[Help with malware lab]

Typo,*mini-mod and off-topic but it's wrong section.

[Help with malware lab]

Hi everyone. This is my first post. I found the forum trying to google my question. My apologies if this is the wrong forum for my question.

So... I am working on a paper for a master's level malware class and although not required, I want to create a small simple malware analysis lab to view and test out the behavior of some malware with hopes it will make for a good bonus to my paper.

Have 3 raspberri pi computers that i've connected through a switch to create a wired lan that is not connected to the internet. I set one up as a server, configured my iptables firewall on the second, and left the third completely vulnerable. I am hoping to infect the server with malware and monitor how it spreads from machine to machine. I'd check the ports, view network traffic with wireshark, and check the running processes before and after the infection. My issue is that I can't seem to find a place to download a virus. I was hoping to find something like zero.access or zeus but can't find a link to them. Come to think of it, I don't know if they are even available for linux but need something similar. Can anyone help me find a virus or help me with the project?

I do understand that this is a strange request for a stranger seeing as though it can be used for malintent but I do appreciate if there is someone to help....

also any suggestions on keeping it contained in my lab would be appreciated as well. I plan on tossing the sd cards used after the project.

Mini mod and off-topic,but since it's not really malware-removal case,guess I'm allowed to reply? You can view fresh malware samples over Research Center or Malware Domain List

[What are you listening to?]

And now I'm thinking to listen Guns N' Roses' November Rain...

[PC is infected -- Need assistance]

Well, looks like everything is up-to-date.

--------

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, however we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:

• Reopen on your desktop.
  
• Click on
  
• You will be prompted to reboot your system. Please do so.
  

-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

• Outpost Firewall Free
  Online Armor Firewall
  

A tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.

---------------------------------------------------------

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:

Every little bit helps.

-DFB

I'm very grateful that you've cleaned my PC I wish I could donate to you,but this days I'm poor and broken ;_; But you've earned a lot of my respect,sir. This thread can be closed,thank you again,you've saved my life.

[PC is infected -- Need assistance]

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Emsisoft Anti-Malware

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

CCleaner

Adobe Flash Player 11.7.700.224

Adobe Reader XI

Mozilla Firefox (21.0)

````````Process Check: objlist.exe by Laurent````````

Tall Emu Online Armor OAcat.exe

Emsisoft Anti-Malware a2service.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

[PC is infected -- Need assistance]

Sure, try this: SecurityCheck.zip

Thank you,it's downloading gine now :/ Maybe that guy's site is having some problems,I'll post what I've to in my next post.

[PC is infected -- Need assistance]

No luck,could I have another link (or you can upload that file to Mediafire or attach it over this forums)

[PC is infected -- Need assistance]

I'm very sorry to tell you but IDM still says this...---> http://postimg.org/image/am6fj6k9t/

[PC is infected -- Need assistance]

Do we need any further cleaning?

[PC is infected -- Need assistance]

Noteable differences

1. The random blank screen flashing is gone now (that blank screen flash were appering while shutting down and/or switching users (currently deleted my standard account which was used for banking purpose,and my bank account's passed is changed (thx to my iPod) now)
   
2. PC boots faster
   
3. The random browsing slowdowns and memory spikes are gone now (My PC was probably a zombie)
   

[PC is infected -- Need assistance]

Here's the Adwcleaner log

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 22:30:18

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Backup - BACKUP-PC

# Boot Mode : Normal

# Running from : C:\Users\Backup\Downloads\Programs\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\foxydeal.sqlite

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\prefs.js

[OK] File is clean.

File : C:\Users\Standard Alien\AppData\Roaming\Mozilla\Firefox\Profiles\i94acoka.default\prefs.js

[OK] File is clean.

File : C:\Users\Personal account\AppData\Roaming\Mozilla\Firefox\Profiles\keb82onf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1162 octets] - [12/06/2013 20:58:50]

AdwCleaner[R2].txt - [1222 octets] - [12/06/2013 22:29:59]

AdwCleaner[s1].txt - [1155 octets] - [12/06/2013 22:30:18]

########## EOF - C:\AdwCleaner[s1].txt - [1215 octets] ##########

Thank you sooooooooo much for your assistance

[PC is infected -- Need assistance]

OTL log :

All processes killed

========== OTL ==========

ADS C:\ProgramData\TEMP:07BF512B deleted successfully.

C:\Windows\assembly\Desktop.ini moved successfully.

File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.

File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Backup

->Temp folder emptied: 162080 bytes

->Temporary Internet Files folder emptied: 133 bytes

->FireFox cache emptied: 50765867 bytes

->Flash cache emptied: 651 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6580 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 201.00 mb

[EMPTYJAVA]

User: All Users

User: Backup

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Backup

->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06122013_222305

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[PC is infected -- Need assistance]

Nothing found. I'll run the custom fix given by you now.

[PC is infected -- Need assistance]

Okay...e.e

[PC is infected -- Need assistance]

Eset scan will take longer time,can I just scan with EAM?

[PC is infected -- Need assistance]

It'll take a while to update Eset Online Scanner. I'll reply in a few minutes (pasting Eset,OTL & Adwcleaner logs)

[PC is infected -- Need assistance]

That issue happened a while ago and has since been fixed.

I know,but it was funny and ironic that the most effectibe cleaning tool was infected by a simple trojan.

Log file :

OTL logfile created on: 6/12/2013 9:10:30 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Backup\Downloads\Programs

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16521)

Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.37% Memory free

4.00 Gb Paging File | 2.91 Gb Available in Paging File | 72.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 29.87 Gb Free Space | 61.18% Space Free | Partition Type: NTFS

Drive D: | 83.01 Gb Total Space | 82.67 Gb Free Space | 99.59% Space Free | Partition Type: NTFS

Drive E: | 83.01 Gb Total Space | 82.92 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Drive F: | 83.24 Gb Total Space | 83.15 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Computer Name: BACKUP-PC | User Name: Backup | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/12 21:00:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Backup\Downloads\Programs\OTL_2.exe

PRC - [2013/06/08 22:21:22 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2013/05/31 00:08:32 | 003,587,664 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe

PRC - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe

PRC - [2013/05/10 22:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2013/01/18 02:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2013/01/18 02:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012/12/12 01:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe

PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe

PRC - [2011/02/24 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - [2013/06/11 12:22:41 | 000,106,280 | ---- | M] (SurfRight B.V.) [Disabled | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)

SRV - [2013/06/09 16:51:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/06/07 23:02:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)

SRV - [2013/05/11 10:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/05/10 22:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Disabled | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [On_Demand | Stopped] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)

SRV - [2009/07/13 13:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 13:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 13:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Backup\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Backup\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/06/11 16:09:46 | 000,059,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AXMount.sys -- (AXMount)

DRV - [2013/06/11 16:09:46 | 000,048,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AXTrack.sys -- (AXTrack)

DRV - [2013/05/25 03:00:14 | 000,102,344 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/03/28 19:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)

DRV - [2013/03/28 19:03:02 | 000,014,432 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)

DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012/10/02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)

DRV - [2012/10/02 15:02:34 | 000,031,768 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)

DRV - [2012/10/02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)

DRV - [2012/10/02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)

DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)

DRV - [2012/04/30 18:45:00 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)

DRV - [2010/11/20 09:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 09:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 09:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 09:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - [2010/11/20 09:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV - [2010/11/20 09:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)

DRV - [2010/11/20 09:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 09:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 09:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2010/11/20 09:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)

DRV - [2010/11/20 09:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 09:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-in

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 3F 80 F4 37 64 CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.47

FF - prefs.js..extensions.enabledAddons: FasterFox_Lite%40BigRedBrent:3.9.9Lite

FF - prefs.js..extensions.enabledAddons: imageblock%40hemantvats.com:2.1

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2

FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.5

FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Backup\AppData\Roaming\IDM\idmmzcc5 [2013/06/07 23:13:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Backup\AppData\Roaming\IDM\idmmzcc5 [2013/06/07 23:13:19 | 000,000,000 | ---D | M]

[2013/06/07 23:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Extensions

[2013/06/11 17:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions

[2013/06/09 20:16:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2013/06/09 18:42:05 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\FasterFox_Lite@BigRedBrent

[2013/06/09 20:16:45 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\firefox@ghostery.com

[2013/06/11 16:26:43 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\ich@maltegoetz.de

[2013/06/09 20:12:54 | 000,018,146 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\imageblock@hemantvats.com.xpi

[2013/06/11 16:21:26 | 000,171,863 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi

[2013/06/10 13:54:34 | 000,581,999 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\uriloader@pdf.js.xpi

[2013/06/09 20:16:34 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013/06/07 23:38:15 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/06/07 23:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2013/06/07 23:27:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/06/07 23:13:19 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\BACKUP\APPDATA\ROAMING\IDM\IDMMZCC5

O1 HOSTS File: ([2013/06/12 20:48:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll File not found

O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll File not found

O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()

O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found

O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F44D9B6B-EF60-48C8-BDA0-BF8E2DC78AB0}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA14D618-A0D0-42E5-A5E3-6763088E0C15}: NameServer = 218.248.241.2 218.248.255.212

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)

O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found

O29 - HKLM SecurityProviders - (digest.dll) - File not found

O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/12 20:49:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/12 20:47:03 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/06/12 19:10:12 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Adobe

[2013/06/12 19:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2013/06/12 19:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2013/06/12 19:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2013/06/11 23:15:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/06/11 23:15:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/06/11 23:15:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/06/11 23:14:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/06/11 23:14:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/06/11 23:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/06/11 22:56:07 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Backup\Desktop\ComboFix.exe

[2013/06/11 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\Backup\Desktop\mbar

[2013/06/11 16:09:46 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll

[2013/06/11 16:09:46 | 000,059,552 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXMount.sys

[2013/06/11 16:09:46 | 000,048,216 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXTrack.sys

[2013/06/11 16:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\AXTM

[2013/06/11 12:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2013/06/10 23:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Shadow Defender

[2013/06/10 23:06:37 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\CrashDumps

[2013/06/10 19:00:28 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Greenshot

[2013/06/10 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Greenshot

[2013/06/10 18:15:51 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

[2013/06/10 18:15:30 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\lptmp61532271

[2013/06/10 17:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData

[2013/06/10 12:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith

[2013/06/10 12:32:33 | 000,000,000 | ---D | C] -- C:\Users\Backup\Documents\Snagit

[2013/06/10 12:31:33 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\assembly

[2013/06/10 12:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith

[2013/06/10 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\TechSmith

[2013/06/10 12:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith

[2013/06/09 22:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2013/06/09 21:46:24 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\ASCOMP Software

[2013/06/09 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2013/06/09 18:09:32 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Google

[2013/06/09 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Macromedia

[2013/06/09 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Macromedia

[2013/06/09 16:51:02 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/06/09 16:51:02 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/06/09 16:51:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2013/06/09 13:28:30 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Wise Care 365

[2013/06/09 13:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365

[2013/06/09 13:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Wise

[2013/06/09 11:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2013/06/09 00:23:17 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Auslogics

[2013/06/09 00:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics

[2013/06/09 00:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2013/06/08 23:13:14 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Adobe

[2013/06/08 23:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2013/06/08 23:01:04 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2013/06/08 23:01:03 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2013/06/08 23:01:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2013/06/08 22:22:31 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/06/08 22:22:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/06/08 22:22:29 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/06/08 22:22:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/06/08 22:22:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/06/08 22:22:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/06/08 22:22:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/06/08 22:22:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/06/08 22:22:28 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/06/08 22:22:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/06/08 22:22:27 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/06/08 22:22:27 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/06/08 22:22:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/06/08 22:22:26 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/06/08 22:22:26 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/06/08 22:22:26 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/06/08 22:22:26 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/06/08 22:22:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/06/08 22:22:26 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/06/08 22:22:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/06/08 22:22:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/06/08 22:22:26 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/06/08 22:22:26 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/06/08 22:22:25 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/06/08 22:22:25 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/06/08 22:22:24 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/06/08 22:22:24 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/06/08 22:22:24 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/06/08 22:22:24 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/06/08 22:22:24 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/06/08 22:22:24 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/06/08 22:22:24 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/06/08 22:22:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/06/08 22:22:24 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/06/08 22:22:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/06/08 22:22:23 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/06/08 22:21:22 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

[2013/06/08 22:18:13 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2013/06/08 22:18:13 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2013/06/08 22:18:13 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/06/08 22:18:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/06/08 22:18:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/06/08 22:18:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

[2013/06/08 22:18:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/06/08 22:18:12 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll

[2013/06/08 22:18:12 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2013/06/08 22:18:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013/06/08 22:18:12 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013/06/08 22:18:12 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2013/06/08 22:18:12 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013/06/08 22:18:12 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013/06/08 22:18:12 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2013/06/08 22:18:12 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013/06/08 22:18:11 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013/06/08 22:18:11 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013/06/08 22:18:11 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013/06/08 22:18:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2013/06/08 22:18:11 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2013/06/08 22:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2013/06/08 22:06:51 | 002,557,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll

[2013/06/08 22:06:51 | 000,062,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll

[2013/06/08 22:06:50 | 004,133,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2013/06/08 22:06:50 | 003,005,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2013/06/08 22:06:50 | 000,108,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2013/06/08 22:05:29 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2013/06/08 22:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2013/06/08 22:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2013/06/08 19:04:36 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\OnlineArmor

[2013/06/08 19:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor

[2013/06/08 19:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor

[2013/06/08 19:03:09 | 000,031,768 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys

[2013/06/08 19:03:09 | 000,027,648 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys

[2013/06/08 19:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor

[2013/06/08 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

[2013/06/08 18:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware

[2013/06/08 18:06:10 | 000,000,000 | ---D | C] -- C:\Users\Backup\Documents\Anti-Malware

[2013/06/08 18:05:49 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013/06/08 18:05:49 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013/06/08 18:05:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2013/06/08 16:47:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys

[2013/06/08 16:25:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys

[2013/06/08 16:15:35 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll

[2013/06/08 16:14:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

[2013/06/08 16:03:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2013/06/08 15:44:49 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2013/06/08 15:44:49 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll

[2013/06/08 15:44:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll

[2013/06/08 15:44:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2013/06/08 15:30:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/06/08 15:30:41 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe

[2013/06/08 15:30:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2013/06/08 15:30:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2013/06/08 15:30:30 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2013/06/08 15:30:28 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll

[2013/06/08 15:30:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2013/06/08 15:30:21 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll

[2013/06/08 15:21:16 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll

[2013/06/08 15:21:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2013/06/08 15:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions

[2013/06/08 15:20:33 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal

[2013/06/08 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Innovative Solutions

[2013/06/08 15:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions

[2013/06/08 15:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO

[2013/06/08 15:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions

[2013/06/08 15:06:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

[2013/06/08 15:06:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2013/06/08 15:06:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2013/06/08 15:06:44 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll

[2013/06/08 15:06:44 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll

[2013/06/08 15:06:44 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll

[2013/06/08 15:06:44 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll

[2013/06/08 15:06:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll

[2013/06/08 15:06:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll

[2013/06/08 15:06:39 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll

[2013/06/08 14:49:08 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2013/06/08 14:48:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2013/06/08 14:47:31 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe

[2013/06/08 14:47:30 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll

[2013/06/08 14:47:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2013/06/08 14:47:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll

[2013/06/08 14:47:24 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll

[2013/06/08 14:47:23 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll

[2013/06/08 14:47:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2013/06/08 14:47:16 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2013/06/08 14:47:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2013/06/08 14:46:27 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2013/06/08 14:37:24 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2013/06/08 14:37:24 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll

[2013/06/08 14:37:24 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs

[2013/06/08 14:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs

[2013/06/08 14:37:24 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs

[2013/06/08 14:37:24 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs

[2013/06/08 14:37:24 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs

[2013/06/08 14:37:24 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs

[2013/06/08 14:37:24 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs

[2013/06/08 14:37:24 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs

[2013/06/08 14:37:24 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs

[2013/06/08 14:37:24 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs

[2013/06/08 14:37:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs

[2013/06/08 14:37:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs

[2013/06/08 14:37:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs

[2013/06/08 14:37:24 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs

[2013/06/08 14:36:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013/06/08 14:36:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll

[2013/06/08 14:36:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2013/06/08 14:36:50 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2013/06/08 14:36:47 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll

[2013/06/08 14:36:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll

[2013/06/08 14:36:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll

[2013/06/08 14:36:47 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll

[2013/06/08 14:36:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll

[2013/06/08 14:36:45 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll

[2013/06/08 14:36:45 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll

[2013/06/08 14:36:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe

[2013/06/08 14:36:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2013/06/08 14:29:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe

[2013/06/08 14:29:43 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

[2013/06/08 14:29:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2013/06/08 14:29:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll

[2013/06/08 14:29:39 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2013/06/08 14:28:56 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2013/06/08 14:28:56 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2013/06/08 14:28:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2013/06/08 14:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO

[2013/06/08 13:57:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll

[2013/06/08 13:57:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll

[2013/06/08 13:49:16 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2013/06/08 13:49:16 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2013/06/08 13:38:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2013/06/08 12:44:53 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys

[2013/06/08 12:44:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll

[2013/06/08 12:44:43 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll

[2013/06/08 12:44:42 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll

[2013/06/08 12:44:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll

[2013/06/08 11:29:37 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll

[2013/06/08 11:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2013/06/08 11:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2013/06/08 10:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

[2013/06/08 10:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/06/08 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Malwarebytes

[2013/06/08 10:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/06/08 10:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/06/08 10:03:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/06/08 10:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/06/08 10:02:52 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Programs

[2013/06/08 09:37:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2013/06/08 09:37:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2013/06/08 09:37:04 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2013/06/08 09:37:04 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2013/06/08 09:37:04 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2013/06/08 09:36:58 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2013/06/08 09:36:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2013/06/08 00:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/06/08 00:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/06/07 23:46:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2013/06/07 23:27:53 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Mozilla

[2013/06/07 23:27:53 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Mozilla

[2013/06/07 23:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2013/06/07 23:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2013/06/07 23:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/06/07 23:21:15 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2013/06/07 23:13:09 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\IDM

[2013/06/07 23:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM

[2013/06/07 23:13:09 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\DMCache

[2013/06/07 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

[2013/06/07 23:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

[2013/06/07 23:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager

[2013/06/07 23:02:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2013/06/07 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Diagnostics

[2013/06/07 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Microsoft Games

[2013/06/07 22:25:02 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013/06/07 22:25:02 | 000,000,000 | R--D | C] -- C:\Users\Backup\Searches

[2013/06/07 22:25:02 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013/06/07 22:25:02 | 000,000,000 | -H-D | C] -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2013/06/07 22:24:53 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Identities

[2013/06/07 22:24:52 | 000,000,000 | R--D | C] -- C:\Users\Backup\Contacts

[2013/06/07 22:24:46 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\VirtualStore

[2013/06/07 22:24:45 | 000,000,000 | --SD | C] -- C:\Users\Backup\AppData\Roaming\Microsoft

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Videos

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Saved Games

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Pictures

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Music

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Links

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Favorites

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Downloads

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Documents

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Desktop

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\AppData\Local\Temporary Internet Files

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Templates

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Start Menu

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\SendTo

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Recent

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\PrintHood

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\NetHood

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Documents\My Videos

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Documents\My Pictures

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Documents\My Music

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\My Documents

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Local Settings

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\AppData\Local\History

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Application Data

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\AppData\Local\Application Data

[2013/06/07 22:24:45 | 000,000,000 | -H-D | C] -- C:\Users\Backup\AppData

[2013/06/07 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Temp

[2013/06/07 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Microsoft

[2013/06/07 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Media Center Programs

[2013/06/07 22:24:26 | 000,000,000 | ---D | C] -- C:\Recovery

[2013/06/07 18:07:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2013/06/07 17:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2013/06/07 17:12:27 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2013/06/07 17:10:06 | 000,000,000 | ---D | C] -- C:\found.000

[2013/06/07 04:28:26 | 000,000,000 | ---D | C] -- C:\Boot

[2013/05/31 16:10:29 | 000,102,344 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys

[2013/05/20 18:59:09 | 000,000,000 | ---D | C] -- C:\$AVG

========== Files - Modified Within 30 Days ==========

[2013/06/12 21:11:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/06/12 20:48:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/06/12 20:48:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2013/06/12 20:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/12 20:47:37 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/12 20:38:47 | 009,842,040 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

[2013/06/12 19:09:26 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/06/12 16:26:26 | 000,665,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/06/12 16:26:26 | 000,125,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/06/12 13:01:21 | 000,632,167 | ---- | M] () -- C:\Users\Backup\Desktop\Desktop1.png

[2013/06/11 22:59:09 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Backup\Desktop\ComboFix.exe

[2013/06/11 18:34:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_AXMount_01009.Wdf

[2013/06/11 17:32:05 | 000,000,044 | ---- | M] () -- C:\Users\Backup\AppData\Roaming\mbam.context.scan

[2013/06/11 16:09:47 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll

[2013/06/11 16:09:46 | 000,059,552 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXMount.sys

[2013/06/11 16:09:46 | 000,048,216 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXTrack.sys

[2013/06/11 12:40:54 | 000,007,626 | ---- | M] () -- C:\Users\Backup\AppData\Local\Resmon.ResmonCfg

[2013/06/11 12:22:41 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2013/06/11 12:15:00 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.exe.lnk

[2013/06/10 23:29:33 | 000,004,670 | ---- | M] () -- C:\Users\Backup\Documents\cc_20130610_232926.reg

[2013/06/10 18:01:08 | 000,378,787 | ---- | M] () -- C:\Users\Backup\Documents\Muahahahaahahahhaahhahaahah - Webroot.WR

[2013/06/10 12:45:02 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Snagit 11 Editor.lnk

[2013/06/10 12:45:02 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Snagit 11.lnk

[2013/06/10 12:39:39 | 005,861,023 | ---- | M] () -- C:\Users\Backup\Documents\10-06-2013 12-36-54.mp4

[2013/06/10 12:30:37 | 000,001,114 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk

[2013/06/09 23:42:42 | 000,001,314 | ---- | M] () -- C:\Users\Backup\Desktop\Auslogics Disk Defrag Professional.lnk

[2013/06/09 23:37:20 | 000,876,162 | ---- | M] () -- C:\Users\Backup\Documents\OASettings130609.OA

[2013/06/09 23:28:35 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/09 23:28:35 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/09 17:12:25 | 000,001,580 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2013/06/09 16:51:02 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/06/09 16:51:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/06/09 14:49:56 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job

[2013/06/09 13:28:12 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk

[2013/06/08 22:22:31 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/06/08 22:22:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/06/08 22:22:29 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/06/08 22:22:29 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/06/08 22:22:29 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/06/08 22:22:28 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/06/08 22:22:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/06/08 22:22:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/06/08 22:22:28 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/06/08 22:22:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/06/08 22:22:27 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/06/08 22:22:27 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/06/08 22:22:27 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/06/08 22:22:26 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/06/08 22:22:26 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/06/08 22:22:26 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/06/08 22:22:26 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/06/08 22:22:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/06/08 22:22:26 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/06/08 22:22:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/06/08 22:22:26 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/06/08 22:22:26 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/06/08 22:22:26 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/06/08 22:22:25 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/06/08 22:22:25 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/06/08 22:22:24 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/06/08 22:22:24 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/06/08 22:22:24 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/06/08 22:22:24 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/06/08 22:22:24 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/06/08 22:22:24 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/06/08 22:22:24 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/06/08 22:22:24 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/06/08 22:22:24 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/06/08 22:22:24 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/06/08 22:22:24 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2013/06/08 22:22:23 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/06/08 22:21:22 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

[2013/06/08 22:18:13 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll

[2013/06/08 22:18:13 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2013/06/08 22:18:13 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2013/06/08 22:18:13 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/06/08 22:18:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/06/08 22:18:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/06/08 22:18:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

[2013/06/08 22:18:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/06/08 22:18:12 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2013/06/08 22:18:12 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013/06/08 22:18:12 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013/06/08 22:18:12 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013/06/08 22:18:12 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2013/06/08 22:18:12 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013/06/08 22:18:12 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013/06/08 22:18:12 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2013/06/08 22:18:12 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013/06/08 22:18:11 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013/06/08 22:18:11 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013/06/08 22:18:11 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2013/06/08 22:18:11 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2013/06/08 19:34:52 | 000,362,415 | ---- | M] () -- C:\Users\Backup\Documents\OASettings130608.OA

[2013/06/08 19:32:47 | 000,002,110 | ---- | M] () -- C:\Users\Backup\Documents\cc_20130608_193238.reg

[2013/06/08 19:25:52 | 000,001,895 | ---- | M] () -- C:\Users\Backup\Desktop\Online Armor.lnk

[2013/06/08 18:06:43 | 000,001,077 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk

[2013/06/08 18:06:43 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

[2013/06/08 15:23:21 | 000,003,488 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat

[2013/06/08 15:20:32 | 000,002,385 | ---- | M] () -- C:\Users\Backup\Desktop\Advanced Uninstaller PRO 11.lnk

[2013/06/08 14:28:56 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2013/06/08 14:28:56 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2013/06/08 11:46:00 | 000,000,000 | -H-- | M] () -- C:\Users\Backup\Documents\Default.rdp

[2013/06/08 11:09:19 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' anti-malware.lnk

[2013/06/08 11:03:12 | 000,203,836 | RHS- | M] () -- C:\grldr

[2013/06/08 11:03:12 | 000,000,000 | RHS- | M] () -- C:\winx.ld

[2013/06/08 09:47:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/06/08 00:07:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/06/07 23:27:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/06/07 23:02:30 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll

[2013/06/07 23:02:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll

[2013/06/07 22:25:20 | 000,001,411 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/06/07 18:07:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2013/06/07 18:07:02 | 000,000,533 | RHS- | M] () -- C:\Boot.ini.saved

[2013/06/07 17:14:42 | 000,116,385 | ---- | M] () -- C:\Windows\System32\license.rtf

[2013/06/07 17:13:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/05/25 03:00:14 | 000,102,344 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys

========== Files Created - No Company Name ==========

[2013/06/12 19:09:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2013/06/12 19:09:26 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/06/12 13:01:20 | 000,632,167 | ---- | C] () -- C:\Users\Backup\Desktop\Desktop1.png

[2013/06/11 23:15:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/06/11 23:15:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/06/11 23:15:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/06/11 23:15:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/06/11 23:15:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/06/11 18:34:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_AXMount_01009.Wdf

[2013/06/11 17:32:05 | 000,000,044 | ---- | C] () -- C:\Users\Backup\AppData\Roaming\mbam.context.scan

[2013/06/11 12:15:26 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2013/06/11 12:15:00 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.exe.lnk

[2013/06/10 23:29:30 | 000,004,670 | ---- | C] () -- C:\Users\Backup\Documents\cc_20130610_232926.reg

[2013/06/10 18:01:08 | 000,378,787 | ---- | C] () -- C:\Users\Backup\Documents\Muahahahaahahahhaahhahaahah - Webroot.WR

[2013/06/10 12:36:54 | 005,861,023 | ---- | C] () -- C:\Users\Backup\Documents\10-06-2013 12-36-54.mp4

[2013/06/10 12:30:37 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Snagit 11 Editor.lnk

[2013/06/10 12:30:37 | 000,001,114 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk

[2013/06/10 12:30:36 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Snagit 11.lnk

[2013/06/09 23:42:41 | 000,001,314 | ---- | C] () -- C:\Users\Backup\Desktop\Auslogics Disk Defrag Professional.lnk

[2013/06/09 23:37:15 | 000,876,162 | ---- | C] () -- C:\Users\Backup\Documents\OASettings130609.OA

[2013/06/09 17:02:13 | 000,001,580 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2013/06/09 16:51:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/06/09 13:35:26 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job

[2013/06/09 13:28:12 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk

[2013/06/08 22:22:24 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/06/08 19:34:50 | 000,362,415 | ---- | C] () -- C:\Users\Backup\Documents\OASettings130608.OA

[2013/06/08 19:32:45 | 000,002,110 | ---- | C] () -- C:\Users\Backup\Documents\cc_20130608_193238.reg

[2013/06/08 19:25:52 | 000,001,895 | ---- | C] () -- C:\Users\Backup\Desktop\Online Armor.lnk

[2013/06/08 19:03:09 | 000,208,320 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys

[2013/06/08 19:03:09 | 000,044,992 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys

[2013/06/08 18:06:43 | 000,001,077 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk

[2013/06/08 18:06:43 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

[2013/06/08 15:20:32 | 000,002,385 | ---- | C] () -- C:\Users\Backup\Desktop\Advanced Uninstaller PRO 11.lnk

[2013/06/08 15:20:32 | 000,002,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk

[2013/06/08 15:20:30 | 000,042,496 | ---- | C] () -- C:\Windows\System32\AdvUninstCPL.cpl

[2013/06/08 14:06:17 | 000,003,488 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat

[2013/06/08 14:05:35 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2013/06/08 13:45:40 | 000,007,626 | ---- | C] () -- C:\Users\Backup\AppData\Local\Resmon.ResmonCfg

[2013/06/08 12:44:54 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2013/06/08 12:44:42 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2013/06/08 11:46:00 | 000,000,000 | -H-- | C] () -- C:\Users\Backup\Documents\Default.rdp

[2013/06/08 11:03:04 | 000,000,000 | RHS- | C] () -- C:\winx.ld

[2013/06/08 11:03:03 | 000,203,836 | RHS- | C] () -- C:\grldr

[2013/06/08 10:03:04 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' anti-malware.lnk

[2013/06/08 00:07:28 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/06/07 23:46:35 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/06/07 23:27:22 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2013/06/07 23:27:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/06/07 22:25:20 | 000,001,411 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/06/07 22:25:03 | 000,001,417 | ---- | C] () -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013/06/07 22:24:45 | 000,000,290 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2013/06/07 22:24:45 | 000,000,272 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2013/06/07 18:07:02 | 000,000,389 | -H-- | C] () -- C:\Boot.BAK

[2013/06/07 17:14:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2013/06/07 17:14:24 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2013/06/07 17:13:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/06/07 17:11:41 | 1609,179,136 | -HS- | C] () -- C:\hiberfil.sys

[2013/06/07 04:28:35 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2013/06/07 04:28:29 | 000,383,786 | RHS- | C] () -- C:\bootmgr

========== ZeroAccess Check ==========

[2009/07/13 16:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 16:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 13:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

[PC is infected -- Need assistance]

We can just reinstall WSAC when you're all clean.

If you don't see the "Scan All Users" just forget about that part and continue with running the scan

Yeah I'll re-install it later,but was kinda curious (Recently ComboFix was infected according to Wilders & Bleepingcomputers,so it's obivious it would have some bugs) Plus K I'll scan my PC and post my log.

[PC is infected -- Need assistance]

Try rebooting the system

I did. I uninstalled,rebooted in safemode,but CF did say that I've WSA in my system.

[PC is infected -- Need assistance]

Adwcleaner log :

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 20:58:50

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Backup - BACKUP-PC

# Boot Mode : Normal

# Running from : C:\Users\Backup\Downloads\Programs\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\foxydeal.sqlite

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\prefs.js

[OK] File is clean.

File : C:\Users\Standard Alien\AppData\Roaming\Mozilla\Firefox\Profiles\i94acoka.default\prefs.js

[OK] File is clean.

File : C:\Users\Personal account\AppData\Roaming\Mozilla\Firefox\Profiles\keb82onf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1033 octets] - [12/06/2013 20:58:50]

########## EOF - C:\AdwCleaner[R1].txt - [1093 octets] ##########

For the OTL log,I don't see any 'scan all users' tickbox?

[PC is infected -- Need assistance]

K I'll follow your instructions.

[PC is infected -- Need assistance]

Even when I click WSAC from my quick-launch,it says that file not found. What the hell? Help me :/

[PC is infected -- Need assistance]

It's tough to say- I've never seen this happen before.

Edit: but yeah it's starting to sound like that.

Here's the log (Fred,I'm sorry for the delay,but I had some problems with safemode,EAM wouldn't disable in safemode so I needed to disable its startup and uninstall Webroot since I couldn't disable its startup,but for some very strange reason,after uninstall WSAC,ComboFix said it's runing and enabled,but I clicked 'ok' anyway)

ComboFix 13-06-08.02 - Backup 12-06-2013 20:43:32.5.2 - x86 MINIMAL

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2046.1328 [GMT -12:00]

Running from: c:\users\Backup\Desktop\ComboFix.exe

Command switches used :: c:\users\Backup\Desktop\CFScript.txt

AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll

.

((((((((((((((((((((((((( Files Created from 2013-05-13 to 2013-06-13 )))))))))))))))))))))))))))))))

.

.

2013-06-13 08:47 . 2013-06-13 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-13 07:08 . 2013-06-13 07:09 -------- d-----w- c:\program files\Common Files\Adobe

2013-06-12 11:03 . 2013-06-13 04:45 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-12 04:09 . 2013-06-12 04:09 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2013-06-12 04:09 . 2013-06-12 04:09 59552 ----a-w- c:\windows\system32\drivers\AXMount.sys

2013-06-12 04:09 . 2013-06-12 04:09 48216 ----a-w- c:\windows\system32\drivers\AXTrack.sys

2013-06-12 04:09 . 2013-06-12 04:09 -------- d-----w- c:\program files\AXTM

2013-06-12 00:14 . 2013-06-12 00:15 -------- d-----w- c:\program files\HitmanPro

2013-06-11 11:10 . 2013-06-12 00:24 -------- d-----w- c:\program files\Shadow Defender

2013-06-11 06:15 . 2013-06-13 08:38 9842040 ----a-w- c:\program files\Common Files\wruninstall.exe

2013-06-11 05:46 . 2013-06-13 08:38 -------- d-----w- c:\programdata\WRData

2013-06-11 00:40 . 2013-06-11 00:45 -------- d-----w- c:\users\Personal account

2013-06-11 00:30 . 2013-06-11 00:30 -------- d-----w- c:\programdata\TechSmith

2013-06-11 00:30 . 2013-06-11 00:30 -------- d-----w- c:\program files\TechSmith

2013-06-10 10:35 . 2013-06-10 10:35 -------- d-----w- c:\program files\Microsoft.NET

2013-06-10 06:09 . 2013-06-10 07:15 -------- d-----w- c:\program files\Google

2013-06-10 04:51 . 2013-06-10 04:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-10 04:51 . 2013-06-10 04:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-10 04:51 . 2013-06-10 04:51 -------- d-----w- c:\windows\system32\Macromed

2013-06-10 01:27 . 2013-06-10 01:27 -------- d-----w- c:\program files\Wise

2013-06-09 23:45 . 2013-06-09 22:48 -------- d-----w- c:\users\Standard Alien

2013-06-09 22:05 . 2013-06-10 23:36 -------- d-----w- c:\users\Not for alliens

2013-06-09 12:23 . 2013-06-12 23:30 -------- d-----w- c:\program files\Auslogics

2013-06-09 11:01 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll

2013-06-09 11:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-06-09 11:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-06-09 10:21 . 2013-06-09 10:21 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-06-09 10:07 . 2013-06-10 03:24 -------- d-----w- c:\users\UpdatusUser

2013-06-09 10:07 . 2013-06-13 08:47 -------- d-----w- c:\programdata\NVIDIA

2013-06-09 10:06 . 2013-01-18 14:20 639776 ----a-w- c:\windows\system32\nvvsvc.exe

2013-06-09 10:06 . 2013-01-18 14:20 62752 ----a-w- c:\windows\system32\nvshext.dll

2013-06-09 10:06 . 2013-01-18 14:20 2557728 ----a-w- c:\windows\system32\nvsvcr.dll

2013-06-09 10:06 . 2013-01-18 14:21 4133664 ----a-w- c:\windows\system32\nvcpl.dll

2013-06-09 10:06 . 2013-01-18 14:21 3005728 ----a-w- c:\windows\system32\nvsvc.dll

2013-06-09 10:06 . 2013-01-18 14:20 108832 ----a-w- c:\windows\system32\nvmctray.dll

2013-06-09 10:05 . 2013-02-26 12:22 53024 ----a-w- c:\windows\system32\OpenCL.dll

2013-06-09 10:04 . 2013-06-09 10:04 -------- d-----w- c:\programdata\NVIDIA Corporation

2013-06-09 10:04 . 2013-06-09 10:07 -------- d-----w- c:\program files\NVIDIA Corporation

2013-06-09 07:04 . 2013-06-09 07:25 -------- d-----w- c:\programdata\OnlineArmor

2013-06-09 07:03 . 2012-10-03 03:03 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys

2013-06-09 07:03 . 2012-10-03 03:02 31768 ----a-w- c:\windows\system32\drivers\OAnet.sys

2013-06-09 07:03 . 2012-10-03 03:02 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys

2013-06-09 07:03 . 2012-10-03 03:02 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys

2013-06-09 07:03 . 2013-06-12 22:22 -------- d-----w- c:\program files\Online Armor

2013-06-09 06:06 . 2013-06-13 08:39 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2013-06-09 06:05 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-09 06:05 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-09 06:05 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-06-09 06:05 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe

2013-06-09 05:14 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2013-06-09 05:14 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2013-06-09 05:14 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2013-06-09 04:48 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe

2013-06-09 04:48 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-06-09 04:47 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll

2013-06-09 04:47 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-06-09 04:47 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2013-06-09 04:29 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-06-09 04:25 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-06-09 04:24 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll

2013-06-09 04:23 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-06-09 04:15 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2013-06-09 04:14 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe

2013-06-09 04:03 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-06-09 04:03 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-06-09 04:03 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2013-06-09 04:03 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2013-06-09 04:03 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll

2013-06-09 03:52 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-06-09 03:52 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll

2013-06-09 03:52 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-06-09 03:44 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll

2013-06-09 03:44 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll

2013-06-09 03:44 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll

2013-06-09 03:44 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll

2013-06-09 03:44 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll

2013-06-09 03:44 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2013-06-09 03:44 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-06-09 03:44 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2013-06-09 03:21 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-06-09 03:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-06-09 03:21 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-06-09 03:21 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-06-09 03:21 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll

2013-06-09 03:21 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll

2013-06-09 03:21 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-06-09 03:21 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll

2013-06-09 03:21 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll

2013-06-09 03:20 . 2013-06-09 03:20 -------- d-----w- c:\programdata\Innovative Solutions

2013-06-09 03:20 . 2013-06-09 03:20 -------- d-----w- c:\program files\Common Files\Innovative Solutions

2013-06-09 03:20 . 2009-11-06 01:24 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl

2013-06-09 03:20 . 2013-06-09 03:20 -------- d-----w- c:\program files\Innovative Solutions

2013-06-09 03:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2013-06-09 02:49 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-09 02:49 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-06-09 02:48 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2013-06-09 02:47 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2013-06-09 02:47 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll

2013-06-09 02:47 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll

2013-06-09 02:47 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2013-06-09 02:47 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2013-06-09 02:47 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll

2013-06-09 02:47 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll

2013-06-09 02:47 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2013-06-09 02:47 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll

2013-06-09 02:47 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2013-06-09 02:46 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll

2013-06-09 02:46 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe

2013-06-09 02:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2013-06-09 02:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-06-09 02:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2013-06-09 02:29 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2013-06-09 02:29 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-06-09 02:29 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe

2013-06-09 02:29 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll

2013-06-09 02:29 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll

2013-06-09 02:28 . 2013-06-09 02:28 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-06-09 02:28 . 2013-06-09 02:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2013-06-09 02:28 . 2013-06-09 02:28 1060864 ----a-w- c:\windows\system32\mfc71.dll

2013-06-09 02:06 . 2013-06-09 03:23 3488 ----a-w- c:\windows\system32\drivers\sfi.dat

2013-06-09 02:05 . 2013-06-09 03:26 -------- d-----w- c:\programdata\COMODO

2013-06-09 01:57 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2013-06-09 01:57 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2013-06-09 01:49 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2013-06-09 01:49 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-08 11:02 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll

2013-06-08 11:02 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll

2013-04-13 04:45 . 2013-06-09 03:44 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-06-09 03:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-05-31 3587664]

"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-05-24 3591960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

.

c:\users\Personal account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-6-10 9842040]

.

c:\users\Standard Alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-6-10 9842040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"DisableLocalMachineRun"= 0 (0x0)

"DisableLocalMachineRunOnce"= 0 (0x0)

"DisableCurrentUserRun"= 0 (0x0)

"DisableCurrentUserRunOnce"= 0 (0x0)

"NoFile"= 0 (0x0)

"HideClock"= 0 (0x0)

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2012-10-03 366440]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-05 701512]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 MFE_RR;MFE_RR;c:\users\Backup\AppData\Local\Temp\mfe_rr.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2012-10-03 4463864]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-06-08 1343400]

R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-06-12 106280]

R4 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2013-04-26 580232]

S0 AXTrack;AXTrack;c:\windows\system32\DRIVERS\AXTrack.sys [2013-06-12 48216]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-29 22056]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2012-05-01 37856]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2013-03-29 14432]

S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-10-03 208320]

S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-10-03 44992]

S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-10-03 27648]

S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2013-05-31 2626880]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-05-25 102344]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-05 418376]

S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2012-10-03 216072]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2012-05-01 54072]

S3 AXMount;AXDBus Enumerator;c:\windows\system32\DRIVERS\AXMount.sys [2013-06-12 59552]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-05 22856]

S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2012-10-03 31768]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-10 04:51]

.

2013-06-10 c:\windows\Tasks\Wise Turbo Checker.job

- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2013-06-10 22:06]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-06-07 23:13; mozilla_cc@internetdownloadmanager.com; c:\users\Backup\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2013-06-07 23:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-06-09 18:42; FasterFox_Lite@BigRedBrent; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\FasterFox_Lite@BigRedBrent

FF - ExtSQL: 2013-06-09 20:12; imageblock@hemantvats.com; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\imageblock@hemantvats.com.xpi

FF - ExtSQL: 2013-06-09 20:16; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - ExtSQL: 2013-06-09 20:16; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2013-06-09 20:16; firefox@ghostery.com; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\firefox@ghostery.com

FF - ExtSQL: 2013-06-10 13:54; uriloader@pdf.js; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\uriloader@pdf.js.xpi

FF - ExtSQL: 2013-06-11 16:21; jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi

FF - ExtSQL: 2013-06-11 16:26; ich@maltegoetz.de; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\ich@maltegoetz.de

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-WRSVC - c:\program files\Webroot\WRSA.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3248)

c:\windows\system32\NetworkExplorer.dll

c:\windows\system32\prnfldr.dll

c:\windows\system32\dxp.dll

c:\windows\system32\wwanapi.dll

c:\windows\System32\QAgent.dll

c:\windows\system32\imapi2.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\program files\Internet Download Manager\IEMonitor.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2013-06-12 20:51:19 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-13 08:51

ComboFix2.txt 2013-06-12 22:17

.

Pre-Run: 32,240,349,184 bytes free

Post-Run: 32,209,055,744 bytes free

.

- - End Of File - - 8A6EB5A864048D1BCEC6EEAB966AAE2B

A36C5E4F47E84449FF07ED3517B43A31

[PC is infected -- Need assistance]

Is a some extra-ordinary kind of rootkit/malware preventing ComboFix from creating log? Sorry if silly question.

[PC is infected -- Need assistance]

I'd like you to try running the script in Safe Mode. Let me know how things go.

Nvm my PM. And K I'll boot in safe mode & post the log.