PC is infected -- Need assistance

Jesus777 · June 11, 2013

Hello all,MBAM support team & members. It's a pleasure to be here,I'll appreciate the help of the greatest support team of all the time cleaning my PC. Anyway,I'm in highly doubt that my PC is still infected (previously I had a Zero access trojan -- Which was 'inactive' according to a Emsisoft's form). I had the 'cleanup.dll can't be loaded' error when MBAM found some keyloggers.

My previous topic was locked up,so I uninstalled License Proxy for Emsisoft and created a new topic & a new log -- Though I thought I was kinda doing fair since I couldn't afford Emsisoft at this moment. I didn't say I'm not just testing their product and will never buy EIS pack.

OTL log : (Log is huge cause I have de-upgraded from Windows 8,a week or so ago I re-installed Windows 7 Ultimate SP1)

OTL logfile created on: 6/11/2013 9:59:30 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Backup\Downloads\Programs

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16521)

Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 33.06% Memory free

4.00 Gb Paging File | 2.03 Gb Available in Paging File | 50.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 30.82 Gb Free Space | 63.12% Space Free | Partition Type: NTFS

Drive D: | 83.01 Gb Total Space | 82.67 Gb Free Space | 99.59% Space Free | Partition Type: NTFS

Drive E: | 83.01 Gb Total Space | 81.20 Gb Free Space | 97.83% Space Free | Partition Type: NTFS

Drive F: | 83.24 Gb Total Space | 32.45 Gb Free Space | 38.99% Space Free | Partition Type: NTFS

Computer Name: BACKUP-PC | User Name: Backup | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 19:04:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Backup\Downloads\Programs\OTL.exe

PRC - [2013/06/10 17:46:58 | 000,733,648 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe

PRC - [2013/06/09 16:51:02 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

PRC - [2013/06/08 22:21:22 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2013/05/31 00:08:32 | 003,587,664 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe

PRC - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe

PRC - [2013/05/30 23:36:26 | 002,916,264 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

PRC - [2013/05/11 10:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2013/02/21 16:22:30 | 000,104,304 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 11\SnagPriv.exe

PRC - [2013/02/21 16:22:20 | 008,915,312 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 11\SnagitEditor.exe

PRC - [2013/02/21 16:22:12 | 009,479,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 11\Snagit32.exe

PRC - [2013/02/21 15:53:18 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 11\TscHelp.exe

PRC - [2013/01/19 20:06:34 | 002,218,312 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2013/01/18 02:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2013/01/18 02:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012/12/12 01:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe

PRC - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe

PRC - [2012/10/02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe

PRC - [2012/10/02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe

PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe

PRC - [2011/02/24 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 09:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/10 14:51:50 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll

MOD - [2013/06/10 14:51:49 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\b6d5fa75e3cc493fa9d509124d5962ba\UIAutomationProvider.ni.dll

MOD - [2013/06/10 14:26:16 | 001,627,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7f49f0a938550267d449ed474ee4cf39\PresentationUI.ni.dll

MOD - [2013/06/10 14:26:10 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\dcf2b1a7011858156e5b759de2e5e598\PresentationFramework-SystemXml.ni.dll

MOD - [2013/06/09 22:39:25 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll

MOD - [2013/06/09 22:39:18 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dll

MOD - [2013/06/09 22:39:12 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll

MOD - [2013/06/09 22:39:11 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll

MOD - [2013/06/09 22:39:10 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll

MOD - [2013/06/09 22:39:03 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll

MOD - [2013/06/09 22:38:57 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll

MOD - [2013/06/09 22:38:55 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll

MOD - [2013/06/09 22:38:49 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll

MOD - [2013/06/09 22:38:44 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll

MOD - [2013/06/09 22:38:42 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll

MOD - [2013/06/09 22:38:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e30370cf077f3fb65d80f5b800a06f68\Accessibility.ni.dll

MOD - [2013/06/09 22:38:35 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll

MOD - [2013/06/09 16:51:01 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll

MOD - [2013/05/11 10:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2013/02/21 16:01:26 | 000,095,232 | ---- | M] () -- C:\Program Files\TechSmith\Snagit 11\VideoRecording.dll

MOD - [2013/02/21 16:00:48 | 000,089,088 | ---- | M] () -- C:\Program Files\TechSmith\Snagit 11\SDKRecorder.dll

MOD - [2013/02/21 15:54:00 | 004,710,400 | R--- | M] () -- C:\Program Files\TechSmith\Snagit 11\PDFNetC.dll

========== Services (SafeList) ==========

SRV - [2013/06/11 12:22:41 | 000,106,280 | ---- | M] (SurfRight B.V.) [Disabled | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)

SRV - [2013/06/10 17:46:58 | 000,733,648 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)

SRV - [2013/06/09 16:51:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/06/07 23:02:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2013/05/30 23:36:30 | 002,626,880 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)

SRV - [2013/05/11 10:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Disabled | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)

SRV - [2009/07/13 13:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 13:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 13:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Backup\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)

DRV - [2013/06/11 16:09:46 | 000,059,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AXMount.sys -- (AXMount)

DRV - [2013/06/11 16:09:46 | 000,048,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AXTrack.sys -- (AXTrack)

DRV - [2013/06/10 17:47:00 | 000,116,224 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WRkrn.sys -- (WRkrn)

DRV - [2013/05/25 03:00:14 | 000,102,344 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/03/28 19:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)

DRV - [2013/03/28 19:03:02 | 000,014,432 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)

DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012/10/02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)

DRV - [2012/10/02 15:02:34 | 000,031,768 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)

DRV - [2012/10/02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)

DRV - [2012/10/02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)

DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)

DRV - [2012/04/30 18:45:00 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)

DRV - [2010/11/20 09:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 09:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 09:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 09:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - [2010/11/20 09:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV - [2010/11/20 09:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)

DRV - [2010/11/20 09:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 09:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 09:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2010/11/20 09:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)

DRV - [2010/11/20 09:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 09:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-in

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 3F 80 F4 37 64 CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.47

FF - prefs.js..extensions.enabledAddons: FasterFox_Lite%40BigRedBrent:3.9.9Lite

FF - prefs.js..extensions.enabledAddons: imageblock%40hemantvats.com:2.1

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2

FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.5

FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Backup\AppData\Roaming\IDM\idmmzcc5 [2013/06/07 23:13:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Backup\AppData\Roaming\IDM\idmmzcc5 [2013/06/07 23:13:19 | 000,000,000 | ---D | M]

[2013/06/07 23:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Extensions

[2013/06/11 17:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions

[2013/06/09 20:16:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2013/06/09 18:42:05 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\FasterFox_Lite@BigRedBrent

[2013/06/09 20:16:45 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\firefox@ghostery.com

[2013/06/11 16:26:43 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\ich@maltegoetz.de

[2013/06/09 20:12:54 | 000,018,146 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\imageblock@hemantvats.com.xpi

[2013/06/11 16:21:26 | 000,171,863 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi

[2013/06/10 13:54:34 | 000,581,999 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\uriloader@pdf.js.xpi

[2013/06/09 20:16:34 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013/06/07 23:38:15 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/06/07 23:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2013/06/07 23:27:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/06/07 23:13:19 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\BACKUP\APPDATA\ROAMING\IDM\IDMMZCC5

O1 HOSTS File: ([2009/06/10 09:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll ()

O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll ()

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)

O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)

O4 - HKLM..\Run: [LicenseProxy] "C:\Users\Backup\AppData\Local\Temp\7zO4921.tmp\LicenseProxy.exe" File not found

O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)

O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()

O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll ()

O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll ()

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F44D9B6B-EF60-48C8-BDA0-BF8E2DC78AB0}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA14D618-A0D0-42E5-A5E3-6763088E0C15}: NameServer = 218.248.241.2 218.248.255.212

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/11 16:09:46 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll

[2013/06/11 16:09:46 | 000,059,552 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXMount.sys

[2013/06/11 16:09:46 | 000,048,216 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXTrack.sys

[2013/06/11 16:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\AXTM

[2013/06/11 15:43:31 | 000,292,352 | ---- | C] (MAFIA) -- C:\Users\Backup\Desktop\LicenseProxy.exe

[2013/06/11 12:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2013/06/10 23:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Shadow Defender

[2013/06/10 23:06:37 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\CrashDumps

[2013/06/10 19:00:28 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Greenshot

[2013/06/10 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Greenshot

[2013/06/10 18:15:51 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

[2013/06/10 18:15:30 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\lptmp61532271

[2013/06/10 17:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere

[2013/06/10 17:47:01 | 000,150,160 | ---- | C] (Webroot) -- C:\Windows\System32\WRusr.dll

[2013/06/10 17:47:00 | 000,116,224 | ---- | C] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys

[2013/06/10 17:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot

[2013/06/10 17:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData

[2013/06/10 12:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith

[2013/06/10 12:32:33 | 000,000,000 | ---D | C] -- C:\Users\Backup\Documents\Snagit

[2013/06/10 12:31:33 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\assembly

[2013/06/10 12:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith

[2013/06/10 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\TechSmith

[2013/06/10 12:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith

[2013/06/09 22:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2013/06/09 21:46:24 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\ASCOMP Software

[2013/06/09 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2013/06/09 18:09:32 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Google

[2013/06/09 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Macromedia

[2013/06/09 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Macromedia

[2013/06/09 16:51:02 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/06/09 16:51:02 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/06/09 16:51:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2013/06/09 13:28:30 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Wise Care 365

[2013/06/09 13:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365

[2013/06/09 13:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Wise

[2013/06/09 11:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2013/06/09 00:23:17 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Auslogics

[2013/06/09 00:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics

[2013/06/09 00:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2013/06/08 23:13:14 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Adobe

[2013/06/08 23:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2013/06/08 23:01:04 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2013/06/08 23:01:03 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2013/06/08 23:01:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2013/06/08 22:22:31 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/06/08 22:22:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/06/08 22:22:29 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/06/08 22:22:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/06/08 22:22:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/06/08 22:22:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/06/08 22:22:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/06/08 22:22:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/06/08 22:22:28 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/06/08 22:22:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/06/08 22:22:27 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/06/08 22:22:27 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/06/08 22:22:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/06/08 22:22:26 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/06/08 22:22:26 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/06/08 22:22:26 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/06/08 22:22:26 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/06/08 22:22:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/06/08 22:22:26 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/06/08 22:22:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/06/08 22:22:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/06/08 22:22:26 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/06/08 22:22:26 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/06/08 22:22:25 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/06/08 22:22:25 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/06/08 22:22:24 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/06/08 22:22:24 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/06/08 22:22:24 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/06/08 22:22:24 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/06/08 22:22:24 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/06/08 22:22:24 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/06/08 22:22:24 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/06/08 22:22:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/06/08 22:22:24 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/06/08 22:22:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/06/08 22:22:23 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/06/08 22:21:22 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

[2013/06/08 22:18:13 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2013/06/08 22:18:13 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2013/06/08 22:18:13 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/06/08 22:18:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/06/08 22:18:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/06/08 22:18:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

[2013/06/08 22:18:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/06/08 22:18:12 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll

[2013/06/08 22:18:12 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2013/06/08 22:18:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013/06/08 22:18:12 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013/06/08 22:18:12 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2013/06/08 22:18:12 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013/06/08 22:18:12 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013/06/08 22:18:12 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2013/06/08 22:18:12 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013/06/08 22:18:11 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013/06/08 22:18:11 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013/06/08 22:18:11 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013/06/08 22:18:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2013/06/08 22:18:11 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2013/06/08 22:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2013/06/08 22:06:51 | 002,557,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll

[2013/06/08 22:06:51 | 000,062,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll

[2013/06/08 22:06:50 | 004,133,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2013/06/08 22:06:50 | 003,005,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2013/06/08 22:06:50 | 000,108,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2013/06/08 22:05:29 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2013/06/08 22:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2013/06/08 22:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2013/06/08 19:04:36 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\OnlineArmor

[2013/06/08 19:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor

[2013/06/08 19:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor

[2013/06/08 19:03:09 | 000,031,768 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys

[2013/06/08 19:03:09 | 000,027,648 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys

[2013/06/08 19:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor

[2013/06/08 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

[2013/06/08 18:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware

[2013/06/08 18:06:10 | 000,000,000 | ---D | C] -- C:\Users\Backup\Documents\Anti-Malware

[2013/06/08 18:05:49 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013/06/08 18:05:49 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013/06/08 18:05:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2013/06/08 16:47:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys

[2013/06/08 16:25:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys

[2013/06/08 16:15:35 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll

[2013/06/08 16:14:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

[2013/06/08 16:03:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2013/06/08 15:44:49 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2013/06/08 15:44:49 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll

[2013/06/08 15:44:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll

[2013/06/08 15:44:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2013/06/08 15:30:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/06/08 15:30:41 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe

[2013/06/08 15:30:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2013/06/08 15:30:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2013/06/08 15:30:30 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2013/06/08 15:30:28 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll

[2013/06/08 15:30:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2013/06/08 15:30:21 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll

[2013/06/08 15:21:16 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll

[2013/06/08 15:21:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2013/06/08 15:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions

[2013/06/08 15:20:33 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal

[2013/06/08 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Innovative Solutions

[2013/06/08 15:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions

[2013/06/08 15:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO

[2013/06/08 15:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions

[2013/06/08 15:06:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

[2013/06/08 15:06:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2013/06/08 15:06:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2013/06/08 15:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2013/06/08 15:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2013/06/08 15:06:44 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll

[2013/06/08 15:06:44 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll

[2013/06/08 15:06:44 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll

[2013/06/08 15:06:44 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll

[2013/06/08 15:06:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll

[2013/06/08 15:06:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll

[2013/06/08 15:06:39 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll

[2013/06/08 14:49:08 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2013/06/08 14:48:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2013/06/08 14:47:31 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe

[2013/06/08 14:47:30 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll

[2013/06/08 14:47:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2013/06/08 14:47:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll

[2013/06/08 14:47:24 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll

[2013/06/08 14:47:23 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll

[2013/06/08 14:47:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2013/06/08 14:47:16 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2013/06/08 14:47:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2013/06/08 14:46:27 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2013/06/08 14:37:24 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2013/06/08 14:37:24 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll

[2013/06/08 14:37:24 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs

[2013/06/08 14:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs

[2013/06/08 14:37:24 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs

[2013/06/08 14:37:24 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs

[2013/06/08 14:37:24 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs

[2013/06/08 14:37:24 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs

[2013/06/08 14:37:24 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs

[2013/06/08 14:37:24 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs

[2013/06/08 14:37:24 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs

[2013/06/08 14:37:24 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs

[2013/06/08 14:37:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs

[2013/06/08 14:37:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs

[2013/06/08 14:37:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs

[2013/06/08 14:37:24 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs

[2013/06/08 14:36:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013/06/08 14:36:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll

[2013/06/08 14:36:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2013/06/08 14:36:50 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2013/06/08 14:36:47 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll

[2013/06/08 14:36:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll

[2013/06/08 14:36:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll

[2013/06/08 14:36:47 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll

[2013/06/08 14:36:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll

[2013/06/08 14:36:45 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll

[2013/06/08 14:36:45 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll

[2013/06/08 14:36:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe

[2013/06/08 14:36:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2013/06/08 14:29:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe

[2013/06/08 14:29:43 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

[2013/06/08 14:29:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2013/06/08 14:29:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll

[2013/06/08 14:29:39 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2013/06/08 14:28:56 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2013/06/08 14:28:56 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2013/06/08 14:28:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2013/06/08 14:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO

[2013/06/08 13:57:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll

[2013/06/08 13:57:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll

[2013/06/08 13:49:16 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2013/06/08 13:49:16 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2013/06/08 13:38:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2013/06/08 12:44:53 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys

[2013/06/08 12:44:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll

[2013/06/08 12:44:43 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll

[2013/06/08 12:44:42 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll

[2013/06/08 12:44:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll

[2013/06/08 11:29:37 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll

[2013/06/08 11:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2013/06/08 11:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2013/06/08 10:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

[2013/06/08 10:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/06/08 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Malwarebytes

[2013/06/08 10:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/06/08 10:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/06/08 10:03:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/06/08 10:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/06/08 10:02:52 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Programs

[2013/06/08 09:37:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2013/06/08 09:37:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2013/06/08 09:37:04 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2013/06/08 09:37:04 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2013/06/08 09:37:04 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2013/06/08 09:36:58 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2013/06/08 09:36:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2013/06/08 00:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/06/08 00:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/06/07 23:46:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2013/06/07 23:27:53 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Mozilla

[2013/06/07 23:27:53 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Mozilla

[2013/06/07 23:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2013/06/07 23:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2013/06/07 23:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/06/07 23:21:15 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2013/06/07 23:13:09 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\IDM

[2013/06/07 23:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM

[2013/06/07 23:13:09 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\DMCache

[2013/06/07 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

[2013/06/07 23:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

[2013/06/07 23:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager

[2013/06/07 23:02:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2013/06/07 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Diagnostics

[2013/06/07 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Microsoft Games

[2013/06/07 22:25:02 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013/06/07 22:25:02 | 000,000,000 | R--D | C] -- C:\Users\Backup\Searches

[2013/06/07 22:25:02 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013/06/07 22:25:02 | 000,000,000 | -H-D | C] -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2013/06/07 22:24:53 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Identities

[2013/06/07 22:24:52 | 000,000,000 | R--D | C] -- C:\Users\Backup\Contacts

[2013/06/07 22:24:46 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\VirtualStore

[2013/06/07 22:24:45 | 000,000,000 | --SD | C] -- C:\Users\Backup\AppData\Roaming\Microsoft

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Videos

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Saved Games

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Pictures

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Music

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Links

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Favorites

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Downloads

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Documents

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\Desktop

[2013/06/07 22:24:45 | 000,000,000 | R--D | C] -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\AppData\Local\Temporary Internet Files

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Templates

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Start Menu

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\SendTo

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Recent

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\PrintHood

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\NetHood

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Documents\My Videos

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Documents\My Pictures

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Documents\My Music

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\My Documents

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Local Settings

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\AppData\Local\History

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\Application Data

[2013/06/07 22:24:45 | 000,000,000 | -HSD | C] -- C:\Users\Backup\AppData\Local\Application Data

[2013/06/07 22:24:45 | 000,000,000 | -H-D | C] -- C:\Users\Backup\AppData

[2013/06/07 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Temp

[2013/06/07 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Local\Microsoft

[2013/06/07 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Backup\AppData\Roaming\Media Center Programs

[2013/06/07 22:24:26 | 000,000,000 | -HSD | C] -- C:\Recovery

[2013/06/07 18:07:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2013/06/07 17:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2013/06/07 17:12:27 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2013/06/07 17:10:06 | 000,000,000 | -HSD | C] -- C:\found.000

[2013/06/07 04:28:26 | 000,000,000 | -HSD | C] -- C:\Boot

[2013/05/31 16:10:29 | 000,102,344 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys

[2013/05/20 18:59:09 | 000,000,000 | -H-D | C] -- C:\$AVG

========== Files - Modified Within 30 Days ==========

[2013/06/11 21:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/06/11 20:25:44 | 000,914,410 | ---- | M] () -- C:\Users\Backup\Desktop\11-06-2013 20-25-00.png

[2013/06/11 18:54:49 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk

[2013/06/11 18:43:00 | 000,665,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/06/11 18:43:00 | 000,125,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/06/11 18:36:48 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2013/06/11 18:36:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/11 18:36:08 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/11 18:34:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_AXMount_01009.Wdf

[2013/06/11 17:32:05 | 000,000,044 | ---- | M] () -- C:\Users\Backup\AppData\Roaming\mbam.context.scan

[2013/06/11 16:09:47 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll

[2013/06/11 16:09:46 | 000,059,552 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXMount.sys

[2013/06/11 16:09:46 | 000,048,216 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\AXTrack.sys

[2013/06/11 12:40:54 | 000,007,626 | ---- | M] () -- C:\Users\Backup\AppData\Local\Resmon.ResmonCfg

[2013/06/11 12:22:41 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2013/06/11 12:15:00 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.exe.lnk

[2013/06/10 23:29:33 | 000,004,670 | ---- | M] () -- C:\Users\Backup\Documents\cc_20130610_232926.reg

[2013/06/10 18:15:55 | 009,842,040 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

[2013/06/10 18:15:55 | 000,002,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk

[2013/06/10 18:15:52 | 000,002,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk

[2013/06/10 18:01:08 | 000,378,787 | ---- | M] () -- C:\Users\Backup\Documents\Muahahahaahahahhaahhahaahah - Webroot.WR

[2013/06/10 17:47:01 | 000,150,160 | ---- | M] (Webroot) -- C:\Windows\System32\WRusr.dll

[2013/06/10 17:47:00 | 000,116,224 | ---- | M] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys

[2013/06/10 12:45:02 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Snagit 11 Editor.lnk

[2013/06/10 12:45:02 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Snagit 11.lnk

[2013/06/10 12:39:39 | 005,861,023 | ---- | M] () -- C:\Users\Backup\Documents\10-06-2013 12-36-54.mp4

[2013/06/10 12:30:37 | 000,001,114 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk

[2013/06/09 23:42:42 | 000,001,314 | ---- | M] () -- C:\Users\Backup\Desktop\Auslogics Disk Defrag Professional.lnk

[2013/06/09 23:37:20 | 000,876,162 | ---- | M] () -- C:\Users\Backup\Documents\OASettings130609.OA

[2013/06/09 23:28:35 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/09 23:28:35 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/09 17:12:25 | 000,001,580 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2013/06/09 16:51:02 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/06/09 16:51:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/06/09 14:49:56 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job

[2013/06/09 13:28:12 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk

[2013/06/09 11:42:31 | 000,001,225 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2013/06/09 11:42:31 | 000,001,201 | ---- | M] () -- C:\Users\Backup\Desktop\Auslogics BoostSpeed.lnk

[2013/06/08 22:22:31 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/06/08 22:22:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/06/08 22:22:29 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/06/08 22:22:29 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/06/08 22:22:29 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/06/08 22:22:28 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/06/08 22:22:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/06/08 22:22:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/06/08 22:22:28 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/06/08 22:22:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/06/08 22:22:27 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/06/08 22:22:27 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/06/08 22:22:27 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/06/08 22:22:26 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/06/08 22:22:26 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/06/08 22:22:26 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/06/08 22:22:26 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/06/08 22:22:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/06/08 22:22:26 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/06/08 22:22:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/06/08 22:22:26 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/06/08 22:22:26 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/06/08 22:22:26 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/06/08 22:22:25 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/06/08 22:22:25 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/06/08 22:22:24 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/06/08 22:22:24 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/06/08 22:22:24 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/06/08 22:22:24 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/06/08 22:22:24 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/06/08 22:22:24 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/06/08 22:22:24 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/06/08 22:22:24 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/06/08 22:22:24 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/06/08 22:22:24 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/06/08 22:22:24 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2013/06/08 22:22:23 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/06/08 22:21:22 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

[2013/06/08 22:18:13 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll

[2013/06/08 22:18:13 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2013/06/08 22:18:13 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2013/06/08 22:18:13 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/06/08 22:18:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/06/08 22:18:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/06/08 22:18:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

[2013/06/08 22:18:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/06/08 22:18:13 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/06/08 22:18:12 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2013/06/08 22:18:12 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013/06/08 22:18:12 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013/06/08 22:18:12 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013/06/08 22:18:12 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2013/06/08 22:18:12 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013/06/08 22:18:12 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013/06/08 22:18:12 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2013/06/08 22:18:12 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013/06/08 22:18:11 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013/06/08 22:18:11 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013/06/08 22:18:11 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2013/06/08 22:18:11 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2013/06/08 19:34:52 | 000,362,415 | ---- | M] () -- C:\Users\Backup\Documents\OASettings130608.OA

[2013/06/08 19:32:47 | 000,002,110 | ---- | M] () -- C:\Users\Backup\Documents\cc_20130608_193238.reg

[2013/06/08 19:25:52 | 000,001,895 | ---- | M] () -- C:\Users\Backup\Desktop\Online Armor.lnk

[2013/06/08 18:06:43 | 000,001,077 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk

[2013/06/08 18:06:43 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

[2013/06/08 15:23:21 | 000,003,488 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat

[2013/06/08 15:20:32 | 000,002,385 | ---- | M] () -- C:\Users\Backup\Desktop\Advanced Uninstaller PRO 11.lnk

[2013/06/08 14:28:56 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2013/06/08 14:28:56 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2013/06/08 11:46:00 | 000,000,000 | -H-- | M] () -- C:\Users\Backup\Documents\Default.rdp

[2013/06/08 11:09:19 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' anti-malware.lnk

[2013/06/08 11:03:12 | 000,203,836 | RHS- | M] () -- C:\grldr

[2013/06/08 11:03:12 | 000,000,000 | RHS- | M] () -- C:\winx.ld

[2013/06/08 09:47:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/06/08 00:07:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/06/07 23:27:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/06/07 23:02:30 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll

[2013/06/07 23:02:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll

[2013/06/07 22:25:20 | 000,001,411 | ---- | M] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/06/07 18:07:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2013/06/07 18:07:02 | 000,000,533 | RHS- | M] () -- C:\Boot.ini.saved

[2013/06/07 17:14:42 | 000,116,385 | ---- | M] () -- C:\Windows\System32\license.rtf

[2013/06/07 17:13:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/05/25 03:00:14 | 000,102,344 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys

========== Files Created - No Company Name ==========

[2013/06/11 20:25:00 | 000,914,410 | ---- | C] () -- C:\Users\Backup\Desktop\11-06-2013 20-25-00.png

[2013/06/11 18:34:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_AXMount_01009.Wdf

[2013/06/11 17:32:05 | 000,000,044 | ---- | C] () -- C:\Users\Backup\AppData\Roaming\mbam.context.scan

[2013/06/11 12:15:26 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2013/06/11 12:15:00 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.exe.lnk

[2013/06/10 23:29:30 | 000,004,670 | ---- | C] () -- C:\Users\Backup\Documents\cc_20130610_232926.reg

[2013/06/10 18:15:55 | 000,002,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk

[2013/06/10 18:15:52 | 000,002,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk

[2013/06/10 18:01:08 | 000,378,787 | ---- | C] () -- C:\Users\Backup\Documents\Muahahahaahahahhaahhahaahah - Webroot.WR

[2013/06/10 17:47:03 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk

[2013/06/10 12:36:54 | 005,861,023 | ---- | C] () -- C:\Users\Backup\Documents\10-06-2013 12-36-54.mp4

[2013/06/10 12:30:37 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Snagit 11 Editor.lnk

[2013/06/10 12:30:37 | 000,001,114 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk

[2013/06/10 12:30:36 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Snagit 11.lnk

[2013/06/09 23:42:41 | 000,001,314 | ---- | C] () -- C:\Users\Backup\Desktop\Auslogics Disk Defrag Professional.lnk

[2013/06/09 23:37:15 | 000,876,162 | ---- | C] () -- C:\Users\Backup\Documents\OASettings130609.OA

[2013/06/09 17:02:13 | 000,001,580 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2013/06/09 16:51:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/06/09 13:35:26 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job

[2013/06/09 13:28:12 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk

[2013/06/09 11:42:31 | 000,001,225 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2013/06/09 11:42:31 | 000,001,201 | ---- | C] () -- C:\Users\Backup\Desktop\Auslogics BoostSpeed.lnk

[2013/06/08 22:22:24 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/06/08 19:34:50 | 000,362,415 | ---- | C] () -- C:\Users\Backup\Documents\OASettings130608.OA

[2013/06/08 19:32:45 | 000,002,110 | ---- | C] () -- C:\Users\Backup\Documents\cc_20130608_193238.reg

[2013/06/08 19:25:52 | 000,001,895 | ---- | C] () -- C:\Users\Backup\Desktop\Online Armor.lnk

[2013/06/08 19:03:09 | 000,208,320 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys

[2013/06/08 19:03:09 | 000,044,992 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys

[2013/06/08 18:06:43 | 000,001,077 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk

[2013/06/08 18:06:43 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

[2013/06/08 15:20:32 | 000,002,385 | ---- | C] () -- C:\Users\Backup\Desktop\Advanced Uninstaller PRO 11.lnk

[2013/06/08 15:20:32 | 000,002,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk

[2013/06/08 15:20:30 | 000,042,496 | ---- | C] () -- C:\Windows\System32\AdvUninstCPL.cpl

[2013/06/08 14:06:17 | 000,003,488 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat

[2013/06/08 14:05:35 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2013/06/08 13:45:40 | 000,007,626 | ---- | C] () -- C:\Users\Backup\AppData\Local\Resmon.ResmonCfg

[2013/06/08 12:44:54 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2013/06/08 12:44:42 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2013/06/08 11:46:00 | 000,000,000 | -H-- | C] () -- C:\Users\Backup\Documents\Default.rdp

[2013/06/08 11:03:04 | 000,000,000 | RHS- | C] () -- C:\winx.ld

[2013/06/08 11:03:03 | 000,203,836 | RHS- | C] () -- C:\grldr

[2013/06/08 10:03:04 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' anti-malware.lnk

[2013/06/08 00:07:28 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/06/07 23:46:35 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/06/07 23:27:22 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2013/06/07 23:27:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/06/07 22:25:20 | 000,001,411 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/06/07 22:25:03 | 000,001,417 | ---- | C] () -- C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013/06/07 22:24:45 | 000,000,290 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2013/06/07 22:24:45 | 000,000,272 | ---- | C] () -- C:\Users\Backup\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2013/06/07 18:07:02 | 000,000,389 | -H-- | C] () -- C:\Boot.BAK

[2013/06/07 17:14:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2013/06/07 17:14:24 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2013/06/07 17:13:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/06/07 17:11:41 | 1609,179,136 | -HS- | C] () -- C:\hiberfil.sys

[2013/06/07 04:28:35 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2013/06/07 04:28:29 | 000,383,786 | RHS- | C] () -- C:\bootmgr

========== ZeroAccess Check ==========

[2009/07/13 16:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 16:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 13:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:07BF512B

@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

D-FRED-BROWN · June 11, 2013

Hello Jesus777 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

TDSSKiller's logfile
MBAR mbar-log.txt and system-log.txt
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Jesus777 · June 11, 2013

Hello Jesus777 and welcome to Malwarebytes!
I am D-FRED-BROWN and I will be helping you.
Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.
----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE
Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
----------Step 4----------------
Please download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------
In your next reply, please include the following:
TDSSKiller's logfile
MBAR mbar-log.txt and system-log.txt
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Note:
Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)
-DFB

Hello,thank you for replying -- TDSS killer found nothing (ComboFix did,though),here's the log of TDSS killer :

22:41:16.0191 5940 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

22:41:17.0642 5940 ============================================================

22:41:17.0642 5940 Current date / time: 2013/06/11 22:41:17.0642

22:41:17.0642 5940 SystemInfo:

22:41:17.0642 5940

22:41:17.0642 5940 OS Version: 6.1.7601 ServicePack: 1.0

22:41:17.0642 5940 Product type: Workstation

22:41:17.0642 5940 ComputerName: BACKUP-PC

22:41:17.0642 5940 UserName: Backup

22:41:17.0642 5940 Windows directory: C:\Windows

22:41:17.0642 5940 System windows directory: C:\Windows

22:41:17.0642 5940 Processor architecture: Intel x86

22:41:17.0642 5940 Number of processors: 2

22:41:17.0642 5940 Page size: 0x1000

22:41:17.0642 5940 Boot type: Normal boot

22:41:17.0642 5940 ============================================================

22:41:20.0169 5940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:41:20.0169 5940 ============================================================

22:41:20.0169 5940 \Device\Harddisk0\DR0:

22:41:20.0169 5940 MBR partitions:

22:41:20.0169 5940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927

22:41:20.0185 5940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0xA604115

22:41:20.0200 5940 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x107ABAF9, BlocksNum 0xA604115

22:41:20.0216 5940 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1ADAFC4D, BlocksNum 0xA679BB3

22:41:20.0216 5940 ============================================================

22:41:20.0247 5940 C: <-> \Device\Harddisk0\DR0\Partition1

22:41:20.0278 5940 D: <-> \Device\Harddisk0\DR0\Partition2

22:41:20.0325 5940 E: <-> \Device\Harddisk0\DR0\Partition3

22:41:20.0356 5940 F: <-> \Device\Harddisk0\DR0\Partition4

22:41:20.0356 5940 ============================================================

22:41:20.0356 5940 Initialize success

22:41:20.0356 5940 ============================================================

22:41:42.0945 1320 ============================================================

22:41:42.0945 1320 Scan started

22:41:42.0945 1320 Mode: Manual;

22:41:42.0945 1320 ============================================================

22:41:43.0647 1320 ================ Scan system memory ========================

22:41:43.0647 1320 System memory - ok

22:41:43.0647 1320 ================ Scan services =============================

22:41:43.0756 1320 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

22:41:43.0803 1320 1394ohci - ok

22:41:43.0865 1320 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys

22:41:43.0865 1320 a2acc - ok

22:41:43.0943 1320 [ E773B6AD4182A01986DB8BF0AEE32A15 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe

22:41:43.0990 1320 a2AntiMalware - ok

22:41:44.0021 1320 [ B0CC0B50441372157F31C4C023D43A3E ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys

22:41:44.0021 1320 A2DDA - ok

22:41:44.0037 1320 [ 03BFDFAE9D150D43F4A19B5FBB892591 ] a2injectiondriver C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys

22:41:44.0037 1320 a2injectiondriver - ok

22:41:44.0068 1320 [ 8DEA3FE12A6686573F16A06AD95D7AB9 ] a2util C:\Program Files\Emsisoft Anti-Malware\a2util32.sys

22:41:44.0068 1320 a2util - ok

22:41:44.0084 1320 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys

22:41:44.0146 1320 ACPI - ok

22:41:44.0162 1320 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

22:41:44.0209 1320 AcpiPmi - ok

22:41:44.0287 1320 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

22:41:44.0318 1320 AdobeFlashPlayerUpdateSvc - ok

22:41:44.0333 1320 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

22:41:44.0365 1320 adp94xx - ok

22:41:44.0380 1320 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys

22:41:44.0411 1320 adpahci - ok

22:41:44.0427 1320 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

22:41:44.0458 1320 adpu320 - ok

22:41:44.0474 1320 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:41:44.0474 1320 AeLookupSvc - ok

22:41:44.0505 1320 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys

22:41:44.0536 1320 AFD - ok

22:41:44.0536 1320 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys

22:41:44.0567 1320 agp440 - ok

22:41:44.0583 1320 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

22:41:44.0599 1320 aic78xx - ok

22:41:44.0614 1320 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

22:41:44.0645 1320 ALG - ok

22:41:44.0645 1320 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys

22:41:44.0677 1320 aliide - ok

22:41:44.0692 1320 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys

22:41:44.0708 1320 amdagp - ok

22:41:44.0723 1320 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys

22:41:44.0755 1320 amdide - ok

22:41:44.0755 1320 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

22:41:44.0801 1320 AmdK8 - ok

22:41:44.0833 1320 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

22:41:44.0895 1320 AmdPPM - ok

22:41:44.0911 1320 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:41:44.0942 1320 amdsata - ok

22:41:44.0942 1320 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

22:41:44.0973 1320 amdsbs - ok

22:41:45.0004 1320 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:41:45.0020 1320 amdxata - ok

22:41:45.0035 1320 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys

22:41:45.0082 1320 AppID - ok

22:41:45.0098 1320 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:41:45.0160 1320 AppIDSvc - ok

22:41:45.0176 1320 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll

22:41:45.0223 1320 Appinfo - ok

22:41:45.0238 1320 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

22:41:45.0269 1320 AppMgmt - ok

22:41:45.0285 1320 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys

22:41:45.0316 1320 arc - ok

22:41:45.0332 1320 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys

22:41:45.0347 1320 arcsas - ok

22:41:45.0425 1320 [ 2FE0D5DB69014980A970D3BF9A85D2B1 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

22:41:45.0457 1320 aspnet_state - ok

22:41:45.0472 1320 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:41:45.0503 1320 AsyncMac - ok

22:41:45.0503 1320 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys

22:41:45.0519 1320 atapi - ok

22:41:45.0535 1320 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:41:45.0581 1320 AudioEndpointBuilder - ok

22:41:45.0581 1320 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll

22:41:45.0597 1320 Audiosrv - ok

22:41:45.0613 1320 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:41:45.0628 1320 AxInstSV - ok

22:41:45.0675 1320 [ 873A0F0AEDF246105404D87E719F8EE4 ] AXMount C:\Windows\system32\DRIVERS\AXMount.sys

22:41:45.0706 1320 AXMount - ok

22:41:45.0737 1320 [ 2A7F28FD82F34FF9CAC71E73296DD486 ] AXTrack C:\Windows\system32\DRIVERS\AXTrack.sys

22:41:45.0769 1320 AXTrack - ok

22:41:45.0800 1320 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys

22:41:45.0831 1320 b06bdrv - ok

22:41:45.0847 1320 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

22:41:45.0878 1320 b57nd60x - ok

22:41:45.0909 1320 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

22:41:45.0925 1320 BDESVC - ok

22:41:45.0940 1320 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

22:41:45.0956 1320 Beep - ok

22:41:45.0971 1320 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll

22:41:46.0034 1320 BFE - ok

22:41:46.0065 1320 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll

22:41:46.0159 1320 BITS - ok

22:41:46.0174 1320 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:41:46.0205 1320 blbdrive - ok

22:41:46.0221 1320 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:41:46.0237 1320 bowser - ok

22:41:46.0252 1320 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

22:41:46.0299 1320 BrFiltLo - ok

22:41:46.0299 1320 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

22:41:46.0330 1320 BrFiltUp - ok

22:41:46.0346 1320 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll

22:41:46.0361 1320 Browser - ok

22:41:46.0377 1320 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:41:46.0408 1320 Brserid - ok

22:41:46.0424 1320 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:41:46.0439 1320 BrSerWdm - ok

22:41:46.0455 1320 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:41:46.0471 1320 BrUsbMdm - ok

22:41:46.0486 1320 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:41:46.0502 1320 BrUsbSer - ok

22:41:46.0517 1320 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

22:41:46.0549 1320 BTHMODEM - ok

22:41:46.0564 1320 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

22:41:46.0595 1320 bthserv - ok

22:41:46.0611 1320 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:41:46.0627 1320 cdfs - ok

22:41:46.0642 1320 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

22:41:46.0673 1320 cdrom - ok

22:41:46.0673 1320 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll

22:41:46.0705 1320 CertPropSvc - ok

22:41:46.0720 1320 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys

22:41:46.0751 1320 circlass - ok

22:41:46.0783 1320 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

22:41:46.0814 1320 CLFS - ok

22:41:46.0845 1320 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:41:46.0861 1320 clr_optimization_v2.0.50727_32 - ok

22:41:46.0907 1320 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:41:46.0923 1320 clr_optimization_v4.0.30319_32 - ok

22:41:46.0939 1320 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

22:41:46.0970 1320 CmBatt - ok

22:41:46.0985 1320 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:41:47.0001 1320 cmdide - ok

22:41:47.0032 1320 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys

22:41:47.0095 1320 CNG - ok

22:41:47.0110 1320 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys

22:41:47.0126 1320 Compbatt - ok

22:41:47.0141 1320 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

22:41:47.0157 1320 CompositeBus - ok

22:41:47.0157 1320 COMSysApp - ok

22:41:47.0173 1320 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

22:41:47.0188 1320 crcdisk - ok

22:41:47.0219 1320 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:41:47.0235 1320 CryptSvc - ok

22:41:47.0266 1320 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys

22:41:47.0329 1320 CSC - ok

22:41:47.0360 1320 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll

22:41:47.0407 1320 CscService - ok

22:41:47.0438 1320 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll

22:41:47.0438 1320 DcomLaunch - ok

22:41:47.0469 1320 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

22:41:47.0485 1320 defragsvc - ok

22:41:47.0516 1320 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:41:47.0531 1320 DfsC - ok

22:41:47.0547 1320 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll

22:41:47.0578 1320 Dhcp - ok

22:41:47.0578 1320 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

22:41:47.0609 1320 discache - ok

22:41:47.0609 1320 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys

22:41:47.0641 1320 Disk - ok

22:41:47.0656 1320 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

22:41:47.0687 1320 dmvsc - ok

22:41:47.0703 1320 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:41:47.0734 1320 Dnscache - ok

22:41:47.0750 1320 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll

22:41:47.0797 1320 dot3svc - ok

22:41:47.0812 1320 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll

22:41:47.0812 1320 DPS - ok

22:41:47.0843 1320 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:41:47.0875 1320 drmkaud - ok

22:41:47.0906 1320 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:41:47.0984 1320 DXGKrnl - ok

22:41:47.0999 1320 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

22:41:48.0015 1320 EapHost - ok

22:41:48.0109 1320 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys

22:41:48.0249 1320 ebdrv - ok

22:41:48.0265 1320 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe

22:41:48.0280 1320 EFS - ok

22:41:48.0327 1320 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:41:48.0389 1320 ehRecvr - ok

22:41:48.0405 1320 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

22:41:48.0436 1320 ehSched - ok

22:41:48.0452 1320 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys

22:41:48.0499 1320 elxstor - ok

22:41:48.0514 1320 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys

22:41:48.0530 1320 ErrDev - ok

22:41:48.0577 1320 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

22:41:48.0623 1320 EventSystem - ok

22:41:48.0639 1320 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

22:41:48.0686 1320 exfat - ok

22:41:48.0701 1320 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:41:48.0733 1320 fastfat - ok

22:41:48.0764 1320 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe

22:41:48.0826 1320 Fax - ok

22:41:48.0842 1320 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys

22:41:48.0873 1320 fdc - ok

22:41:48.0904 1320 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

22:41:48.0920 1320 fdPHost - ok

22:41:48.0935 1320 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

22:41:48.0951 1320 FDResPub - ok

22:41:48.0967 1320 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:41:48.0982 1320 FileInfo - ok

22:41:48.0998 1320 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:41:49.0029 1320 Filetrace - ok

22:41:49.0045 1320 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

22:41:49.0060 1320 flpydisk - ok

22:41:49.0091 1320 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:41:49.0107 1320 FltMgr - ok

22:41:49.0154 1320 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll

22:41:49.0216 1320 FontCache - ok

22:41:49.0279 1320 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

22:41:49.0310 1320 FontCache3.0.0.0 - ok

22:41:49.0325 1320 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:41:49.0357 1320 FsDepends - ok

22:41:49.0372 1320 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:41:49.0403 1320 Fs_Rec - ok

22:41:49.0419 1320 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:41:49.0450 1320 fvevol - ok

22:41:49.0466 1320 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

22:41:49.0481 1320 gagp30kx - ok

22:41:49.0513 1320 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll

22:41:49.0559 1320 gpsvc - ok

22:41:49.0575 1320 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:41:49.0606 1320 hcw85cir - ok

22:41:49.0637 1320 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

22:41:49.0669 1320 HdAudAddService - ok

22:41:49.0684 1320 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

22:41:49.0700 1320 HDAudBus - ok

22:41:49.0715 1320 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

22:41:49.0747 1320 HidBatt - ok

22:41:49.0747 1320 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys

22:41:49.0778 1320 HidBth - ok

22:41:49.0778 1320 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys

22:41:49.0809 1320 HidIr - ok

22:41:49.0825 1320 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll

22:41:49.0840 1320 hidserv - ok

22:41:49.0871 1320 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:41:49.0887 1320 HidUsb - ok

22:41:49.0949 1320 [ 56D2021D02DA247C168543DE1E881067 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe

22:41:49.0996 1320 HitmanProScheduler - ok

22:41:50.0027 1320 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:41:50.0074 1320 hkmsvc - ok

22:41:50.0090 1320 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:41:50.0121 1320 HomeGroupListener - ok

22:41:50.0137 1320 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:41:50.0168 1320 HomeGroupProvider - ok

22:41:50.0168 1320 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

22:41:50.0199 1320 HpSAMD - ok

22:41:50.0215 1320 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:41:50.0261 1320 HTTP - ok

22:41:50.0293 1320 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:41:50.0308 1320 hwpolicy - ok

22:41:50.0324 1320 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

22:41:50.0355 1320 i8042prt - ok

22:41:50.0386 1320 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:41:50.0417 1320 iaStorV - ok

22:41:50.0449 1320 [ FCDB2AEC95F2FEBE2DA5A0EF00BC2092 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys

22:41:50.0480 1320 IDMWFP - ok

22:41:50.0511 1320 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:41:50.0589 1320 idsvc - ok

22:41:50.0605 1320 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys

22:41:50.0636 1320 iirsp - ok

22:41:50.0667 1320 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll

22:41:50.0714 1320 IKEEXT - ok

22:41:50.0729 1320 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys

22:41:50.0776 1320 intelide - ok

22:41:50.0792 1320 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:41:50.0807 1320 intelppm - ok

22:41:50.0823 1320 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:41:50.0854 1320 IPBusEnum - ok

22:41:50.0870 1320 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:41:50.0885 1320 IpFilterDriver - ok

22:41:50.0917 1320 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:41:50.0979 1320 iphlpsvc - ok

22:41:50.0995 1320 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

22:41:51.0026 1320 IPMIDRV - ok

22:41:51.0026 1320 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:41:51.0057 1320 IPNAT - ok

22:41:51.0057 1320 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:41:51.0088 1320 IRENUM - ok

22:41:51.0119 1320 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:41:51.0135 1320 isapnp - ok

22:41:51.0166 1320 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

22:41:51.0182 1320 iScsiPrt - ok

22:41:51.0197 1320 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

22:41:51.0229 1320 kbdclass - ok

22:41:51.0229 1320 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

22:41:51.0275 1320 kbdhid - ok

22:41:51.0291 1320 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe

22:41:51.0291 1320 KeyIso - ok

22:41:51.0322 1320 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:41:51.0338 1320 KSecDD - ok

22:41:51.0353 1320 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:41:51.0385 1320 KSecPkg - ok

22:41:51.0416 1320 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

22:41:51.0447 1320 KtmRm - ok

22:41:51.0478 1320 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll

22:41:51.0494 1320 LanmanServer - ok

22:41:51.0525 1320 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:41:51.0572 1320 LanmanWorkstation - ok

22:41:51.0603 1320 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:41:51.0634 1320 lltdio - ok

22:41:51.0665 1320 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:41:51.0697 1320 lltdsvc - ok

22:41:51.0697 1320 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

22:41:51.0728 1320 lmhosts - ok

22:41:51.0743 1320 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

22:41:51.0759 1320 LSI_FC - ok

22:41:51.0775 1320 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

22:41:51.0821 1320 LSI_SAS - ok

22:41:51.0837 1320 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

22:41:51.0868 1320 LSI_SAS2 - ok

22:41:51.0868 1320 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

22:41:51.0915 1320 LSI_SCSI - ok

22:41:51.0931 1320 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

22:41:51.0946 1320 luafv - ok

22:41:51.0977 1320 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

22:41:51.0993 1320 MBAMProtector - ok

22:41:52.0009 1320 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

22:41:52.0055 1320 MBAMScheduler - ok

22:41:52.0071 1320 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

22:41:52.0071 1320 MBAMService - ok

22:41:52.0102 1320 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:41:52.0118 1320 Mcx2Svc - ok

22:41:52.0133 1320 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys

22:41:52.0165 1320 megasas - ok

22:41:52.0180 1320 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

22:41:52.0211 1320 MegaSR - ok

22:41:52.0305 1320 MFE_RR - ok

22:41:52.0321 1320 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

22:41:52.0367 1320 MMCSS - ok

22:41:52.0383 1320 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

22:41:52.0414 1320 Modem - ok

22:41:52.0414 1320 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:41:52.0445 1320 monitor - ok

22:41:52.0461 1320 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:41:52.0492 1320 mouclass - ok

22:41:52.0508 1320 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:41:52.0539 1320 mouhid - ok

22:41:52.0539 1320 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:41:52.0570 1320 mountmgr - ok

22:41:52.0617 1320 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

22:41:52.0633 1320 MozillaMaintenance - ok

22:41:52.0648 1320 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys

22:41:52.0679 1320 mpio - ok

22:41:52.0695 1320 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:41:52.0711 1320 mpsdrv - ok

22:41:52.0742 1320 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll

22:41:52.0789 1320 MpsSvc - ok

22:41:52.0804 1320 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:41:52.0835 1320 MRxDAV - ok

22:41:52.0867 1320 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:41:52.0867 1320 mrxsmb - ok

22:41:52.0882 1320 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:41:52.0913 1320 mrxsmb10 - ok

22:41:52.0929 1320 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:41:52.0945 1320 mrxsmb20 - ok

22:41:52.0960 1320 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys

22:41:52.0991 1320 msahci - ok

22:41:53.0007 1320 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:41:53.0023 1320 msdsm - ok

22:41:53.0054 1320 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

22:41:53.0085 1320 MSDTC - ok

22:41:53.0101 1320 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:41:53.0132 1320 Msfs - ok

22:41:53.0132 1320 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:41:53.0163 1320 mshidkmdf - ok

22:41:53.0179 1320 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:41:53.0194 1320 msisadrv - ok

22:41:53.0225 1320 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:41:53.0257 1320 MSiSCSI - ok

22:41:53.0272 1320 msiserver - ok

22:41:53.0303 1320 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:41:53.0319 1320 MSKSSRV - ok

22:41:53.0335 1320 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:41:53.0350 1320 MSPCLOCK - ok

22:41:53.0366 1320 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:41:53.0381 1320 MSPQM - ok

22:41:53.0413 1320 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:41:53.0428 1320 MsRPC - ok

22:41:53.0475 1320 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

22:41:53.0491 1320 mssmbios - ok

22:41:53.0506 1320 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:41:53.0537 1320 MSTEE - ok

22:41:53.0553 1320 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

22:41:53.0569 1320 MTConfig - ok

22:41:53.0584 1320 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

22:41:53.0600 1320 Mup - ok

22:41:53.0631 1320 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll

22:41:53.0662 1320 napagent - ok

22:41:53.0678 1320 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:41:53.0709 1320 NativeWifiP - ok

22:41:53.0725 1320 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys

22:41:53.0787 1320 NDIS - ok

22:41:53.0787 1320 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:41:53.0818 1320 NdisCap - ok

22:41:53.0834 1320 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:41:53.0849 1320 NdisTapi - ok

22:41:53.0865 1320 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:41:53.0881 1320 Ndisuio - ok

22:41:53.0912 1320 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:41:53.0927 1320 NdisWan - ok

22:41:53.0943 1320 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:41:53.0974 1320 NDProxy - ok

22:41:53.0974 1320 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:41:54.0005 1320 NetBIOS - ok

22:41:54.0021 1320 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:41:54.0037 1320 NetBT - ok

22:41:54.0068 1320 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe

22:41:54.0068 1320 Netlogon - ok

22:41:54.0083 1320 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

22:41:54.0115 1320 Netman - ok

22:41:54.0146 1320 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:41:54.0193 1320 NetMsmqActivator - ok

22:41:54.0208 1320 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:41:54.0208 1320 NetPipeActivator - ok

22:41:54.0224 1320 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

22:41:54.0255 1320 netprofm - ok

22:41:54.0271 1320 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:41:54.0271 1320 NetTcpActivator - ok

22:41:54.0271 1320 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:41:54.0271 1320 NetTcpPortSharing - ok

22:41:54.0286 1320 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

22:41:54.0317 1320 nfrd960 - ok

22:41:54.0349 1320 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll

22:41:54.0380 1320 NlaSvc - ok

22:41:54.0395 1320 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:41:54.0427 1320 Npfs - ok

22:41:54.0442 1320 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

22:41:54.0473 1320 nsi - ok

22:41:54.0489 1320 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:41:54.0520 1320 nsiproxy - ok

22:41:54.0567 1320 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:41:54.0629 1320 Ntfs - ok

22:41:54.0645 1320 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

22:41:54.0676 1320 Null - ok

22:41:54.0832 1320 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:41:55.0129 1320 nvlddmkm - ok

22:41:55.0175 1320 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:41:55.0222 1320 nvraid - ok

22:41:55.0238 1320 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:41:55.0269 1320 nvstor - ok

22:41:55.0316 1320 [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc C:\Windows\system32\nvvsvc.exe

22:41:55.0378 1320 nvsvc - ok

22:41:55.0456 1320 [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

22:41:55.0550 1320 nvUpdatusService - ok

22:41:55.0565 1320 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:41:55.0597 1320 nv_agp - ok

22:41:55.0659 1320 [ 1A008CBB313F7A6644B883AE1829393B ] OAcat C:\Program Files\Online Armor\OAcat.exe

22:41:55.0659 1320 OAcat - ok

22:41:55.0706 1320 [ C0BA927C3A1A62F2BF664F242D91C082 ] OADevice C:\Windows\system32\drivers\OADriver.sys

22:41:55.0706 1320 OADevice - ok

22:41:55.0737 1320 [ C968369E2BC5F6A8426C1E7D78E33F1B ] oahlpXX C:\Windows\system32\drivers\oahlp32.sys

22:41:55.0737 1320 oahlpXX - ok

22:41:55.0768 1320 [ 04E7E92CD91E61E0CC1BDF849032AD81 ] OAmon C:\Windows\system32\drivers\OAmon.sys

22:41:55.0768 1320 OAmon - ok

22:41:55.0799 1320 [ CE879EC1C02AE6434F767CD69B9ACB16 ] OAnet C:\Windows\system32\DRIVERS\oanet.sys

22:41:55.0799 1320 OAnet - ok

22:41:55.0831 1320 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

22:41:55.0846 1320 ohci1394 - ok

22:41:55.0877 1320 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:41:55.0909 1320 p2pimsvc - ok

22:41:55.0940 1320 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

22:41:55.0987 1320 p2psvc - ok

22:41:56.0002 1320 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys

22:41:56.0033 1320 Parport - ok

22:41:56.0049 1320 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:41:56.0065 1320 partmgr - ok

22:41:56.0080 1320 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys

22:41:56.0111 1320 Parvdm - ok

22:41:56.0127 1320 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:41:56.0158 1320 PcaSvc - ok

22:41:56.0174 1320 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys

22:41:56.0189 1320 pci - ok

22:41:56.0205 1320 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys

22:41:56.0236 1320 pciide - ok

22:41:56.0252 1320 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

22:41:56.0283 1320 pcmcia - ok

22:41:56.0299 1320 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

22:41:56.0314 1320 pcw - ok

22:41:56.0345 1320 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:41:56.0408 1320 PEAUTH - ok

22:41:56.0455 1320 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

22:41:56.0517 1320 PeerDistSvc - ok

22:41:56.0579 1320 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll

22:41:56.0689 1320 pla - ok

22:41:56.0720 1320 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:41:56.0751 1320 PlugPlay - ok

22:41:56.0767 1320 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:41:56.0782 1320 PNRPAutoReg - ok

22:41:56.0813 1320 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:41:56.0813 1320 PNRPsvc - ok

22:41:56.0829 1320 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:41:56.0876 1320 PolicyAgent - ok

22:41:56.0907 1320 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll

22:41:56.0938 1320 Power - ok

22:41:56.0969 1320 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:41:56.0985 1320 PptpMiniport - ok

22:41:57.0016 1320 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys

22:41:57.0032 1320 Processor - ok

22:41:57.0063 1320 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll

22:41:57.0094 1320 ProfSvc - ok

22:41:57.0110 1320 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:41:57.0110 1320 ProtectedStorage - ok

22:41:57.0125 1320 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:41:57.0157 1320 Psched - ok

22:41:57.0188 1320 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

22:41:57.0281 1320 ql2300 - ok

22:41:57.0313 1320 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

22:41:57.0328 1320 ql40xx - ok

22:41:57.0391 1320 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

22:41:57.0453 1320 QWAVE - ok

22:41:57.0484 1320 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:41:57.0515 1320 QWAVEdrv - ok

22:41:57.0531 1320 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:41:57.0562 1320 RasAcd - ok

22:41:57.0578 1320 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:41:57.0593 1320 RasAgileVpn - ok

22:41:57.0609 1320 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

22:41:57.0640 1320 RasAuto - ok

22:41:57.0656 1320 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:41:57.0687 1320 Rasl2tp - ok

22:41:57.0734 1320 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll

22:41:57.0781 1320 RasMan - ok

22:41:57.0812 1320 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:41:57.0827 1320 RasPppoe - ok

22:41:57.0843 1320 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:41:57.0874 1320 RasSstp - ok

22:41:57.0905 1320 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:41:57.0937 1320 rdbss - ok

22:41:57.0952 1320 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:41:57.0983 1320 rdpbus - ok

22:41:57.0983 1320 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:41:58.0015 1320 RDPCDD - ok

22:41:58.0046 1320 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

22:41:58.0061 1320 RDPDR - ok

22:41:58.0077 1320 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:41:58.0108 1320 RDPENCDD - ok

22:41:58.0139 1320 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:41:58.0171 1320 RDPREFMP - ok

22:41:58.0217 1320 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

22:41:58.0249 1320 RdpVideoMiniport - ok

22:41:58.0280 1320 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:41:58.0327 1320 RDPWD - ok

22:41:58.0342 1320 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:41:58.0373 1320 rdyboost - ok

22:41:58.0405 1320 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

22:41:58.0420 1320 RemoteAccess - ok

22:41:58.0451 1320 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:41:58.0483 1320 RemoteRegistry - ok

22:41:58.0498 1320 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:41:58.0529 1320 RpcEptMapper - ok

22:41:58.0545 1320 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

22:41:58.0576 1320 RpcLocator - ok

22:41:58.0592 1320 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll

22:41:58.0592 1320 RpcSs - ok

22:41:58.0623 1320 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:41:58.0639 1320 rspndr - ok

22:41:58.0670 1320 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

22:41:58.0685 1320 RTL8167 - ok

22:41:58.0717 1320 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

22:41:58.0732 1320 s3cap - ok

22:41:58.0748 1320 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe

22:41:58.0763 1320 SamSs - ok

22:41:58.0779 1320 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:41:58.0795 1320 sbp2port - ok

22:41:58.0810 1320 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:41:58.0841 1320 SCardSvr - ok

22:41:58.0873 1320 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:41:58.0888 1320 scfilter - ok

22:41:58.0919 1320 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll

22:41:58.0966 1320 Schedule - ok

22:41:58.0982 1320 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:41:58.0982 1320 SCPolicySvc - ok

22:41:59.0013 1320 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:41:59.0029 1320 SDRSVC - ok

22:41:59.0060 1320 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:41:59.0075 1320 secdrv - ok

22:41:59.0091 1320 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

22:41:59.0122 1320 seclogon - ok

22:41:59.0138 1320 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll

22:41:59.0153 1320 SENS - ok

22:41:59.0169 1320 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:41:59.0200 1320 SensrSvc - ok

22:41:59.0216 1320 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys

22:41:59.0231 1320 Serenum - ok

22:41:59.0263 1320 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys

22:41:59.0278 1320 Serial - ok

22:41:59.0294 1320 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys

22:41:59.0325 1320 sermouse - ok

22:41:59.0356 1320 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll

22:41:59.0372 1320 SessionEnv - ok

22:41:59.0403 1320 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

22:41:59.0434 1320 sffdisk - ok

22:41:59.0465 1320 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:41:59.0481 1320 sffp_mmc - ok

22:41:59.0497 1320 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

22:41:59.0512 1320 sffp_sd - ok

22:41:59.0543 1320 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

22:41:59.0559 1320 sfloppy - ok

22:41:59.0606 1320 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:41:59.0621 1320 SharedAccess - ok

22:41:59.0684 1320 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:41:59.0715 1320 ShellHWDetection - ok

22:41:59.0731 1320 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys

22:41:59.0746 1320 sisagp - ok

22:41:59.0777 1320 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

22:41:59.0793 1320 SiSRaid2 - ok

22:41:59.0809 1320 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

22:41:59.0824 1320 SiSRaid4 - ok

22:41:59.0855 1320 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:41:59.0871 1320 Smb - ok

22:41:59.0902 1320 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:41:59.0933 1320 SNMPTRAP - ok

22:41:59.0949 1320 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

22:41:59.0980 1320 spldr - ok

22:41:59.0996 1320 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe

22:42:00.0027 1320 Spooler - ok

22:42:00.0105 1320 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe

22:42:00.0121 1320 sppsvc - ok

22:42:00.0152 1320 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:42:00.0152 1320 sppuinotify - ok

22:42:00.0183 1320 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys

22:42:00.0214 1320 srv - ok

22:42:00.0230 1320 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:42:00.0261 1320 srv2 - ok

22:42:00.0277 1320 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:42:00.0308 1320 srvnet - ok

22:42:00.0323 1320 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:42:00.0355 1320 SSDPSRV - ok

22:42:00.0370 1320 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:42:00.0401 1320 SstpSvc - ok

22:42:00.0448 1320 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

22:42:00.0479 1320 Stereo Service - ok

22:42:00.0511 1320 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys

22:42:00.0542 1320 stexstor - ok

22:42:00.0573 1320 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll

22:42:00.0620 1320 StiSvc - ok

22:42:00.0651 1320 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

22:42:00.0682 1320 storflt - ok

22:42:00.0698 1320 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys

22:42:00.0745 1320 storvsc - ok

22:42:00.0854 1320 [ A54B4FBC24C4EDE34BEB5F8D8974752A ] SvcOnlineArmor C:\Program Files\Online Armor\oasrv.exe

22:42:00.0869 1320 SvcOnlineArmor - ok

22:42:00.0901 1320 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

22:42:00.0916 1320 swenum - ok

22:42:00.0947 1320 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

22:42:00.0979 1320 swprv - ok

22:42:00.0994 1320 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys

22:42:01.0025 1320 Synth3dVsc - ok

22:42:01.0057 1320 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll

22:42:01.0135 1320 SysMain - ok

22:42:01.0150 1320 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:42:01.0181 1320 TabletInputService - ok

22:42:01.0197 1320 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll

22:42:01.0228 1320 TapiSrv - ok

22:42:01.0244 1320 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

22:42:01.0275 1320 TBS - ok

22:42:01.0322 1320 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:42:01.0400 1320 Tcpip - ok

22:42:01.0431 1320 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:42:01.0447 1320 TCPIP6 - ok

22:42:01.0478 1320 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:42:01.0494 1320 tcpipreg - ok

22:42:01.0540 1320 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:42:01.0556 1320 TDPIPE - ok

22:42:01.0587 1320 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:42:01.0603 1320 TDTCP - ok

22:42:01.0618 1320 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:42:01.0650 1320 tdx - ok

22:42:01.0665 1320 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

22:42:01.0696 1320 TermDD - ok

22:42:01.0728 1320 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys

22:42:01.0743 1320 terminpt - ok

22:42:01.0774 1320 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll

22:42:01.0837 1320 TermService - ok

22:42:01.0852 1320 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

22:42:01.0884 1320 Themes - ok

22:42:01.0899 1320 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

22:42:01.0899 1320 THREADORDER - ok

22:42:01.0915 1320 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

22:42:01.0946 1320 TrkWks - ok

22:42:01.0977 1320 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:42:02.0024 1320 TrustedInstaller - ok

22:42:02.0055 1320 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:42:02.0086 1320 tssecsrv - ok

22:42:02.0102 1320 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

22:42:02.0118 1320 TsUsbFlt - ok

22:42:02.0133 1320 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

22:42:02.0164 1320 TsUsbGD - ok

22:42:02.0180 1320 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys

22:42:02.0211 1320 tsusbhub - ok

22:42:02.0227 1320 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:42:02.0242 1320 tunnel - ok

22:42:02.0258 1320 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys

22:42:02.0289 1320 uagp35 - ok

22:42:02.0305 1320 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:42:02.0336 1320 udfs - ok

22:42:02.0383 1320 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:42:02.0398 1320 UI0Detect - ok

22:42:02.0414 1320 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:42:02.0445 1320 uliagpkx - ok

22:42:02.0461 1320 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys

22:42:02.0492 1320 umbus - ok

22:42:02.0508 1320 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys

22:42:02.0539 1320 UmPass - ok

22:42:02.0601 1320 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll

22:42:02.0648 1320 UmRdpService - ok

22:42:02.0679 1320 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

22:42:02.0710 1320 upnphost - ok

22:42:02.0726 1320 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\drivers\usbccgp.sys

22:42:02.0757 1320 usbccgp - ok

22:42:02.0773 1320 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:42:02.0788 1320 usbcir - ok

22:42:02.0820 1320 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:42:02.0835 1320 usbehci - ok

22:42:02.0851 1320 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:42:02.0882 1320 usbhub - ok

22:42:02.0898 1320 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:42:02.0929 1320 usbohci - ok

22:42:02.0944 1320 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys

22:42:02.0960 1320 usbprint - ok

22:42:02.0991 1320 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

22:42:03.0007 1320 USBSTOR - ok

22:42:03.0022 1320 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

22:42:03.0054 1320 usbuhci - ok

22:42:03.0069 1320 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

22:42:03.0100 1320 UxSms - ok

22:42:03.0116 1320 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe

22:42:03.0116 1320 VaultSvc - ok

22:42:03.0147 1320 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

22:42:03.0178 1320 vdrvroot - ok

22:42:03.0194 1320 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe

22:42:03.0241 1320 vds - ok

22:42:03.0272 1320 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:42:03.0288 1320 vga - ok

22:42:03.0303 1320 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

22:42:03.0334 1320 VgaSave - ok

22:42:03.0334 1320 VGPU - ok

22:42:03.0381 1320 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

22:42:03.0397 1320 vhdmp - ok

22:42:03.0412 1320 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys

22:42:03.0444 1320 viaagp - ok

22:42:03.0459 1320 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

22:42:03.0475 1320 ViaC7 - ok

22:42:03.0506 1320 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys

22:42:03.0522 1320 viaide - ok

22:42:03.0537 1320 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys

22:42:03.0568 1320 vmbus - ok

22:42:03.0584 1320 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

22:42:03.0615 1320 VMBusHID - ok

22:42:03.0631 1320 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:42:03.0646 1320 volmgr - ok

22:42:03.0678 1320 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:42:03.0709 1320 volmgrx - ok

22:42:03.0724 1320 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:42:03.0756 1320 volsnap - ok

22:42:03.0771 1320 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

22:42:03.0802 1320 vsmraid - ok

22:42:03.0834 1320 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe

22:42:03.0912 1320 VSS - ok

22:42:03.0927 1320 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

22:42:03.0943 1320 vwifibus - ok

22:42:03.0974 1320 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

22:42:04.0005 1320 W32Time - ok

22:42:04.0036 1320 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

22:42:04.0052 1320 WacomPen - ok

22:42:04.0068 1320 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:42:04.0099 1320 WANARP - ok

22:42:04.0114 1320 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:42:04.0114 1320 Wanarpv6 - ok

22:42:04.0146 1320 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:42:04.0239 1320 WatAdminSvc - ok

22:42:04.0286 1320 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe

22:42:04.0364 1320 wbengine - ok

22:42:04.0380 1320 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:42:04.0426 1320 WbioSrvc - ok

22:42:04.0442 1320 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:42:04.0473 1320 wcncsvc - ok

22:42:04.0489 1320 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:42:04.0520 1320 WcsPlugInService - ok

22:42:04.0536 1320 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys

22:42:04.0567 1320 Wd - ok

22:42:04.0598 1320 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:42:04.0660 1320 Wdf01000 - ok

22:42:04.0676 1320 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:42:04.0707 1320 WdiServiceHost - ok

22:42:04.0707 1320 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:42:04.0707 1320 WdiSystemHost - ok

22:42:04.0738 1320 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll

22:42:04.0770 1320 WebClient - ok

22:42:04.0785 1320 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:42:04.0816 1320 Wecsvc - ok

22:42:04.0832 1320 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:42:04.0848 1320 wercplsupport - ok

22:42:04.0879 1320 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

22:42:04.0894 1320 WerSvc - ok

22:42:04.0910 1320 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:42:04.0926 1320 WfpLwf - ok

22:42:04.0957 1320 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:42:04.0988 1320 WIMMount - ok

22:42:05.0035 1320 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

22:42:05.0097 1320 WinDefend - ok

22:42:05.0128 1320 WinHttpAutoProxySvc - ok

22:42:05.0175 1320 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:42:05.0206 1320 Winmgmt - ok

22:42:05.0238 1320 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll

22:42:05.0316 1320 WinRM - ok

22:42:05.0378 1320 [ A7C993F86BE5AF035DE06DF9160D7008 ] WiseBootAssistant C:\Program Files\Wise\Wise Care 365\BootTime.exe

22:42:05.0456 1320 WiseBootAssistant - ok

22:42:05.0503 1320 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

22:42:05.0550 1320 Wlansvc - ok

22:42:05.0581 1320 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

22:42:05.0612 1320 WmiAcpi - ok

22:42:05.0643 1320 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:42:05.0659 1320 wmiApSrv - ok

22:42:05.0737 1320 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

22:42:05.0752 1320 WMPNetworkSvc - ok

22:42:05.0784 1320 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:42:05.0799 1320 WPCSvc - ok

22:42:05.0830 1320 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:42:05.0846 1320 WPDBusEnum - ok

22:42:05.0893 1320 [ 73457E447430725DCADB92FAC22C28C4 ] WRkrn C:\Windows\system32\drivers\WRkrn.sys

22:42:05.0924 1320 WRkrn - ok

22:42:05.0955 1320 [ 4C3B03B552674D0E43D060E30818A6A0 ] WRSVC C:\Program Files\Webroot\WRSA.exe

22:42:05.0955 1320 WRSVC - ok

22:42:05.0986 1320 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:42:06.0018 1320 ws2ifsl - ok

22:42:06.0033 1320 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll

22:42:06.0049 1320 wscsvc - ok

22:42:06.0064 1320 WSearch - ok

22:42:06.0127 1320 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

22:42:06.0267 1320 wuauserv - ok

22:42:06.0298 1320 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:42:06.0314 1320 WudfPf - ok

22:42:06.0345 1320 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:42:06.0361 1320 WUDFRd - ok

22:42:06.0392 1320 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:42:06.0408 1320 wudfsvc - ok

22:42:06.0439 1320 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll

22:42:06.0470 1320 WwanSvc - ok

22:42:06.0486 1320 ================ Scan global ===============================

22:42:06.0517 1320 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

22:42:06.0564 1320 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

22:42:06.0610 1320 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

22:42:06.0626 1320 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

22:42:06.0673 1320 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

22:42:06.0673 1320 [Global] - ok

22:42:06.0673 1320 ================ Scan MBR ==================================

22:42:06.0704 1320 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

22:42:07.0047 1320 \Device\Harddisk0\DR0 - ok

22:42:07.0047 1320 ================ Scan VBR ==================================

22:42:07.0047 1320 [ 02753AA824428B758DBE4CB4F98372A1 ] \Device\Harddisk0\DR0\Partition1

22:42:07.0047 1320 \Device\Harddisk0\DR0\Partition1 - ok

22:42:07.0063 1320 [ E1D85C4DAEB17865C243B5FBAA54F0DB ] \Device\Harddisk0\DR0\Partition2

22:42:07.0063 1320 \Device\Harddisk0\DR0\Partition2 - ok

22:42:07.0078 1320 [ E5C92561ED42CA2F83613A043A22E5E8 ] \Device\Harddisk0\DR0\Partition3

22:42:07.0078 1320 \Device\Harddisk0\DR0\Partition3 - ok

22:42:07.0094 1320 [ 7C82B8CAFF70725B46CCFAFA7F656B01 ] \Device\Harddisk0\DR0\Partition4

22:42:07.0094 1320 \Device\Harddisk0\DR0\Partition4 - ok

22:42:07.0110 1320 ============================================================

22:42:07.0110 1320 Scan finished

22:42:07.0110 1320 ============================================================

22:42:07.0110 4668 Detected object count: 0

22:42:07.0110 4668 Actual detected object count: 0

22:42:09.0684 3952 Deinitialize success

Here's the MBAR log

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.11.05

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16521

Backup :: BACKUP-PC [administrator]

11-06-2013 23:03:10

mbar-log-2013-06-11 (23-03-10).txt

Scan type: Quick scan

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 292306

Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

Here's the system-log thingy (the part of the MBAR log)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16521

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 2.800000 GHz

Memory total: 2145574912, free: 856076288

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16521

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 2.800000 GHz

Memory total: 2145574912, free: 856494080

Downloaded database version: v2013.06.11.05

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

06/11/2013 23:02:57

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\AXTrack.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\drivers\WRkrn.sys

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\System32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\NDIS.SYS

\SystemRoot\System32\drivers\TDI.SYS

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\??\C:\Windows\system32\drivers\OAmon.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\??\C:\Windows\system32\drivers\OADriver.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys

\??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\Rt86win7.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\oanet.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\AXMount.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\idmwfp.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys

\SystemRoot\System32\cdd.dll

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\gdi32.dll

\Windows\System32\nsi.dll

\Windows\System32\shlwapi.dll

\Windows\System32\ws2_32.dll

\Windows\System32\sechost.dll

\Windows\System32\difxapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\msvcrt.dll

\Windows\System32\iertutil.dll

\Windows\System32\user32.dll

\Windows\System32\usp10.dll

\Windows\System32\oleaut32.dll

\Windows\System32\normaliz.dll

\Windows\System32\kernel32.dll

\Windows\System32\advapi32.dll

\Windows\System32\shell32.dll

\Windows\System32\msctf.dll

\Windows\System32\ole32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\setupapi.dll

\Windows\System32\urlmon.dll

\Windows\System32\imagehlp.dll

\Windows\System32\psapi.dll

\Windows\System32\lpk.dll

\Windows\System32\imm32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\wininet.dll

\Windows\System32\KernelBase.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\comctl32.dll

\Windows\System32\devobj.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\crypt32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff85a29ac8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xffffffff85577030

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff85a29ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff85d2a300, DeviceName: Unknown, DriverName: \Driver\WRkrn\

DevicePointer: 0xffffffff85a297a8, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff85a29ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff855742d8, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff85577030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 34A0C3C7

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 102398247

Partition file system is NTFS

Partition is bootable

Partition 1 type is Extended with CSH (0x5)

Partition is NOT ACTIVE.

Partition starts at LBA: 102398310 Numsec = 522722970

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

ComboFix log :

ComboFix 13-06-08.02 - Backup 11-06-2013 23:16:54.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2046.1065 [GMT -12:00]

Running from: C:\Users\Backup\Desktop\ComboFix.exe

AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

However,I can't download Security Check,IDM says 'can't download due timeout' Beside,my bootup is fast and my screen doesn't go blank (as it was used to)

D-FRED-BROWN · June 11, 2013

I need the entire ComboFix log please.

Jesus777 · June 11, 2013

I'll sleep now lol. I'll post the logs and try to download Security Check later.

Jesus777 · June 11, 2013

I need the entire ComboFix log please.

Nope,it only shows me that.

D-FRED-BROWN · June 11, 2013

Please attach the file C:\ComboFix.txt in your next reply.

Jesus777 · June 11, 2013

Please attach the file C:\ComboFix.txt in your next reply.

I am sorry but it gives me this error "

ComboFix.txt

Upload Skipped (Error IO)"

D-FRED-BROWN · June 11, 2013

Try uploading it to sendspace.com and then posting the download link here for me

Jesus777 · June 11, 2013

Try uploading it to sendspace.com and then posting the download link here for me

here

Jesus777 · June 11, 2013

Is it a bug? I'm pretty sure I saw ComboFix deleting infected folders and files. But in logs I can't see anything beside t

ComboFix 13-06-08.02 - Backup 11-06-2013 23:16:54.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2046.1065 [GMT -12:00]
Running from: C:\Users\Backup\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

D-FRED-BROWN · June 11, 2013

Hmm, that's weird indeed. I've never seen it do that before.

Go ahead and run it again and post the new log it creates.

Jesus777 · June 11, 2013

Hmm, that's weird indeed. I've never seen it do that before.
Go ahead and run it again and post the new log it creates.

I'm sleepy,I'll do it later ;D thx for the assistance.

D-FRED-BROWN · June 11, 2013

Sounds good.

Jesus777 · June 12, 2013

Sounds good.

This time it worked,here's ComboFix log :

ComboFix 13-06-08.02 - Backup 12-06-2013 10:09:35.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2046.1293 [GMT -12:00]

Running from: c:\users\Backup\Desktop\ComboFix.exe

AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

c:\users\Backup\AppData\Local\assembly\tmp

c:\users\Personal account\AppData\Local\assembly\tmp

C:\Zv

c:\zv\OUTBOX2\017ADB9CAA102946DFADF1517A286195.dat.gz

c:\zv\TempOutBox\017ADB9CAA102946DFADF1517A286195.DAT.gz

E:\install.exe

.

((((((((((((((((((((((((( Files Created from 2013-05-12 to 2013-06-12 )))))))))))))))))))))))))))))))

.

2013-06-12 22:15 . 2013-06-12 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-12 11:03 . 2013-06-12 11:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-12 04:09 . 2013-06-12 04:09 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2013-06-12 04:09 . 2013-06-12 04:09 59552 ----a-w- c:\windows\system32\drivers\AXMount.sys

2013-06-12 04:09 . 2013-06-12 04:09 48216 ----a-w- c:\windows\system32\drivers\AXTrack.sys

2013-06-12 04:09 . 2013-06-12 04:09 -------- d-----w- c:\program files\AXTM

2013-06-12 00:14 . 2013-06-12 00:15 -------- d-----w- c:\program files\HitmanPro

2013-06-11 11:10 . 2013-06-12 00:24 -------- d-----w- c:\program files\Shadow Defender

2013-06-11 06:15 . 2013-06-11 06:15 9842040 ----a-w- c:\program files\Common Files\wruninstall.exe

2013-06-11 05:47 . 2013-06-11 05:47 150160 ----a-w- c:\windows\system32\WRusr.dll

2013-06-11 05:47 . 2013-06-11 05:47 116224 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2013-06-11 05:46 . 2013-06-11 05:46 -------- d-----w- c:\program files\Webroot

2013-06-11 05:46 . 2013-06-12 10:42 -------- d-----w- c:\programdata\WRData

2013-06-11 00:40 . 2013-06-11 00:45 -------- d-----w- c:\users\Personal account

2013-06-11 00:30 . 2013-06-11 00:30 -------- d-----w- c:\programdata\TechSmith

2013-06-11 00:30 . 2013-06-11 00:30 -------- d-----w- c:\program files\TechSmith

2013-06-10 10:35 . 2013-06-10 10:35 -------- d-----w- c:\program files\Microsoft.NET

2013-06-10 06:09 . 2013-06-10 07:15 -------- d-----w- c:\program files\Google

2013-06-10 04:51 . 2013-06-10 04:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-10 04:51 . 2013-06-10 04:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-10 04:51 . 2013-06-10 04:51 -------- d-----w- c:\windows\system32\Macromed

2013-06-10 01:27 . 2013-06-10 01:27 -------- d-----w- c:\program files\Wise

2013-06-09 23:45 . 2013-06-09 22:48 -------- d-----w- c:\users\Standard Alien

2013-06-09 22:05 . 2013-06-10 23:36 -------- d-----w- c:\users\Not for alliens

2013-06-09 12:23 . 2013-06-12 00:14 -------- d-----w- c:\program files\Auslogics

2013-06-09 11:01 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll

2013-06-09 11:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-06-09 11:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-06-09 10:21 . 2013-06-09 10:21 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-06-09 10:07 . 2013-06-10 03:24 -------- d-----w- c:\users\UpdatusUser

2013-06-09 10:07 . 2013-06-12 21:47 -------- d-----w- c:\programdata\NVIDIA

2013-06-09 10:06 . 2013-01-18 14:20 639776 ----a-w- c:\windows\system32\nvvsvc.exe

2013-06-09 10:06 . 2013-01-18 14:20 62752 ----a-w- c:\windows\system32\nvshext.dll

2013-06-09 10:06 . 2013-01-18 14:20 2557728 ----a-w- c:\windows\system32\nvsvcr.dll

2013-06-09 10:06 . 2013-01-18 14:21 4133664 ----a-w- c:\windows\system32\nvcpl.dll

2013-06-09 10:06 . 2013-01-18 14:21 3005728 ----a-w- c:\windows\system32\nvsvc.dll

2013-06-09 10:06 . 2013-01-18 14:20 108832 ----a-w- c:\windows\system32\nvmctray.dll

2013-06-09 10:05 . 2013-02-26 12:22 53024 ----a-w- c:\windows\system32\OpenCL.dll

2013-06-09 10:04 . 2013-06-09 10:04 -------- d-----w- c:\programdata\NVIDIA Corporation

2013-06-09 10:04 . 2013-06-09 10:07 -------- d-----w- c:\program files\NVIDIA Corporation

2013-06-09 07:04 . 2013-06-09 07:25 -------- d-----w- c:\programdata\OnlineArmor

2013-06-09 07:03 . 2012-10-03 03:03 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys

2013-06-09 07:03 . 2012-10-03 03:02 31768 ----a-w- c:\windows\system32\drivers\OAnet.sys

2013-06-09 07:03 . 2012-10-03 03:02 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys

2013-06-09 07:03 . 2012-10-03 03:02 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys

2013-06-09 07:03 . 2013-06-12 22:06 -------- d-----w- c:\program files\Online Armor

2013-06-09 06:06 . 2013-06-12 22:04 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2013-06-09 06:05 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-09 06:05 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-09 06:05 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-06-09 06:05 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe

2013-06-09 05:14 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2013-06-09 05:14 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2013-06-09 05:14 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2013-06-09 04:48 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe

2013-06-09 04:48 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-06-09 04:47 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll

2013-06-09 04:47 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-06-09 04:47 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2013-06-09 04:29 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-06-09 04:25 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-06-09 04:24 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll

2013-06-09 04:23 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-06-09 04:15 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2013-06-09 04:14 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe

2013-06-09 04:03 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-06-09 04:03 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-06-09 04:03 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2013-06-09 04:03 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2013-06-09 04:03 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll

2013-06-09 03:52 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-06-09 03:52 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll

2013-06-09 03:52 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-06-09 03:44 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll

2013-06-09 03:44 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll

2013-06-09 03:44 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll

2013-06-09 03:44 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll

2013-06-09 03:44 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll

2013-06-09 03:44 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2013-06-09 03:44 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-06-09 03:44 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2013-06-09 03:21 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-06-09 03:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-06-09 03:21 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-06-09 03:21 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-06-09 03:21 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll

2013-06-09 03:21 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll

2013-06-09 03:21 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-06-09 03:21 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll

2013-06-09 03:21 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll

2013-06-09 03:20 . 2013-06-09 03:20 -------- d-----w- c:\programdata\Innovative Solutions

2013-06-09 03:20 . 2013-06-09 03:20 -------- d-----w- c:\program files\Common Files\Innovative Solutions

2013-06-09 03:20 . 2009-11-06 01:24 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl

2013-06-09 03:20 . 2013-06-09 03:20 -------- d-----w- c:\program files\Innovative Solutions

2013-06-09 03:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2013-06-09 02:49 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-09 02:49 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-06-09 02:48 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2013-06-09 02:47 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2013-06-09 02:47 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll

2013-06-09 02:47 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll

2013-06-09 02:47 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2013-06-09 02:47 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2013-06-09 02:47 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll

2013-06-09 02:47 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll

2013-06-09 02:47 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2013-06-09 02:47 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll

2013-06-09 02:47 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2013-06-09 02:46 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll

2013-06-09 02:46 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe

2013-06-09 02:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2013-06-09 02:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-06-09 02:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2013-06-09 02:29 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2013-06-09 02:29 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-06-09 02:29 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe

2013-06-09 02:29 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll

2013-06-09 02:29 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll

2013-06-09 02:28 . 2013-06-09 02:28 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-06-09 02:28 . 2013-06-09 02:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2013-06-09 02:28 . 2013-06-09 02:28 1060864 ----a-w- c:\windows\system32\mfc71.dll

2013-06-09 02:06 . 2013-06-09 03:23 3488 ----a-w- c:\windows\system32\drivers\sfi.dat

2013-06-09 02:05 . 2013-06-09 03:26 -------- d-----w- c:\programdata\COMODO

2013-06-09 01:57 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2013-06-09 01:57 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-08 11:02 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll

2013-06-08 11:02 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll

2013-06-08 11:02 . 2010-11-20 21:29 811520 ----a-w- c:\windows\system32\user32.dll

2013-04-13 04:45 . 2013-06-09 03:44 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-06-09 03:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2013-06-08 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]

@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"

[HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]

2013-06-11 05:47 150160 ----a-w- c:\windows\System32\WRusr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]

@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"

[HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]

2013-06-11 05:47 150160 ----a-w- c:\windows\System32\WRusr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]

@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"

[HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]

2013-06-11 05:47 150160 ----a-w- c:\windows\System32\WRusr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]

@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"

[HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]

2013-06-11 05:47 150160 ----a-w- c:\windows\System32\WRusr.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-05-31 3587664]

"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-05-24 3591960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2013-05-31 2916264]

"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2012-10-03 2415104]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2013-06-11 733648]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Install Webroot FF RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-6-10 9842040]

Install Webroot IE RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-6-10 9842040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2012-10-03 366440]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-10-03 44992]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-05 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-05 701512]

R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2012-10-03 4463864]

R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2013-06-11 733648]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-05 22856]

R3 MFE_RR;MFE_RR;c:\users\Backup\AppData\Local\Temp\mfe_rr.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-06-08 1343400]

R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-06-12 106280]

R4 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2013-04-26 580232]

S0 AXTrack;AXTrack;c:\windows\system32\DRIVERS\AXTrack.sys [2013-06-12 48216]

S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2013-06-11 116224]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-29 22056]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2012-05-01 37856]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2013-03-29 14432]

S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-10-03 208320]

S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-10-03 27648]

S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2013-05-31 2626880]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-05-25 102344]

S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2012-10-03 216072]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2012-05-01 54072]

S3 AXMount;AXDBus Enumerator;c:\windows\system32\DRIVERS\AXMount.sys [2013-06-12 59552]

S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2012-10-03 31768]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-10 04:51]

.

2013-06-10 c:\windows\Tasks\Wise Turbo Checker.job

- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2013-06-10 22:06]

.

------- Supplementary Scan -------

.

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FA14D618-A0D0-42E5-A5E3-6763088E0C15}: NameServer = 218.248.241.2 218.248.255.212

FF - ProfilePath - c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-06-07 23:13; mozilla_cc@internetdownloadmanager.com; c:\users\Backup\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2013-06-07 23:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-06-09 18:42; FasterFox_Lite@BigRedBrent; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\FasterFox_Lite@BigRedBrent

FF - ExtSQL: 2013-06-09 20:12; imageblock@hemantvats.com; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\imageblock@hemantvats.com.xpi

FF - ExtSQL: 2013-06-09 20:16; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - ExtSQL: 2013-06-09 20:16; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2013-06-09 20:16; firefox@ghostery.com; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\firefox@ghostery.com

FF - ExtSQL: 2013-06-10 13:54; uriloader@pdf.js; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\uriloader@pdf.js.xpi

FF - ExtSQL: 2013-06-11 16:21; jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi

FF - ExtSQL: 2013-06-11 16:26; ich@maltegoetz.de; c:\users\Backup\AppData\Roaming\Mozilla\Firefox\Profiles\5kb9p1xj.default\extensions\ich@maltegoetz.de

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2112)

c:\windows\System32\npmproxy.dll

.

Completion time: 2013-06-12 10:17:41

ComboFix-quarantined-files.txt 2013-06-12 22:17

.

Pre-Run: 33,071,374,336 bytes free

Post-Run: 32,992,227,328 bytes free

.

- - End Of File - - 9337F71DD80A92C6A08AF7DAED0A401F

A36C5E4F47E84449FF07ED3517B43A31

Jesus777 · June 12, 2013

What kinda rootkit/trojan/malware I had anyway?

D-FRED-BROWN · June 12, 2013

What kinda rootkit/trojan/malware I had anyway?

Tough to say. It was likely a variety of things.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll
Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Jesus777 · June 12, 2013

Tough to say. It was likely a variety of things.
Please do the following:
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Yes I think I've some multiple malware in my machine,few days ago,what emsisoft found -> http://postimg.org/image/s41oyut6p/

Jesus777 · June 12, 2013

Tough to say. It was likely a variety of things.
Please do the following:
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Sorry I'm kinda confused -- What you meant by 'same location'? Do you mean that I should save the txt file in the dictionry of CF or save it on Desktop?

Jesus777 · June 12, 2013

nvm I saved the script over desktop & then drag-n-dropped it in ComboFix. I haven't noticed any differene yet though,any further guidance?

Jesus777 · June 12, 2013

For the log,my bad,I did the script thing twice,but it still only shows this "ComboFix 13-06-08.02 - Backup 12-06-2013 14:03:39.4.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2046.1405 [GMT -12:00]

Running from: C:\Users\Backup\Desktop\ComboFix.exe

Command switches used :: C:\Users\Backup\Desktop\CFScript.txt

AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}" (I deleted previous log file,still nothing happened,it re-created this file after I ran ComboFix with that script)

D-FRED-BROWN · June 12, 2013

I'd like you to try running the script in Safe Mode. Let me know how things go.

Jesus777 · June 12, 2013

I'd like you to try running the script in Safe Mode. Let me know how things go.

Nvm my PM. And K I'll boot in safe mode & post the log.

D-FRED-BROWN · June 12, 2013

No worries .

Jesus777 · June 12, 2013

Is a some extra-ordinary kind of rootkit/malware preventing ComboFix from creating log? Sorry if silly question.

PC is infected -- Need assistance

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information