 99.89% Space Free | Partition Type: NTFS Drive F: | 83.24 Gb Total Space | 83.15 Gb Free Space | 99.89% Space Free | Partition Type: NTFS Computer Name: BACKUP-PC | User Name: Backup | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/12 21:00:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Backup\Downloads\Programs\OTL_2.exe PRC - [2013/06/08 22:21:22 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2013/05/31 00:08:32 | 003,587,664 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe PRC - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe PRC - [2013/05/10 22:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013/01/18 02:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013/01/18 02:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/12/12 01:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe PRC - [2011/02/24 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013/06/11 12:22:41 | 000,106,280 | ---- | M] (SurfRight B.V.) [Disabled | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2013/06/09 16:51:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/07 23:02:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2013/05/11 10:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/10 22:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Disabled | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [On_Demand | Stopped] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat) SRV - [2009/07/13 13:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 13:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 13:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Backup\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Backup\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2013/06/11 16:09:46 | 000,059,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AXMount.sys -- (AXMount) DRV - [2013/06/11 16:09:46 | 000,048,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AXTrack.sys -- (AXTrack) DRV - [2013/05/25 03:00:14 | 000,102,344 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013/03/28 19:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2013/03/28 19:03:02 | 000,014,432 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012/10/02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2012/10/02 15:02:34 | 000,031,768 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet) DRV - [2012/10/02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon) DRV - [2012/10/02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice) DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2012/04/30 18:45:00 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2010/11/20 09:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 09:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 09:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 09:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010/11/20 09:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010/11/20 09:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 09:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 09:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 09:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 09:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010/11/20 09:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 09:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-in IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 3F 80 F4 37 64 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.47 FF - prefs.js..extensions.enabledAddons: FasterFox_Lite%40BigRedBrent:3.9.9Lite FF - prefs.js..extensions.enabledAddons: imageblock%40hemantvats.com:2.1 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.5 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Backup\AppData\Roaming\IDM\idmmzcc5 [2013/06/07 23:13:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Backup\AppData\Roaming\IDM\idmmzcc5 [2013/06/07 23:13:19 | 000,000,000 | ---D | M] [2013/06/07 23:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Extensions [2013/06/11 17:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions [2013/06/09 20:16:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013/06/09 18:42:05 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\FasterFox_Lite@BigRedBrent [2013/06/09 20:16:45 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\firefox@ghostery.com [2013/06/11 16:26:43 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\ich@maltegoetz.de [2013/06/09 20:12:54 | 000,018,146 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\imageblock@hemantvats.com.xpi [2013/06/11 16:21:26 | 000,171,863 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2013/06/10 13:54:34 | 000,581,999 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\uriloader@pdf.js.xpi [2013/06/09 20:16:34 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013/06/07 23:38:15 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/06/07 23:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/06/07 23:27:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/06/07 23:13:19 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\BACKUP\APPDATA\ROAMING\IDM\IDMMZCC5 O1 HOSTS File: ([2013/06/12 20:48:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll File not found O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll File not found O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F44D9B6B-EF60-48C8-BDA0-BF8E2DC78AB0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA14D618-A0D0-42E5-A5E3-6763088E0C15}: NameServer = 218.248.241.2 218.248.255.212 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH) O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O29 - HKLM SecurityProviders - (digest.dll) - File not found O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/12 20:49:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/12 20:47:03 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/06/12 19:10:12 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Adobe [2013/06/12 19:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013/06/12 19:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013/06/12 19:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013/06/11 23:15:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/11 23:15:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/11 23:15:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/11 23:14:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/11 23:14:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/11 23:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/06/11 22:56:07 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Backup\Desktop\ComboFix.exe [2013/06/11 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\Backup\Desktop\mbar [2013/06/11 16:09:46 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll [2013/06/11 16:09:46 | 000,059,552 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXMount.sys [2013/06/11 16:09:46 | 000,048,216 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXTrack.sys [2013/06/11 16:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\AXTM [2013/06/11 12:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/06/10 23:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Shadow Defender [2013/06/10 23:06:37 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\CrashDumps [2013/06/10 19:00:28 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Greenshot [2013/06/10 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Greenshot [2013/06/10 18:15:51 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe [2013/06/10 18:15:30 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\lptmp61532271 [2013/06/10 17:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData [2013/06/10 12:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith [2013/06/10 12:32:33 | 000,000,000 | ---D | C] -- C:\Users\Backup\Documents\Snagit [2013/06/10 12:31:33 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\assembly [2013/06/10 12:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2013/06/10 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\TechSmith [2013/06/10 12:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith [2013/06/09 22:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013/06/09 21:46:24 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\ASCOMP Software [2013/06/09 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013/06/09 18:09:32 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Google [2013/06/09 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Macromedia [2013/06/09 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Macromedia [2013/06/09 16:51:02 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/06/09 16:51:02 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/06/09 16:51:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2013/06/09 13:28:30 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Wise Care 365 [2013/06/09 13:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365 [2013/06/09 13:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Wise [2013/06/09 11:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013/06/09 00:23:17 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Auslogics [2013/06/09 00:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2013/06/09 00:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2013/06/08 23:13:14 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Adobe [2013/06/08 23:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013/06/08 23:01:04 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2013/06/08 23:01:03 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013/06/08 23:01:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013/06/08 22:22:31 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013/06/08 22:22:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013/06/08 22:22:29 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013/06/08 22:22:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/06/08 22:22:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/06/08 22:22:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/06/08 22:22:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013/06/08 22:22:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013/06/08 22:22:28 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013/06/08 22:22:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013/06/08 22:22:27 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/06/08 22:22:27 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/06/08 22:22:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013/06/08 22:22:26 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/06/08 22:22:26 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/06/08 22:22:26 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/06/08 22:22:26 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013/06/08 22:22:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/06/08 22:22:26 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013/06/08 22:22:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013/06/08 22:22:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/06/08 22:22:26 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013/06/08 22:22:26 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013/06/08 22:22:25 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/06/08 22:22:25 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013/06/08 22:22:24 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/06/08 22:22:24 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013/06/08 22:22:24 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013/06/08 22:22:24 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/06/08 22:22:24 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013/06/08 22:22:24 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/06/08 22:22:24 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/06/08 22:22:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/06/08 22:22:24 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/06/08 22:22:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/06/08 22:22:23 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/06/08 22:21:22 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2013/06/08 22:18:13 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013/06/08 22:18:13 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013/06/08 22:18:13 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/06/08 22:18:13 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/06/08 22:18:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/06/08 22:18:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/06/08 22:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/06/08 22:18:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/06/08 22:18:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/06/08 22:18:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/06/08 22:18:13 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/06/08 22:18:12 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013/06/08 22:18:12 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013/06/08 22:18:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/06/08 22:18:12 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/06/08 22:18:12 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013/06/08 22:18:12 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/06/08 22:18:12 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/06/08 22:18:12 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013/06/08 22:18:12 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/06/08 22:18:11 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/06/08 22:18:11 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/06/08 22:18:11 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/06/08 22:18:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013/06/08 22:18:11 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013/06/08 22:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013/06/08 22:06:51 | 002,557,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2013/06/08 22:06:51 | 000,062,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll [2013/06/08 22:06:50 | 004,133,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2013/06/08 22:06:50 | 003,005,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2013/06/08 22:06:50 | 000,108,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2013/06/08 22:05:29 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2013/06/08 22:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013/06/08 22:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013/06/08 19:04:36 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\OnlineArmor [2013/06/08 19:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor [2013/06/08 19:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor [2013/06/08 19:03:09 | 000,031,768 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys [2013/06/08 19:03:09 | 000,027,648 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys [2013/06/08 19:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor [2013/06/08 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013/06/08 18:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2013/06/08 18:06:10 | 000,000,000 | ---D | C] -- C:\Users\Backup\Documents\Anti-Malware [2013/06/08 18:05:49 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/06/08 18:05:49 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/06/08 18:05:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013/06/08 16:47:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2013/06/08 16:25:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013/06/08 16:15:35 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2013/06/08 16:14:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2013/06/08 16:03:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2013/06/08 15:44:49 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013/06/08 15:44:49 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2013/06/08 15:44:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2013/06/08 15:44:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2013/06/08 15:30:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/06/08 15:30:41 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2013/06/08 15:30:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2013/06/08 15:30:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2013/06/08 15:30:30 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2013/06/08 15:30:28 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2013/06/08 15:30:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2013/06/08 15:30:21 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013/06/08 15:21:16 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013/06/08 15:21:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013/06/08 15:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions [2013/06/08 15:20:33 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal [2013/06/08 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Innovative Solutions [2013/06/08 15:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions [2013/06/08 15:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO [2013/06/08 15:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions [2013/06/08 15:06:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013/06/08 15:06:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013/06/08 15:06:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013/06/08 15:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013/06/08 15:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013/06/08 15:06:44 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2013/06/08 15:06:44 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2013/06/08 15:06:44 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2013/06/08 15:06:44 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2013/06/08 15:06:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2013/06/08 15:06:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2013/06/08 15:06:39 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2013/06/08 14:49:08 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013/06/08 14:48:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2013/06/08 14:47:31 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2013/06/08 14:47:30 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2013/06/08 14:47:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2013/06/08 14:47:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2013/06/08 14:47:24 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2013/06/08 14:47:23 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2013/06/08 14:47:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2013/06/08 14:47:16 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013/06/08 14:47:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2013/06/08 14:46:27 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013/06/08 14:37:24 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013/06/08 14:37:24 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2013/06/08 14:37:24 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs [2013/06/08 14:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2013/06/08 14:37:24 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs [2013/06/08 14:37:24 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs [2013/06/08 14:37:24 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs [2013/06/08 14:37:24 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs [2013/06/08 14:37:24 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs [2013/06/08 14:37:24 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs [2013/06/08 14:37:24 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs [2013/06/08 14:37:24 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2013/06/08 14:37:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs [2013/06/08 14:37:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs [2013/06/08 14:37:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs [2013/06/08 14:37:24 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs [2013/06/08 14:36:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/06/08 14:36:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2013/06/08 14:36:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2013/06/08 14:36:50 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013/06/08 14:36:47 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll [2013/06/08 14:36:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll [2013/06/08 14:36:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll [2013/06/08 14:36:47 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll [2013/06/08 14:36:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll [2013/06/08 14:36:45 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2013/06/08 14:36:45 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2013/06/08 14:36:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2013/06/08 14:36:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2013/06/08 14:29:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2013/06/08 14:29:43 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2013/06/08 14:29:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/06/08 14:29:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013/06/08 14:29:39 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013/06/08 14:28:56 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2013/06/08 14:28:56 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2013/06/08 14:28:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2013/06/08 14:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2013/06/08 13:57:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2013/06/08 13:57:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2013/06/08 13:49:16 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2013/06/08 13:49:16 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2013/06/08 13:38:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013/06/08 12:44:53 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2013/06/08 12:44:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2013/06/08 12:44:43 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2013/06/08 12:44:42 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2013/06/08 12:44:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2013/06/08 11:29:37 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2013/06/08 11:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/06/08 11:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013/06/08 10:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013/06/08 10:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/06/08 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Malwarebytes [2013/06/08 10:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/08 10:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/08 10:03:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/06/08 10:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/06/08 10:02:52 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Programs [2013/06/08 09:37:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2013/06/08 09:37:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2013/06/08 09:37:04 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2013/06/08 09:37:04 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2013/06/08 09:37:04 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2013/06/08 09:36:58 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2013/06/08 09:36:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2013/06/08 00:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/06/08 00:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/06/07 23:46:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013/06/07 23:27:53 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Mozilla [2013/06/07 23:27:53 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Mozilla [2013/06/07 23:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013/06/07 23:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013/06/07 23:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/06/07 23:21:15 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013/06/07 23:13:09 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\IDM [2013/06/07 23:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM [2013/06/07 23:13:09 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\DMCache [2013/06/07 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager [2013/06/07 23:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager [2013/06/07 23:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager [2013/06/07 23:02:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2013/06/07 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Diagnostics [2013/06/07 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Microsoft Games [2013/06/07 22:25:02 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/06/07 22:25:02 | 000,000,000 | R--D | C] -- C:\Users\Backup\Searches [2013/06/07 22:25:02 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/06/07 22:25:02 | 000,000,000 | -H-D | C] -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2013/06/07 22:24:53 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Identities [2013/06/07 22:24:52 | 000,000,000 | R--D | C] -- C:\Users\Backup\Contacts [2013/06/07 22:24:46 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\VirtualStore [2013/06/07 22:24:45 | 000,000,000 | --SD | C] -- C:\Users\Backup\AppData\Roaming\Microsoft [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Videos [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Saved Games [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Pictures [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Music [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Links [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Favorites [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Downloads [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Documents [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Desktop [2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\AppData\Local\Temporary Internet Files [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Templates [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Start Menu [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\SendTo [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Recent [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\PrintHood [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\NetHood [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Documents\My Videos [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Documents\My Pictures [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Documents\My Music [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\My Documents [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Local Settings [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\AppData\Local\History [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Application Data [2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\AppData\Local\Application Data [2013/06/07 22:24:45 | 000,000,000 | -H-D | C] -- C:\Users\Backup\AppData [2013/06/07 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Temp [2013/06/07 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Microsoft [2013/06/07 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Media Center Programs [2013/06/07 22:24:26 | 000,000,000 | ---D | C] -- C:\Recovery [2013/06/07 18:07:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013/06/07 17:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/06/07 17:12:27 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013/06/07 17:10:06 | 000,000,000 | ---D | C] -- C:\found.000 [2013/06/07 04:28:26 | 000,000,000 | ---D | C] -- C:\Boot [2013/05/31 16:10:29 | 000,102,344 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys [2013/05/20 18:59:09 | 000,000,000 | ---D | C] -- C:\$AVG ========== Files - Modified Within 30 Days ========== [2013/06/12 21:11:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/12 20:48:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/06/12 20:48:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013/06/12 20:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/12 20:47:37 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys [2013/06/12 20:38:47 | 009,842,040 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe [2013/06/12 19:09:26 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/06/12 16:26:26 | 000,665,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/06/12 16:26:26 | 000,125,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/06/12 13:01:21 | 000,632,167 | ---- | M] () -- C:\Users\Backup\Desktop\Desktop1.png [2013/06/11 22:59:09 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Backup\Desktop\ComboFix.exe [2013/06/11 18:34:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_AXMount_01009.Wdf [2013/06/11 17:32:05 | 000,000,044 | ---- | M] () -- C:\Users\Backup\AppData\Roaming\mbam.context.scan [2013/06/11 16:09:47 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll [2013/06/11 16:09:46 | 000,059,552 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXMount.sys [2013/06/11 16:09:46 | 000,048,216 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXTrack.sys [2013/06/11 12:40:54 | 000,007,626 | ---- | M] () -- C:\Users\Backup\AppData\Local\Resmon.ResmonCfg [2013/06/11 12:22:41 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/06/11 12:15:00 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.exe.lnk [2013/06/10 23:29:33 | 000,004,670 | ---- | M] () -- C:\Users\Backup\Documents\cc_20130610_232926.reg [2013/06/10 18:01:08 | 000,378,787 | ---- | M] () -- C:\Users\Backup\Documents\Muahahahaahahahhaahhahaahah - Webroot.WR [2013/06/10 12:45:02 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Snagit 11 Editor.lnk [2013/06/10 12:45:02 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Snagit 11.lnk [2013/06/10 12:39:39 | 005,861,023 | ---- | M] () -- C:\Users\Backup\Documents\10-06-2013 12-36-54.mp4 [2013/06/10 12:30:37 | 000,001,114 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk [2013/06/09 23:42:42 | 000,001,314 | ---- | M] () -- C:\Users\Backup\Desktop\Auslogics Disk Defrag Professional.lnk [2013/06/09 23:37:20 | 000,876,162 | ---- | M] () -- C:\Users\Backup\Documents\OASettings130609.OA [2013/06/09 23:28:35 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/09 23:28:35 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/09 17:12:25 | 000,001,580 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013/06/09 16:51:02 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/06/09 16:51:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/06/09 14:49:56 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job [2013/06/09 13:28:12 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk [2013/06/08 22:22:31 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013/06/08 22:22:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013/06/08 22:22:29 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013/06/08 22:22:29 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/06/08 22:22:29 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/06/08 22:22:28 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/06/08 22:22:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013/06/08 22:22:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013/06/08 22:22:28 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013/06/08 22:22:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013/06/08 22:22:27 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/06/08 22:22:27 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/06/08 22:22:27 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013/06/08 22:22:26 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/06/08 22:22:26 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/06/08 22:22:26 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/06/08 22:22:26 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013/06/08 22:22:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/06/08 22:22:26 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013/06/08 22:22:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013/06/08 22:22:26 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/06/08 22:22:26 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013/06/08 22:22:26 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013/06/08 22:22:25 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/06/08 22:22:25 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013/06/08 22:22:24 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/06/08 22:22:24 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013/06/08 22:22:24 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013/06/08 22:22:24 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/06/08 22:22:24 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013/06/08 22:22:24 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/06/08 22:22:24 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/06/08 22:22:24 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/06/08 22:22:24 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/06/08 22:22:24 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/06/08 22:22:24 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013/06/08 22:22:23 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/06/08 22:21:22 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2013/06/08 22:18:13 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013/06/08 22:18:13 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013/06/08 22:18:13 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013/06/08 22:18:13 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/06/08 22:18:13 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/06/08 22:18:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/06/08 22:18:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/06/08 22:18:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/06/08 22:18:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/06/08 22:18:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/06/08 22:18:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/06/08 22:18:13 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/06/08 22:18:12 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013/06/08 22:18:12 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/06/08 22:18:12 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/06/08 22:18:12 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/06/08 22:18:12 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013/06/08 22:18:12 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/06/08 22:18:12 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/06/08 22:18:12 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013/06/08 22:18:12 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/06/08 22:18:11 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/06/08 22:18:11 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/06/08 22:18:11 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013/06/08 22:18:11 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013/06/08 19:34:52 | 000,362,415 | ---- | M] () -- C:\Users\Backup\Documents\OASettings130608.OA [2013/06/08 19:32:47 | 000,002,110 | ---- | M] () -- C:\Users\Backup\Documents\cc_20130608_193238.reg [2013/06/08 19:25:52 | 000,001,895 | ---- | M] () -- C:\Users\Backup\Desktop\Online Armor.lnk [2013/06/08 18:06:43 | 000,001,077 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2013/06/08 18:06:43 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013/06/08 15:23:21 | 000,003,488 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2013/06/08 15:20:32 | 000,002,385 | ---- | M] () -- C:\Users\Backup\Desktop\Advanced Uninstaller PRO 11.lnk [2013/06/08 14:28:56 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2013/06/08 14:28:56 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2013/06/08 11:46:00 | 000,000,000 | -H-- | M] () -- C:\Users\Backup\Documents\Default.rdp [2013/06/08 11:09:19 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' anti-malware.lnk [2013/06/08 11:03:12 | 000,203,836 | RHS- | M] () -- C:\grldr [2013/06/08 11:03:12 | 000,000,000 | RHS- | M] () -- C:\winx.ld [2013/06/08 09:47:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/06/08 00:07:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/06/07 23:27:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/06/07 23:02:30 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll [2013/06/07 23:02:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2013/06/07 22:25:20 | 000,001,411 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/06/07 18:07:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2013/06/07 18:07:02 | 000,000,533 | RHS- | M] () -- C:\Boot.ini.saved [2013/06/07 17:14:42 | 000,116,385 | ---- | M] () -- C:\Windows\System32\license.rtf [2013/06/07 17:13:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/05/25 03:00:14 | 000,102,344 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys ========== Files Created - No Company Name ========== [2013/06/12 19:09:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/06/12 19:09:26 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/06/12 13:01:20 | 000,632,167 | ---- | C] () -- C:\Users\Backup\Desktop\Desktop1.png [2013/06/11 23:15:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/11 23:15:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/11 23:15:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/11 23:15:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/11 23:15:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/11 18:34:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_AXMount_01009.Wdf [2013/06/11 17:32:05 | 000,000,044 | ---- | C] () -- C:\Users\Backup\AppData\Roaming\mbam.context.scan [2013/06/11 12:15:26 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/06/11 12:15:00 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.exe.lnk [2013/06/10 23:29:30 | 000,004,670 | ---- | C] () -- C:\Users\Backup\Documents\cc_20130610_232926.reg [2013/06/10 18:01:08 | 000,378,787 | ---- | C] () -- C:\Users\Backup\Documents\Muahahahaahahahhaahhahaahah - Webroot.WR [2013/06/10 12:36:54 | 005,861,023 | ---- | C] () -- C:\Users\Backup\Documents\10-06-2013 12-36-54.mp4 [2013/06/10 12:30:37 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Snagit 11 Editor.lnk [2013/06/10 12:30:37 | 000,001,114 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk [2013/06/10 12:30:36 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Snagit 11.lnk [2013/06/09 23:42:41 | 000,001,314 | ---- | C] () -- C:\Users\Backup\Desktop\Auslogics Disk Defrag Professional.lnk [2013/06/09 23:37:15 | 000,876,162 | ---- | C] () -- C:\Users\Backup\Documents\OASettings130609.OA [2013/06/09 17:02:13 | 000,001,580 | ---- | C] () -- C:\Windows\Sandboxie.ini [2013/06/09 16:51:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/09 13:35:26 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job [2013/06/09 13:28:12 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk [2013/06/08 22:22:24 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013/06/08 19:34:50 | 000,362,415 | ---- | C] () -- C:\Users\Backup\Documents\OASettings130608.OA [2013/06/08 19:32:45 | 000,002,110 | ---- | C] () -- C:\Users\Backup\Documents\cc_20130608_193238.reg [2013/06/08 19:25:52 | 000,001,895 | ---- | C] () -- C:\Users\Backup\Desktop\Online Armor.lnk [2013/06/08 19:03:09 | 000,208,320 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys [2013/06/08 19:03:09 | 000,044,992 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys [2013/06/08 18:06:43 | 000,001,077 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2013/06/08 18:06:43 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013/06/08 15:20:32 | 000,002,385 | ---- | C] () -- C:\Users\Backup\Desktop\Advanced Uninstaller PRO 11.lnk [2013/06/08 15:20:32 | 000,002,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk [2013/06/08 15:20:30 | 000,042,496 | ---- | C] () -- C:\Windows\System32\AdvUninstCPL.cpl [2013/06/08 14:06:17 | 000,003,488 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2013/06/08 14:05:35 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2013/06/08 13:45:40 | 000,007,626 | ---- | C] () -- C:\Users\Backup\AppData\Local\Resmon.ResmonCfg [2013/06/08 12:44:54 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/06/08 12:44:42 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/06/08 11:46:00 | 000,000,000 | -H-- | C] () -- C:\Users\Backup\Documents\Default.rdp [2013/06/08 11:03:04 | 000,000,000 | RHS- | C] () -- C:\winx.ld [2013/06/08 11:03:03 | 000,203,836 | RHS- | C] () -- C:\grldr [2013/06/08 10:03:04 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' anti-malware.lnk [2013/06/08 00:07:28 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/06/07 23:46:35 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/06/07 23:27:22 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/06/07 23:27:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/06/07 22:25:20 | 000,001,411 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/06/07 22:25:03 | 000,001,417 | ---- | C] () -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/06/07 22:24:45 | 000,000,290 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2013/06/07 22:24:45 | 000,000,272 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2013/06/07 18:07:02 | 000,000,389 | -H-- | C] () -- C:\Boot.BAK [2013/06/07 17:14:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013/06/07 17:14:24 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013/06/07 17:13:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/06/07 17:11:41 | 1609,179,136 | -HS- | C] () -- C:\hiberfil.sys [2013/06/07 04:28:35 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2013/06/07 04:28:29 | 000,383,786 | RHS- | C] () -- C:\bootmgr ========== ZeroAccess Check ========== [2009/07/13 16:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 16:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 13:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:07BF512B < End of report > -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Yeah I'll re-install it later,but was kinda curious (Recently ComboFix was infected according to Wilders & Bleepingcomputers,so it's obivious it would have some bugs) Plus K I'll scan my PC and post my log. -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
I did. I uninstalled,rebooted in safemode,but CF did say that I've WSA in my system. -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Adwcleaner log : # AdwCleaner v2.303 - Logfile created 06/12/2013 at 20:58:50 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Backup - BACKUP-PC # Boot Mode : Normal # Running from : C:\Users\Backup\Downloads\Programs\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\foxydeal.sqlite ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16521 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\prefs.js [OK] File is clean. File : C:\Users\Standard Alien\AppData\Roaming\Mozilla\Firefox\Profiles\i94acoka.default\prefs.js [OK] File is clean. File : C:\Users\Personal account\AppData\Roaming\Mozilla\Firefox\Profiles\keb82onf.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1033 octets] - [12/06/2013 20:58:50] ########## EOF - C:\AdwCleaner[R1].txt - [1093 octets] ########## For the OTL log,I don't see any 'scan all users' tickbox? -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
K I'll follow your instructions. -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Even when I click WSAC from my quick-launch,it says that file not found. What the hell? Help me :/ -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Here's the log (Fred,I'm sorry for the delay,but I had some problems with safemode,EAM wouldn't disable in safemode so I needed to disable its startup and uninstall Webroot since I couldn't disable its startup,but for some very strange reason,after uninstall WSAC,ComboFix said it's runing and enabled,but I clicked 'ok' anyway)ComboFix 13-06-08.02 - Backup 12-06-2013 20:43:32.5.2 - x86 MINIMAL Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2046.1328 [GMT -12:00] Running from: c:\users\Backup\Desktop\ComboFix.exe Command switches used :: c:\users\Backup\Desktop\CFScript.txt AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367} SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll . ((((((((((((((((((((((((( Files Created from 2013-05-13 to 2013-06-13 ))))))))))))))))))))))))))))))) . . 2013-06-13 08:47 . 2013-06-13 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-13 07:08 . 2013-06-13 07:09 -------- d-----w- c:\program files\Common Files\Adobe 2013-06-12 11:03 . 2013-06-13 04:45 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-12 04:09 . 2013-06-12 04:09 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2013-06-12 04:09 . 2013-06-12 04:09 59552 ----a-w- c:\windows\system32\drivers\AXMount.sys 2013-06-12 04:09 . 2013-06-12 04:09 48216 ----a-w- c:\windows\system32\drivers\AXTrack.sys 2013-06-12 04:09 . 2013-06-12 04:09 -------- d-----w- c:\program files\AXTM 2013-06-12 00:14 . 2013-06-12 00:15 -------- d-----w- c:\program files\HitmanPro 2013-06-11 11:10 . 2013-06-12 00:24 -------- d-----w- c:\program files\Shadow Defender 2013-06-11 06:15 . 2013-06-13 08:38 9842040 ----a-w- c:\program files\Common Files\wruninstall.exe 2013-06-11 05:46 . 2013-06-13 08:38 -------- d-----w- c:\programdata\WRData 2013-06-11 00:40 . 2013-06-11 00:45 -------- d-----w- c:\users\Personal account 2013-06-11 00:30 . 2013-06-11 00:30 -------- d-----w- c:\programdata\TechSmith 2013-06-11 00:30 . 2013-06-11 00:30 -------- d-----w- c:\program files\TechSmith 2013-06-10 10:35 . 2013-06-10 10:35 -------- d-----w- c:\program files\Microsoft.NET 2013-06-10 06:09 . 2013-06-10 07:15 -------- d-----w- c:\program files\Google 2013-06-10 04:51 . 2013-06-10 04:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-10 04:51 . 2013-06-10 04:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-10 04:51 . 2013-06-10 04:51 -------- d-----w- c:\windows\system32\Macromed 2013-06-10 01:27 . 2013-06-10 01:27 -------- d-----w- c:\program files\Wise 2013-06-09 23:45 . 2013-06-09 22:48 -------- d-----w- c:\users\Standard Alien 2013-06-09 22:05 . 2013-06-10 23:36 -------- d-----w- c:\users\Not for alliens 2013-06-09 12:23 . 2013-06-12 23:30 -------- d-----w- c:\program files\Auslogics 2013-06-09 11:01 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll 2013-06-09 11:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2013-06-09 11:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-06-09 10:21 . 2013-06-09 10:21 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-06-09 10:07 . 2013-06-10 03:24 -------- d-----w- c:\users\UpdatusUser 2013-06-09 10:07 . 2013-06-13 08:47 -------- d-----w- c:\programdata\NVIDIA 2013-06-09 10:06 . 2013-01-18 14:20 639776 ----a-w- c:\windows\system32\nvvsvc.exe 2013-06-09 10:06 . 2013-01-18 14:20 62752 ----a-w- c:\windows\system32\nvshext.dll 2013-06-09 10:06 . 2013-01-18 14:20 2557728 ----a-w- c:\windows\system32\nvsvcr.dll 2013-06-09 10:06 . 2013-01-18 14:21 4133664 ----a-w- c:\windows\system32\nvcpl.dll 2013-06-09 10:06 . 2013-01-18 14:21 3005728 ----a-w- c:\windows\system32\nvsvc.dll 2013-06-09 10:06 . 2013-01-18 14:20 108832 ----a-w- c:\windows\system32\nvmctray.dll 2013-06-09 10:05 . 2013-02-26 12:22 53024 ----a-w- c:\windows\system32\OpenCL.dll 2013-06-09 10:04 . 2013-06-09 10:04 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-06-09 10:04 . 2013-06-09 10:07 -------- d-----w- c:\program files\NVIDIA Corporation 2013-06-09 07:04 . 2013-06-09 07:25 -------- d-----w- c:\programdata\OnlineArmor 2013-06-09 07:03 . 2012-10-03 03:03 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys 2013-06-09 07:03 . 2012-10-03 03:02 31768 ----a-w- c:\windows\system32\drivers\OAnet.sys 2013-06-09 07:03 . 2012-10-03 03:02 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys 2013-06-09 07:03 . 2012-10-03 03:02 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys 2013-06-09 07:03 . 2013-06-12 22:22 -------- d-----w- c:\program files\Online Armor 2013-06-09 06:06 . 2013-06-13 08:39 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2013-06-09 06:05 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-09 06:05 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-09 06:05 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-06-09 06:05 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe 2013-06-09 05:14 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2013-06-09 05:14 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2013-06-09 05:14 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2013-06-09 04:48 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe 2013-06-09 04:48 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-06-09 04:47 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll 2013-06-09 04:47 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-06-09 04:47 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2013-06-09 04:29 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2013-06-09 04:25 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-06-09 04:24 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll 2013-06-09 04:23 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-06-09 04:15 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll 2013-06-09 04:14 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe 2013-06-09 04:03 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-06-09 04:03 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-06-09 04:03 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2013-06-09 04:03 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2013-06-09 04:03 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2013-06-09 03:52 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-09 03:52 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll 2013-06-09 03:52 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-09 03:44 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll 2013-06-09 03:44 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll 2013-06-09 03:44 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll 2013-06-09 03:44 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll 2013-06-09 03:44 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll 2013-06-09 03:44 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2013-06-09 03:44 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-06-09 03:44 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2013-06-09 03:21 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-06-09 03:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-06-09 03:21 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-06-09 03:21 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-06-09 03:21 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-06-09 03:21 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-06-09 03:21 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-06-09 03:21 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll 2013-06-09 03:21 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll 2013-06-09 03:20 . 2013-06-09 03:20 -------- d-----w- c:\programdata\Innovative Solutions 2013-06-09 03:20 . 2013-06-09 03:20 -------- d-----w- c:\program files\Common Files\Innovative Solutions 2013-06-09 03:20 . 2009-11-06 01:24 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl 2013-06-09 03:20 . 2013-06-09 03:20 -------- d-----w- c:\program files\Innovative Solutions 2013-06-09 03:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2013-06-09 02:49 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-09 02:49 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-06-09 02:48 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll 2013-06-09 02:47 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2013-06-09 02:47 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll 2013-06-09 02:47 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll 2013-06-09 02:47 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll 2013-06-09 02:47 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll 2013-06-09 02:47 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll 2013-06-09 02:47 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll 2013-06-09 02:47 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax 2013-06-09 02:47 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll 2013-06-09 02:47 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll 2013-06-09 02:46 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll 2013-06-09 02:46 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe 2013-06-09 02:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2013-06-09 02:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll 2013-06-09 02:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2013-06-09 02:29 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2013-06-09 02:29 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-06-09 02:29 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe 2013-06-09 02:29 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll 2013-06-09 02:29 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll 2013-06-09 02:28 . 2013-06-09 02:28 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-06-09 02:28 . 2013-06-09 02:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2013-06-09 02:28 . 2013-06-09 02:28 1060864 ----a-w- c:\windows\system32\mfc71.dll 2013-06-09 02:06 . 2013-06-09 03:23 3488 ----a-w- c:\windows\system32\drivers\sfi.dat 2013-06-09 02:05 . 2013-06-09 03:26 -------- d-----w- c:\programdata\COMODO 2013-06-09 01:57 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-06-09 01:57 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-06-09 01:49 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2013-06-09 01:49 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-08 11:02 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll 2013-06-08 11:02 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll 2013-04-13 04:45 . 2013-06-09 03:44 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-06-09 03:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-05-31 3587664] "CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-05-24 3591960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\users\Personal account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-6-10 9842040] . c:\users\Standard Alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-6-10 9842040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2012-10-03 366440] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-05 701512] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 MFE_RR;MFE_RR;c:\users\Backup\AppData\Local\Temp\mfe_rr.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2012-10-03 4463864] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-06-08 1343400] R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-06-12 106280] R4 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2013-04-26 580232] S0 AXTrack;AXTrack;c:\windows\system32\DRIVERS\AXTrack.sys [2013-06-12 48216] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-29 22056] S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2012-05-01 37856] S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2013-03-29 14432] S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-10-03 208320] S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-10-03 44992] S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-10-03 27648] S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2013-05-31 2626880] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-05-25 102344] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-05 418376] S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2012-10-03 216072] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2012-05-01 54072] S3 AXMount;AXDBus Enumerator;c:\windows\system32\DRIVERS\AXMount.sys [2013-06-12 59552] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-05 22856] S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2012-10-03 31768] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . Contents of the 'Scheduled Tasks' folder . 2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-10 04:51] . 2013-06-10 c:\windows\Tasks\Wise Turbo Checker.job - c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2013-06-10 22:06] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-06-07 23:13; mozilla_cc@internetdownloadmanager.com; c:\users\Backup\AppData\Roaming\IDM\idmmzcc5 FF - ExtSQL: 2013-06-07 23:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-06-09 18:42; FasterFox_Lite@BigRedBrent; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\FasterFox_Lite@BigRedBrent FF - ExtSQL: 2013-06-09 20:12; imageblock@hemantvats.com; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\imageblock@hemantvats.com.xpi FF - ExtSQL: 2013-06-09 20:16; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - ExtSQL: 2013-06-09 20:16; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-06-09 20:16; firefox@ghostery.com; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\firefox@ghostery.com FF - ExtSQL: 2013-06-10 13:54; uriloader@pdf.js; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\uriloader@pdf.js.xpi FF - ExtSQL: 2013-06-11 16:21; jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi FF - ExtSQL: 2013-06-11 16:26; ich@maltegoetz.de; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\ich@maltegoetz.de . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-WRSVC - c:\program files\Webroot\WRSA.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3248) c:\windows\system32\NetworkExplorer.dll c:\windows\system32\prnfldr.dll c:\windows\system32\dxp.dll c:\windows\system32\wwanapi.dll c:\windows\System32\QAgent.dll c:\windows\system32\imapi2.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\Internet Download Manager\IEMonitor.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2013-06-12 20:51:19 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-13 08:51 ComboFix2.txt 2013-06-12 22:17 . Pre-Run: 32,240,349,184 bytes free Post-Run: 32,209,055,744 bytes free . - - End Of File - - 8A6EB5A864048D1BCEC6EEAB966AAE2B A36C5E4F47E84449FF07ED3517B43A31 -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Is a some extra-ordinary kind of rootkit/malware preventing ComboFix from creating log? Sorry if silly question. -
PC is infected -- Need assistance
Jesus777 replied to Jesus777's topic in Resolved Malware Removal Logs
Nvm my PM. And K I'll boot in safe mode & post the log.