DyHaglar Posted July 3, 2013 ID:698174 Share Posted July 3, 2013 I have over 90% usage and very high temperatures while idle. I really need some help to identify and solve the issue. Link to post Share on other sites More sharing options...
Psychotic Posted July 3, 2013 ID:698177 Share Posted July 3, 2013 Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Download DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txtAttach.txtSave both reports to your desktop. Please download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698199 Share Posted July 3, 2013 I have all of the logs ready. You would like me to paste their contents as a reply, correct? Link to post Share on other sites More sharing options...
Psychotic Posted July 3, 2013 ID:698206 Share Posted July 3, 2013 correct Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698209 Share Posted July 3, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16618 BrowserJavaVersion: 10.21.2Run by Lucas at 3:48:18 on 2013-07-03Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8163.5914 [GMT -5:00].AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeC:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\system32\viakaraokesrv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Media Player\wmpnetwk.exe"C:\Users\Lucas\AppData\Local\Temp\svchost.exe" -o http://p.9d3e622df914d8de7f747b7b8b143c52.com -O r3:r3 -l 1C:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Windows\system32\wuauclt.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dllBHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dllTB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dlluRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentmRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rmRun: [Adobe] C:\Users\Lucas\AppData\Roaming\Adobe\color.vbemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunStartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: HideSCAHealth = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = 208.180.42.68 208.180.42.100TCP: Interfaces\{53057F99-F1D5-4EBF-B2C7-C54D880ED774} : DHCPNameServer = 208.180.42.68 208.180.42.100TCP: Interfaces\{E8C79C70-4888-413D-82D3-95E075744554} : DHCPNameServer = 10.0.0.2 10.0.0.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrunx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-1-22 82560]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-1-22 42624]R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-1-22 22128]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-6-29 9216]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-3 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-3 701512]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-14 144368]R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-1-22 27792]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-22 46136]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-14 169048]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-6 138912]R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-1-22 65152]R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-1-22 88832]R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130604.001\IDSviA64.sys [2013-6-4 513184]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-3 25928]R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-10-30 13368]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-22 565352]R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-14 493656]R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-14 1139800]R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-14 224416]R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-14 433752]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-1-22 2206352]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-14 49152]S3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [2009-8-10 28984]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120].=============== Created Last 30 ================.2013-07-03 06:17:53 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Malwarebytes2013-07-03 06:17:43 -------- d-----w- C:\ProgramData\Malwarebytes2013-07-03 06:17:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-07-03 06:17:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-03 06:00:31 -------- d-----w- C:\Users\Lucas\AppData\Local\AMD2013-07-03 06:00:13 -------- d-----w- C:\Users\Lucas\AppData\Local\ATI2013-07-03 05:59:22 0 ----a-w- C:\Windows\ativpsrm.bin2013-07-03 05:57:38 -------- d-----w- C:\ProgramData\AMD2013-07-03 05:57:37 -------- d-----w- C:\Program Files (x86)\AMD AVT2013-07-03 05:57:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies2013-07-03 05:57:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies2013-07-03 05:56:00 -------- d-----w- C:\Program Files (x86)\ATI Technologies2013-07-03 05:55:58 -------- d-----w- C:\Program Files\ATI2013-07-03 05:55:41 -------- d-----w- C:\Program Files\ATI Technologies2013-07-03 05:54:54 -------- d-----w- C:\AMD2013-07-03 05:52:48 -------- d-----w- C:\Program Files (x86)\MSI Afterburner2013-07-02 07:21:10 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24A780D0-9B76-47B5-8F36-59CDF8B60068}\mpengine.dll2013-07-01 18:04:30 33856 ---ha-w- C:\Windows\System32\hamachi.sys2013-07-01 18:04:24 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi2013-06-29 18:13:56 -------- d-----w- C:\Users\Lucas\AppData\Roaming\LolClient2013-06-29 16:40:40 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Awesomium2013-06-29 16:39:47 -------- d-----w- C:\ProgramData\Hi-Rez Studios2013-06-29 16:39:31 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios2013-06-29 02:05:04 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin2013-06-29 02:05:03 -------- d-----w- C:\Riot Games2013-06-29 02:03:50 -------- d-----w- C:\Users\Lucas\AppData\Local\PMB Files2013-06-29 02:03:49 -------- d-----w- C:\ProgramData\PMB Files2013-06-29 02:03:21 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Riot Games2013-06-29 00:00:08 -------- d-----w- C:\Users\Lucas\AppData\Local\WarThunder2013-06-29 00:00:08 -------- d-----w- C:\ProgramData\WarThunder2013-06-29 00:00:01 -------- d-----w- C:\Program Files (x86)\War Thunder2013-06-24 09:01:35 -------- d-----w- C:\Users\Lucas\AppData\Roaming\TortoiseSVN2013-06-24 08:53:00 -------- d-----w- C:\Users\Lucas\AppData\Local\TSVNCache2013-06-24 08:50:49 -------- d-----w- C:\Program Files\TortoiseSVN2013-06-24 08:50:49 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays2013-06-24 08:50:49 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays2013-06-15 02:13:25 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys2013-06-15 02:13:25 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys2013-06-15 02:13:25 433752 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys2013-06-15 02:13:25 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys2013-06-15 02:13:25 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys2013-06-15 02:13:25 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys2013-06-15 02:13:25 169048 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys2013-06-15 02:13:25 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys2013-06-15 02:13:14 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.0282013-06-14 03:38:47 -------- d-----w- C:\Users\Lucas\AppData\Roaming\.minecraft2013-06-12 05:56:59 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-06-10 17:01:26 -------- d-----w- C:\ProgramData\Package Cache2013-06-05 00:00:21 -------- d-----w- C:\Users\Lucas\AppData\Local\Warframe.==================== Find3M ====================.2013-07-03 05:29:25 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-07-03 05:29:25 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-06-19 21:09:04 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-06-19 02:45:25 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2013-06-05 22:06:33 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-04-16 14:37:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe2013-04-16 14:37:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe2013-04-16 14:37:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe2013-04-16 14:37:12 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe2013-04-14 23:04:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-14 23:04:38 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-04-04 10:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll.============= FINISH: 3:48:48.67 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 1/28/2013 6:17:23 PMSystem Uptime: 7/3/2013 3:37:57 AM (0 hours ago).Motherboard: AMD Corporation | | 970A-D3Processor: AMD FX-4100 Quad-Core Processor | CPU 1 | 3600/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 931 GiB total, 288.342 GiB free.D: is CDROM (CDFS)E: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP148: 7/2/2013 9:21:17 PM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727RP149: 7/2/2013 9:21:38 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727RP150: 7/3/2013 3:00:51 AM - Removed Battlefield 2.==== Installed Programs ======================.Ace of SpadesAdobe Flash Player 11 PluginAlien SwarmAMD Accelerated Video TranscodingAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD FuelAMD Media Foundation DecodersAMD VISION Engine Control CenterApplication ProfilesArma 2Arma 2: Operation ArrowheadArma 2: Operation Arrowhead - Dedicated ServerAssassin's Creed IIBattlefield 1942™BattlEye for OA UninstallBioShockBlacklight: RetributionCall of Duty: World at WarCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCave Story+ccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerChivalry: Medieval WarfareCompany of HeroesCompany of Heroes (New Steam Version)Company of Heroes 2Company of Heroes: Tales of ValorCounter-Strike: Global OffensiveCounter-Strike: SourceCry of FearDarksidersDay of Defeat: SourceDayZ CommanderDead IslandDead PixelsDead Space™ 2Dedicated ServerDolby Axon - 1.5.0.1Dota 2Dungeon DefendersEastern FrontEmpire: Total WarEtron USB3.0 Host ControllerFar CryFar Cry 2Far Cry 3Garry's ModGoogle ChromeGoogle Update HelperHalf-LifeHalf-Life 2Half-Life 2: DeathmatchHalf-Life 2: Episode OneHalf-Life 2: Episode TwoHalf-Life Dedicated Server Update ToolHearts of Iron IIIHeroes & GeneralsHi-Rez Studios Authenticate and Update ServiceHitman: Blood MoneyInsurgency: Modern Infantry CombatJava 7 Update 21Java Auto UpdaterJunk Mail filter updateKilling FloorLeague of LegendsLegend of GrimrockLogMeIn HamachiMagickaMaking History: The Calm & The StormMalwarebytes Anti-Malware version 1.75.0.1300Medieval II Total WarMedieval II Total War : Kingdoms : AmericasMedieval II Total War : Kingdoms : BritanniaMedieval II Total War : Kingdoms : CrusadesMedieval II Total War : Kingdoms : TeutonicMen of War: Assault SquadMetro 2033Microsoft .NET Framework 1.1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)Microsoft Choice GuardMicrosoft Office 2010Microsoft Search Enhancement PackMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft Xbox 360 Accessories 1.2Microsoft XNA Framework Redistributable 4.0Mortal OnlineMount & Blade: WarbandMount & Blade: With Fire and SwordMSI Afterburner 2.2.5MSVCRTNorton Internet SecurityNVIDIA PhysXOblivion mod manager 1.1.12ON_OFF Charge B12.0308.1OpenOffice.org 3.4.1Operation Flashpoint: Dragon RisingOperation Flashpoint: Dragon Rising Mission EditorOriginPando Media BoosterPath of ExilePAYDAY: The HeistPlanetSide 2PlatformPlay withSIXPortalPortal 2PunkBuster ServicesQuake Live Mozilla PluginQualcomm Atheros Client Installation ProgramRealm of the Mad GodRealtek Ethernet Controller DriverRed Orchestra 2: Heroes of StalingradRed Orchestra 2: Heroes of Stalingrad - Single PlayerS.T.A.L.K.E.R.: Call of PripyatSaints Row: The ThirdSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Sid Meier's Civilization 4Sid Meier's Civilization 4 - Beyond the SwordSid Meier's Civilization 4 - WarlordsSid Meier's Civilization VSkype™ 6.3Sleeping Dogs™SmiteSniper Elite V2Source Multiplayer Dedicated ServerSource SDK Base 2007Star Wars: Knights of the Old RepublicSteamStrongholdStronghold 2Stronghold 3Stronghold Crusader + ExtremeStronghold KingdomsStronghold LegendsSuper Meat BoySystem Requirements Lab CYRITeam Fortress 2TeamSpeak 3 ClientTerrariaThe Basement CollectionThe Binding of IsaacThe Elder Scrolls III: MorrowindThe Elder Scrolls IV: Oblivion The Ultimate DOOMThe War ZTitan QuestTom Clancy's Rainbow Six: Vegas 2TortoiseSVN 1.8.0.24401 (64 bit)UE3RedistUnity Web PlayerUnofficial Oblivion Patch v3.4.3Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)UplayVentrilo Client for Windows x64VIA Platform Device ManagerWar Thunder Launcher 1.0.1.246WarframeWarhammer 40,000 Space MarineWindows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live ToolbarWindows Live Upload ToolWindows Live WriterWings of PreyWinRAR 4.20 (32-bit)World of TanksWorld of WarcraftWrye Bash.==== Event Viewer Messages From Past Week ========.7/3/2013 3:39:07 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.7/3/2013 12:47:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.7/3/2013 12:47:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}7/3/2013 12:47:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}7/3/2013 12:47:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}7/3/2013 12:47:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}7/3/2013 12:45:29 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.7/3/2013 12:45:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache spldr Wanarpv67/2/2013 10:44:52 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.7/1/2013 1:04:31 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.7/1/2013 1:04:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.7/1/2013 1:04:31 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-07-03 03:54:52Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST31000524AS rev.JC4B 931.51GBRunning: mnhgpcu9.exe; Driver: C:\Users\Lucas\AppData\Local\Temp\kwtdykow.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543e43867 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543e43867 (not active ControlSet) ---- EOF - GMER 2.1 ---- Link to post Share on other sites More sharing options...
Psychotic Posted July 3, 2013 ID:698215 Share Posted July 3, 2013 You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.The logs can be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Zip any and all of these logs and attach the file to your next reply. Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698219 Share Posted July 3, 2013 Here is the zipmbam-log-2013-07-03 (01-18-42).zip Link to post Share on other sites More sharing options...
Psychotic Posted July 3, 2013 ID:698247 Share Posted July 3, 2013 CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work. Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply. Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698250 Share Posted July 3, 2013 I am unable to end the process ccsvchst.exe, a Symantec process I believe is associated with Norton. Is it ok to run CF? Link to post Share on other sites More sharing options...
Psychotic Posted July 3, 2013 ID:698257 Share Posted July 3, 2013 If your Antivirus Program is disabled, proceed. Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698265 Share Posted July 3, 2013 ComboFix 13-07-02.03 - Lucas 07/03/2013 7:30.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8163.5771 [GMT -5:00]Running from: c:\users\Lucas\Downloads\ComboFix.exeAV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\Install.exe..((((((((((((((((((((((((( Files Created from 2013-06-03 to 2013-07-03 )))))))))))))))))))))))))))))))..2013-07-03 06:17 . 2013-07-03 06:17 -------- d-----w- c:\users\Lucas\AppData\Roaming\Malwarebytes2013-07-03 06:17 . 2013-07-03 06:17 -------- d-----w- c:\programdata\Malwarebytes2013-07-03 06:17 . 2013-07-03 06:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-07-03 06:17 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\users\Lucas\AppData\Local\AMD2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\users\Lucas\AppData\Roaming\ATI2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\users\Lucas\AppData\Local\ATI2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\programdata\ATI2013-07-03 05:59 . 2013-07-03 05:59 0 ----a-w- c:\windows\ativpsrm.bin2013-07-03 05:57 . 2013-07-03 05:59 -------- d-----w- c:\programdata\AMD2013-07-03 05:57 . 2013-07-03 05:57 -------- d-----w- c:\program files (x86)\AMD AVT2013-07-03 05:57 . 2013-07-03 05:57 -------- d-----w- c:\program files\Common Files\ATI Technologies2013-07-03 05:57 . 2013-07-03 05:57 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies2013-07-03 05:56 . 2013-07-03 05:56 -------- d-----w- c:\program files (x86)\ATI Technologies2013-07-03 05:55 . 2013-07-03 05:55 -------- d-----w- c:\program files\ATI2013-07-03 05:55 . 2013-07-03 05:57 -------- d-----w- c:\program files\ATI Technologies2013-07-03 05:54 . 2013-07-03 05:54 -------- d-----w- C:\AMD2013-07-03 05:52 . 2013-07-03 09:12 -------- d-----w- c:\program files (x86)\MSI Afterburner2013-07-02 07:21 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24A780D0-9B76-47B5-8F36-59CDF8B60068}\mpengine.dll2013-07-01 18:04 . 2009-03-18 23:35 33856 ---ha-w- c:\windows\system32\hamachi.sys2013-07-01 18:04 . 2013-07-03 12:40 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi2013-06-29 18:13 . 2013-06-29 18:13 -------- d-----w- c:\users\Lucas\AppData\Roaming\LolClient2013-06-29 16:40 . 2013-06-29 16:40 -------- d-----w- c:\users\Lucas\AppData\Roaming\Awesomium2013-06-29 16:39 . 2013-06-29 16:39 -------- d-----w- c:\programdata\Hi-Rez Studios2013-06-29 16:39 . 2013-06-29 16:39 -------- d-----w- c:\program files (x86)\Hi-Rez Studios2013-06-29 02:05 . 2013-06-29 02:05 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin2013-06-29 02:05 . 2013-06-29 02:05 -------- d-----w- C:\Riot Games2013-06-29 02:03 . 2013-07-03 05:27 -------- d-----w- c:\users\Lucas\AppData\Local\PMB Files2013-06-29 02:03 . 2013-07-03 05:27 -------- d-----w- c:\programdata\PMB Files2013-06-29 02:03 . 2013-06-29 02:03 -------- d-----w- c:\users\Lucas\AppData\Roaming\Riot Games2013-06-29 00:00 . 2013-06-29 00:00 -------- d-----w- c:\users\Lucas\AppData\Local\WarThunder2013-06-29 00:00 . 2013-06-29 00:00 -------- d-----w- c:\programdata\WarThunder2013-06-29 00:00 . 2013-06-29 01:45 -------- d-----w- c:\program files (x86)\War Thunder2013-06-24 09:01 . 2013-06-24 09:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\TortoiseSVN2013-06-24 08:53 . 2013-07-03 12:38 -------- d-----w- c:\users\Lucas\AppData\Local\TSVNCache2013-06-24 08:50 . 2013-06-24 08:50 -------- d-----w- c:\program files\TortoiseSVN2013-06-24 08:50 . 2013-06-24 08:50 -------- d-----w- c:\program files\Common Files\TortoiseOverlays2013-06-24 08:50 . 2013-06-24 08:50 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays2013-06-14 03:38 . 2013-06-18 02:12 -------- d-----w- c:\users\Lucas\AppData\Roaming\.minecraft2013-06-12 05:56 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2013-06-10 17:01 . 2013-06-10 17:01 -------- d-----w- c:\programdata\Package Cache2013-06-05 00:00 . 2013-06-19 03:24 -------- d-----w- c:\users\Lucas\AppData\Local\Warframe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-03 05:29 . 2013-01-29 02:20 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2013-07-03 05:29 . 2013-01-29 02:18 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2013-06-19 21:09 . 2013-01-29 02:18 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02013-06-05 22:06 . 2013-01-29 02:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2013-05-02 07:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-16 14:37 . 2013-04-16 14:37 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe2013-04-16 14:37 . 2013-04-16 14:37 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe2013-04-16 14:37 . 2013-04-16 14:37 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe2013-04-16 14:37 . 2013-04-16 14:37 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe2013-04-14 23:04 . 2013-02-05 21:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-14 23:04 . 2013-02-05 21:17 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-04-13 05:49 . 2013-05-14 22:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-14 22:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-14 22:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-14 22:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-14 22:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-14 22:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 14:45 . 2013-04-24 21:07 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 06:01 . 2013-05-14 22:17 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 06:01 . 2013-05-14 22:17 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 03:30 . 2013-05-14 22:17 3153920 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]@="{C5994560-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]@="{C5994561-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]@="{C5994562-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]@="{C5994563-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]@="{C5994564-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]@="{C5994565-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]@="{C5994566-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]@="{C5994567-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]@="{C5994568-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]"Adobe"="c:\users\Lucas\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184].c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys;c:\windows\SYSNATIVE\Drivers\UsbFltr.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-06-19 02:44 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23 00:48].2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23 00:48]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]@="{C5994560-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]@="{C5994561-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]@="{C5994562-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]@="{C5994563-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]@="{C5994564-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]@="{C5994565-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]@="{C5994566-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]@="{C5994567-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]@="{C5994568-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.com.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\SysWOW64\PnkBstrA.exec:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe.**************************************************************************.Completion time: 2013-07-03 07:44:17 - machine was rebootedComboFix-quarantined-files.txt 2013-07-03 12:44.Pre-Run: 309,379,821,568 bytes freePost-Run: 309,363,781,632 bytes free.- - End Of File - - A45FD617538110A7C6C4578D8246517FA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698268 Share Posted July 3, 2013 I restarted my computer once more after ComboFix rebooted due to an error stating I was opening applications on an "illegal registry key." Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698276 Share Posted July 3, 2013 Alright, I'll be gone for 2-3 hours, feel free to leave the next set of instructions and I will follow as soon as possible. Link to post Share on other sites More sharing options...
Psychotic Posted July 3, 2013 ID:698280 Share Posted July 3, 2013 Please go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698330 Share Posted July 3, 2013 The scan hung halfway through, I'm restarting it. Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698388 Share Posted July 3, 2013 Question; Is it alright if I play games while the scan is in progress? Link to post Share on other sites More sharing options...
DyHaglar Posted July 3, 2013 Author ID:698418 Share Posted July 3, 2013 C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81X1MYVW\svchost[1].exe a variant of Win32/BitCoinMiner.N applicationC:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVNVRM3W\svchost[1].exe a variant of Win32/BitCoinMiner.N applicationC:\Users\Lucas\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.N applicationC:\Users\Lucas\AppData\Roaming\Adobe\color.vbe VBS/Agent.NGJ trojanOperating memory a variant of Win32/BitCoinMiner.N application Link to post Share on other sites More sharing options...
Psychotic Posted July 4, 2013 ID:698676 Share Posted July 4, 2013 Download and run OTLDownload OTL by OldTimer and save it to your desktop. Double click on the OTL.exe icon on your desktop. If you are using Vista, please right-click and select run as administrator Click the "Scan All Users" checkbox.Note: If you are using a Windows 64bit machine, please make sure the checkbox next to Include 64Bit Scans is checked. It will be checked by default. Push the button. It will now begin to scan, please be paitent while it scans. Two reports will open once it's done. Please copy and paste them in your next reply:OTL.txt <-- Will be opened Extras.txt <-- Will be minimized Link to post Share on other sites More sharing options...
DyHaglar Posted July 4, 2013 Author ID:698731 Share Posted July 4, 2013 The logs cannot be pasted. Should I attach them? Link to post Share on other sites More sharing options...
Psychotic Posted July 4, 2013 ID:698733 Share Posted July 4, 2013 yes, please attach them. Link to post Share on other sites More sharing options...
DyHaglar Posted July 4, 2013 Author ID:698735 Share Posted July 4, 2013 Here is a .zip containing both logs.Logs.zip Link to post Share on other sites More sharing options...
Psychotic Posted July 4, 2013 ID:698758 Share Posted July 4, 2013 Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :OTLO4 - HKLM..\Run: [Adobe] C:\Users\Lucas\AppData\Roaming\Adobe\color.vbe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0:COMMANDS[emptytemp]Return to OTL, right click in the "Custom Scans/Fixes" section and choose Paste.Click the red Run Fix button.OTL may ask to reboot the machine. Please do so.If OTL did not reboot the machine, click OK and the log will open. Post the contents of the log in your next reply.If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.Also post a new OTL log. Link to post Share on other sites More sharing options...
DyHaglar Posted July 4, 2013 Author ID:698759 Share Posted July 4, 2013 All processes killed========== OTL ==========Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe deleted successfully.C:\Users\Lucas\AppData\Roaming\Adobe\color.vbe moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.Registry key HKEY_USERS\S-1-5-21-3221062888-723041811-78501554-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.Registry value HKEY_USERS\S-1-5-21-3221062888-723041811-78501554-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Lucas->Temp folder emptied: 125751502 bytes->Temporary Internet Files folder emptied: 6272452 bytes->Java cache emptied: 319307 bytes->Google Chrome cache emptied: 350097880 bytes->Flash cache emptied: 618 bytes User: Public->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 356352 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 28124 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310864 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 501.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07042013_091914 Files\Folders moved on Reboot...C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... __________________________________________________________________________________________________________________________________________ Now you want the OTL scan log, correct? If so, should I post the Extra log as well? Link to post Share on other sites More sharing options...
Psychotic Posted July 4, 2013 ID:698763 Share Posted July 4, 2013 No, just otl.txt Link to post Share on other sites More sharing options...
DyHaglar Posted July 4, 2013 Author ID:698766 Share Posted July 4, 2013 OTL logfile created on: 7/4/2013 9:36:24 AM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lucas\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16618)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.97 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 76.56% Memory free15.94 Gb Paging File | 13.64 Gb Available in Paging File | 85.56% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 931.41 Gb Total Space | 289.75 Gb Free Space | 31.11% Space Free | Partition Type: NTFSDrive D: | 2.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: LUCASESRIG | User Name: Lucas | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/04 05:37:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exePRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exePRC - [2013/06/14 20:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/06/05 17:06:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exePRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin ========== Modules (No Company Name) ========== MOD - [2013/06/17 19:35:06 | 000,065,264 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dllMOD - [2013/06/17 19:34:52 | 000,070,896 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dllMOD - [2013/06/14 20:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dllMOD - [2013/06/14 20:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dllMOD - [2013/06/14 20:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dllMOD - [2013/06/14 20:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dllMOD - [2013/06/14 20:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dllMOD - [2013/06/14 20:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dllMOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)SRV:64bit: - [2013/03/28 20:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2012/08/03 00:27:50 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)SRV:64bit: - [2010/04/06 19:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)SRV - [2013/06/18 10:42:28 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)SRV - [2013/06/12 16:13:14 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)SRV - [2013/06/06 17:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/06/05 17:06:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/03/28 21:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)DRV:64bit: - [2013/03/28 21:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2013/03/28 20:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2013/02/14 06:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)DRV:64bit: - [2012/08/07 02:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)DRV:64bit: - [2012/08/07 02:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)DRV:64bit: - [2012/08/03 00:27:44 | 002,206,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)DRV:64bit: - [2012/07/24 11:03:48 | 003,718,144 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2012/04/10 20:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)DRV:64bit: - [2012/04/10 20:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)DRV:64bit: - [2012/03/08 12:53:14 | 000,022,128 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/08/23 08:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)DRV - [2009/08/10 11:08:04 | 000,028,984 | R--- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- D:\CDriver64.sys -- (MSICDSetup)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3221062888-723041811-78501554-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.comIE - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}IE - HKU\S-1-5-21-3221062888-723041811-78501554-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@live.heroesandgenerals.com/npretox: C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.annaisd.org/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dllCHR - plugin: Norton Confidential (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Adblock Plus = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_1\CHR - Extension: Google Search = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Realm of the Mad God = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\CHR - Extension: Realm of the Mad God = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~CHR - Extension: Don't Starve = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\CHR - Extension: Reddit Enhancement Suite = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0\CHR - Extension: Dolan Duck Theme = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\koaeffkbbmgkgedccaiaaecjlnpnnofi\1_0\CHR - Extension: Contract Killer = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\meklndaflopgghbomkdpofehonfclipi\1.1.3_0\CHR - Extension: Gmail = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/07/03 07:40:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKU\S-1-5-21-3221062888-723041811-78501554-1001..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()O13 - gopher Prefix: missingO15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )O15 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..Trusted Domains: soe.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..Trusted Domains: sony.com ([]* in Trusted sites)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53057F99-F1D5-4EBF-B2C7-C54D880ED774}: DhcpNameServer = 208.180.42.68 208.180.42.100O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8C79C70-4888-413D-82D3-95E075744554}: DhcpNameServer = 10.0.0.2 10.0.0.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010/09/01 03:11:42 | 000,000,049 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/04 09:19:14 | 000,000,000 | ---D | C] -- C:\_OTL[2013/07/04 05:37:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe[2013/07/03 08:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET[2013/07/03 07:44:19 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013/07/03 07:40:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN[2013/07/03 07:28:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013/07/03 07:28:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013/07/03 07:28:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013/07/03 07:25:15 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/07/03 07:24:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/07/03 04:21:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump[2013/07/03 03:45:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Lucas\Desktop\dds.com[2013/07/03 01:17:53 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Malwarebytes[2013/07/03 01:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/07/03 01:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/07/03 01:17:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/07/03 01:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/07/03 01:00:31 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\AMD[2013/07/03 01:00:13 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ATI[2013/07/03 01:00:13 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\ATI[2013/07/03 01:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI[2013/07/03 00:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD[2013/07/03 00:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT[2013/07/03 00:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies[2013/07/03 00:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies[2013/07/03 00:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center[2013/07/03 00:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies[2013/07/03 00:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI[2013/07/03 00:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies[2013/07/03 00:54:54 | 000,000,000 | ---D | C] -- C:\AMD[2013/07/03 00:53:00 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner[2013/07/03 00:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner[2013/07/01 13:04:30 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys[2013/07/01 13:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi[2013/07/01 13:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi[2013/07/01 13:04:16 | 000,000,000 | ---D | C] -- C:\Config.Msi[2013/06/29 13:13:56 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\LolClient[2013/06/29 11:40:40 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Awesomium[2013/06/29 11:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios[2013/06/29 11:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios[2013/06/29 11:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios[2013/06/28 21:05:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin[2013/06/28 21:05:03 | 000,000,000 | ---D | C] -- C:\Riot Games[2013/06/28 21:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends[2013/06/28 21:03:50 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\PMB Files[2013/06/28 21:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files[2013/06/28 21:03:21 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Riot Games[2013/06/28 19:00:08 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\WarThunder[2013/06/28 19:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder[2013/06/28 19:00:02 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder[2013/06/28 19:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\War Thunder[2013/06/25 03:02:35 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2013/06/25 03:02:35 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat[2013/06/25 03:02:35 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe[2013/06/25 03:02:35 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll[2013/06/25 03:02:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/06/25 03:02:35 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll[2013/06/25 03:02:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/06/25 03:02:35 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec[2013/06/25 03:02:35 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2013/06/25 03:02:35 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll[2013/06/25 03:02:35 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll[2013/06/25 03:02:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll[2013/06/25 03:02:35 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll[2013/06/25 03:02:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll[2013/06/25 03:02:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe[2013/06/25 03:02:35 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe[2013/06/25 03:02:35 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2013/06/25 03:02:35 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll[2013/06/25 03:02:35 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll[2013/06/25 03:02:35 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll[2013/06/25 03:02:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/06/25 03:02:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/06/25 03:02:35 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll[2013/06/25 03:02:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2013/06/25 03:02:35 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe[2013/06/25 03:02:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/06/25 03:02:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll[2013/06/25 03:02:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx[2013/06/25 03:02:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/06/25 03:02:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll[2013/06/25 03:02:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll[2013/06/25 03:02:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/06/25 03:02:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll[2013/06/25 03:02:35 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe[2013/06/25 03:02:34 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/06/25 03:02:34 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2013/06/25 03:02:34 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat[2013/06/25 03:02:34 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll[2013/06/25 03:02:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/06/25 03:02:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll[2013/06/25 03:02:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/06/25 03:02:34 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2013/06/25 03:02:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/06/25 03:02:34 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll[2013/06/25 03:02:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec[2013/06/25 03:02:34 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll[2013/06/25 03:02:34 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2013/06/25 03:02:34 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2013/06/25 03:02:34 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe[2013/06/25 03:02:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll[2013/06/25 03:02:34 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe[2013/06/25 03:02:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/06/25 03:02:34 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll[2013/06/25 03:02:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll[2013/06/25 03:02:34 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll[2013/06/25 03:02:34 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2013/06/25 03:02:34 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe[2013/06/25 03:02:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll[2013/06/25 03:02:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx[2013/06/25 03:02:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/06/25 03:02:34 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll[2013/06/25 03:02:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/06/25 03:02:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll[2013/06/25 03:02:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll[2013/06/25 03:02:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/06/25 03:02:34 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll[2013/06/25 03:02:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe[2013/06/25 03:02:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe[2013/06/24 04:01:35 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\TortoiseSVN[2013/06/24 03:53:00 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\TSVNCache[2013/06/24 03:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN[2013/06/24 03:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN[2013/06/24 03:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays[2013/06/24 03:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays[2013/06/14 21:46:38 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\1964_11[2013/06/13 22:38:47 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\.minecraft[2013/06/12 00:57:31 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/06/12 00:57:31 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/06/12 00:57:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll[2013/06/12 00:57:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll[2013/06/12 00:57:18 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll[2013/06/12 00:57:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/06/12 00:57:10 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe[2013/06/12 00:57:10 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe[2013/06/12 00:57:09 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2013/06/12 00:57:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll[2013/06/12 00:57:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll[2013/06/12 00:57:00 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll[2013/06/12 00:56:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll[2013/06/10 12:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache[2013/06/04 19:00:21 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Warframe[2013/04/07 12:48:46 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\Lucas\AppData\Roaming\dotNetFx35setup.exe ========== Files - Modified Within 30 Days ========== [2013/07/04 09:27:51 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/07/04 09:27:51 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/07/04 09:24:50 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/07/04 09:24:50 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/07/04 09:24:50 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/07/04 09:21:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/07/04 09:20:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/07/04 09:20:31 | 2124,308,479 | -HS- | M] () -- C:\hiberfil.sys[2013/07/04 09:04:50 | 000,035,518 | ---- | M] () -- C:\Users\Lucas\Desktop\Logs.zip[2013/07/04 08:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/07/04 05:37:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe[2013/07/03 07:40:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/07/03 05:50:43 | 000,000,947 | ---- | M] () -- C:\Users\Lucas\Desktop\mbam-log-2013-07-03 (01-18-42).zip[2013/07/03 04:21:38 | 554,402,820 | ---- | M] () -- C:\Windows\MEMORY.DMP[2013/07/03 03:46:08 | 000,377,856 | ---- | M] () -- C:\Users\Lucas\Desktop\mnhgpcu9.exe[2013/07/03 03:45:49 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Lucas\Desktop\dds.com[2013/07/03 00:59:22 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin[2013/07/03 00:53:05 | 000,001,082 | ---- | M] () -- C:\Users\Lucas\Desktop\MSI Afterburner.lnk[2013/07/03 00:29:25 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr[2013/07/03 00:29:25 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe[2013/07/01 22:52:52 | 000,000,000 | -H-- | M] () -- C:\Users\Lucas\Documents\Default.rdp[2013/06/30 14:07:18 | 000,292,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/06/29 11:39:49 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk[2013/06/29 11:39:49 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk[2013/06/25 08:48:56 | 3298,098,513 | ---- | M] () -- C:\Users\Lucas\Desktop\blackmesa.7z[2013/06/25 05:52:14 | 000,000,101 | ---- | M] () -- C:\Users\Lucas\Desktop\blackmesa.md5[2013/06/25 05:51:40 | 000,827,720 | ---- | M] () -- C:\Users\Lucas\Desktop\blackmesa-setup.exe[2013/06/25 03:02:35 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2013/06/25 03:02:35 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat[2013/06/25 03:02:35 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe[2013/06/25 03:02:35 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll[2013/06/25 03:02:35 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/06/25 03:02:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll[2013/06/25 03:02:35 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/06/25 03:02:35 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec[2013/06/25 03:02:35 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2013/06/25 03:02:35 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll[2013/06/25 03:02:35 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll[2013/06/25 03:02:35 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll[2013/06/25 03:02:35 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll[2013/06/25 03:02:35 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll[2013/06/25 03:02:35 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe[2013/06/25 03:02:35 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe[2013/06/25 03:02:35 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2013/06/25 03:02:35 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll[2013/06/25 03:02:35 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll[2013/06/25 03:02:35 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll[2013/06/25 03:02:35 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/06/25 03:02:35 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/06/25 03:02:35 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll[2013/06/25 03:02:35 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2013/06/25 03:02:35 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe[2013/06/25 03:02:35 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/06/25 03:02:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll[2013/06/25 03:02:35 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx[2013/06/25 03:02:35 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/06/25 03:02:35 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll[2013/06/25 03:02:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll[2013/06/25 03:02:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/06/25 03:02:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf[2013/06/25 03:02:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll[2013/06/25 03:02:35 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe[2013/06/25 03:02:34 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/06/25 03:02:34 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2013/06/25 03:02:34 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat[2013/06/25 03:02:34 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll[2013/06/25 03:02:34 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/06/25 03:02:34 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll[2013/06/25 03:02:34 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/06/25 03:02:34 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2013/06/25 03:02:34 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/06/25 03:02:34 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll[2013/06/25 03:02:34 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec[2013/06/25 03:02:34 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll[2013/06/25 03:02:34 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2013/06/25 03:02:34 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2013/06/25 03:02:34 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe[2013/06/25 03:02:34 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll[2013/06/25 03:02:34 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe[2013/06/25 03:02:34 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/06/25 03:02:34 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll[2013/06/25 03:02:34 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll[2013/06/25 03:02:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll[2013/06/25 03:02:34 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2013/06/25 03:02:34 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe[2013/06/25 03:02:34 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll[2013/06/25 03:02:34 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx[2013/06/25 03:02:34 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/06/25 03:02:34 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll[2013/06/25 03:02:34 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/06/25 03:02:34 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll[2013/06/25 03:02:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll[2013/06/25 03:02:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/06/25 03:02:34 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll[2013/06/25 03:02:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf[2013/06/25 03:02:34 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe[2013/06/25 03:02:34 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe[2013/06/20 02:25:34 | 000,014,466 | ---- | M] () -- C:\Users\Lucas\Documents\cc_20130620_022517.reg[2013/06/19 16:09:04 | 000,291,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0[2013/06/19 02:46:32 | 167,580,928 | ---- | M] () -- C:\Users\Lucas\Desktop\RP_EvoCity_v33x.bsp.bz2[2013/06/14 15:47:32 | 011,536,839 | ---- | M] () -- C:\Users\Lucas\Desktop\traincraft-4.0.1_002.jar[2013/06/13 14:53:19 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini[2013/06/05 20:09:11 | 000,002,544 | ---- | M] () -- C:\Users\Lucas\Documents\OpenOffice.odb[2013/06/05 17:06:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe ========== Files Created - No Company Name ========== [2013/07/04 09:04:44 | 000,035,518 | ---- | C] () -- C:\Users\Lucas\Desktop\Logs.zip[2013/07/03 07:28:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/07/03 07:28:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/07/03 07:28:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/07/03 07:28:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/07/03 07:28:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/07/03 05:50:43 | 000,000,947 | ---- | C] () -- C:\Users\Lucas\Desktop\mbam-log-2013-07-03 (01-18-42).zip[2013/07/03 04:21:38 | 554,402,820 | ---- | C] () -- C:\Windows\MEMORY.DMP[2013/07/03 03:46:05 | 000,377,856 | ---- | C] () -- C:\Users\Lucas\Desktop\mnhgpcu9.exe[2013/07/03 00:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2013/07/03 00:53:05 | 000,001,082 | ---- | C] () -- C:\Users\Lucas\Desktop\MSI Afterburner.lnk[2013/07/01 22:52:52 | 000,000,000 | -H-- | C] () -- C:\Users\Lucas\Documents\Default.rdp[2013/06/29 11:39:49 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk[2013/06/29 11:39:48 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk[2013/06/25 06:34:45 | 3298,098,513 | ---- | C] () -- C:\Users\Lucas\Desktop\blackmesa.7z[2013/06/25 05:52:14 | 000,000,101 | ---- | C] () -- C:\Users\Lucas\Desktop\blackmesa.md5[2013/06/25 05:51:39 | 000,827,720 | ---- | C] () -- C:\Users\Lucas\Desktop\blackmesa-setup.exe[2013/06/25 03:02:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf[2013/06/25 03:02:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf[2013/06/20 02:25:26 | 000,014,466 | ---- | C] () -- C:\Users\Lucas\Documents\cc_20130620_022517.reg[2013/06/19 02:40:29 | 167,580,928 | ---- | C] () -- C:\Users\Lucas\Desktop\RP_EvoCity_v33x.bsp.bz2[2013/06/14 15:46:49 | 011,536,839 | ---- | C] () -- C:\Users\Lucas\Desktop\traincraft-4.0.1_002.jar[2013/04/27 21:44:08 | 000,000,093 | ---- | C] () -- C:\Users\Lucas\AppData\Local\fusioncache.dat[2013/04/21 22:23:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini[2013/04/16 09:37:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe[2013/04/16 09:37:12 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe[2013/03/28 20:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2013/03/28 20:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2013/02/24 20:05:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini[2013/02/01 07:40:38 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe[2013/01/29 20:26:38 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe[2013/01/28 21:18:15 | 000,280,856 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2013/01/28 21:18:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2013/01/22 19:51:22 | 000,786,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/01/22 19:47:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll[2011/09/19 08:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Link to post Share on other sites More sharing options...
Recommended Posts