Jump to content

noaoh

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. noaoh
    No threats were found. Except internet explorer. It is a threat to my intelligence.
  2. noaoh
    Sorry for the triple post, the computer seems to be doing fine, I don't have any more problems. When I downloaded Privitize vpn, after a while I could not open programs, so I'd have to reboot the computer. The chrome browser also seemed to not work very well. It did the searchou thing when I searched, and at times I could not open a new tab. the computer was very slow throughout the the whole thing as well.
  3. noaoh
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:59:23 PM, on 4/30/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16521) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Noah Holt\Local Settings\Apps\F.lux\flux.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Noah Holt\AppData\Roaming\Torque\Torque.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Noah Holt\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [F.lux] "C:\Users\Noah Holt\Local Settings\Apps\F.lux\flux.exe" /noshow O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System3
  4. noaoh
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.30.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 Noah Holt :: R2-D2 [administrator] Protection: Enabled 4/30/2013 10:54:51 PM mbam-log-2013-04-30 (22-54-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211338 Time elapsed: 3 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. noaoh
    A Valley Without Wind A Valley Without Wind 2 Adobe Reader XI (11.0.02) Awesomenauts Bastion Bing Rewards Client Installer BitTorrent Borderlands Cave Story+ Dungeons of Dredmor F.lux FTL: Faster Than Light Google Chrome Google Update Helper GraphicsGale FreeEdition version 1.93.21 Hotline Miami HP Deskjet 1000 J110 series Help HP Photo Creations HP Update Insanely Twisted Shadow Planet Java 7 Update 17 Java Auto Updater LibreOffice 4.0.0.3 Malwarebytes Anti-Malware version 1.75.0.1300 Mark of the Ninja Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.1 NVIDIA PhysX Orcs Must Die! Orcs Must Die! 2 Pineapple Smash Crew Portal Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Shank Shank 2 Shoot Many Robots
  6. noaoh
    ========== OTL ========== HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1346346648-3954540990-3674180685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9847E287-39D7-44FF-B2F0-C486E175C5A2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9847E287-39D7-44FF-B2F0-C486E175C5A2}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Noah Holt\Downloads\cmd.bat deleted successfully. C:\Users\Noah Holt\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Noah Holt ->Java cache emptied: 295322 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Noah Holt ->Flash cache emptied: 5685 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04302013_220830 The computer seems to be running perfectly fine.
  7. noaoh
    OTL logfile created on: 4/30/2013 8:58:44 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Noah Holt\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 57.10% Memory free 7.49 Gb Paging File | 5.50 Gb Available in Paging File | 73.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 217.98 Gb Free Space | 73.15% Space Free | Partition Type: NTFS Computer Name: R2-D2 | User Name: Noah Holt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Noah Holt\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Noah Holt\Local Settings\Apps\F.lux\flux.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Users\Noah Holt\Local Settings\Apps\F.lux\flux.exe () ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/?id=16939a5e00000000000000ffffd80256 IE - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 6A B7 C6 8A 14 CE 01 [binary data] IE - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\..\SearchScopes\{9847E287-39D7-44FF-B2F0-C486E175C5A2}: "URL" = http://searchou.com/?q={searchTerms}&id=16939a5e00000000000000ffffd80256&r=775 IE - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - Extension: Entanglement = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: Heavy Mural = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoikfmgakgfmapoikldhjpabglghmbl\2_0\ CHR - Extension: Google Docs = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Google Search = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Productivity Owl = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoagmdboiealblmpaahjlhajggndaahi\1.2.2_0\ CHR - Extension: AdBlock = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.62_0\ CHR - Extension: Don't Starve = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\ CHR - Extension: Don't Break the Chain = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlkkjgfbfgdcdjnddamlmgbipgbhgppk\1.2_0\ CHR - Extension: avast! WebRep = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: Wolfram|Alpha (Official) = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\ CHR - Extension: Typing Test - KeyHero = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0\ CHR - Extension: AudioSauna = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae\0.402_0\ CHR - Extension: Poppit = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: Gmail = C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/04/30 18:27:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [installerLauncher] "C:\Program Files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe" /run:"C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe" File not found O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000..\Run: [F.lux] C:\Users\Noah Holt\Local Settings\Apps\F.lux\flux.exe () O4 - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1346346648-3954540990-3674180685-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CD588B5-4F76-41AA-8219-28FF35C16DC6}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED676FBA-8834-4C0D-9992-360A11E1EA4C}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/30 20:19:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/04/30 18:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/04/30 18:43:15 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013/04/30 18:43:14 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013/04/30 18:43:10 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013/04/30 18:43:04 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013/04/30 18:43:02 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013/04/30 18:42:55 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013/04/30 18:42:33 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/04/30 18:29:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/04/30 18:15:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/30 18:15:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/30 18:15:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/30 18:14:25 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2013/04/30 18:10:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/30 18:10:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/04/30 18:08:30 | 000,000,000 | ---D | C] -- C:\Users\Noah Holt\AppData\Roaming\GetRightToGo [2013/04/30 17:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mbar [2013/04/30 17:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/04/30 17:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/04/30 08:06:15 | 000,000,000 | ---D | C] -- C:\Users\Noah Holt\AppData\Local\Demiurge Studios [2013/04/30 03:05:26 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/30 03:05:26 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/04/30 03:05:26 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/04/30 03:05:26 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/04/30 03:05:26 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/30 03:05:26 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/04/30 03:05:26 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/30 03:05:26 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/04/30 03:05:26 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/30 03:05:26 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/04/30 03:05:26 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/04/30 03:05:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/04/30 03:05:26 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/04/30 03:05:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/04/30 03:05:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/04/30 03:05:26 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/04/30 03:05:26 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/30 03:05:26 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/04/30 03:05:26 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/04/30 03:05:26 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/04/30 03:05:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/04/30 03:05:26 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/04/30 03:05:26 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/04/30 03:05:26 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/30 03:05:26 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/04/30 03:05:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/04/30 03:05:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/04/30 03:05:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/04/30 03:05:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/04/30 03:05:26 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/04/30 03:05:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/04/30 03:05:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/04/30 03:05:26 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/04/30 03:05:26 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/04/30 03:05:25 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/30 03:05:25 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/30 03:05:25 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/04/30 03:05:25 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/04/30 03:05:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/30 03:05:25 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/04/30 03:05:25 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/30 03:05:25 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/04/30 03:05:25 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/30 03:05:25 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/04/30 03:05:25 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/04/30 03:05:25 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/04/30 03:05:25 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/30 03:05:25 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/30 03:05:25 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/04/30 03:05:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/04/30 03:05:25 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/04/30 03:05:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/04/30 03:05:25 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/04/30 03:05:25 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/04/30 03:05:25 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/04/30 03:05:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/30 03:05:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/04/30 03:05:25 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/04/30 03:05:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/04/30 03:05:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/04/30 03:05:25 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/04/30 03:05:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/04/30 03:05:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/04/30 03:05:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/04/30 03:05:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/04/30 03:05:25 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/04/30 03:05:25 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/04/30 03:05:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/04/29 23:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/04/29 23:21:14 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013/04/29 23:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/04/29 23:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/04/29 23:12:52 | 000,000,000 | ---D | C] -- C:\7c0bc8d1fbf711a0559b7f8048 [2013/04/29 17:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013/04/29 16:42:18 | 000,000,000 | ---D | C] -- C:\Users\Noah Holt\AppData\Roaming\Malwarebytes [2013/04/29 16:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/29 16:42:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/29 16:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/04/29 16:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/27 22:42:34 | 000,000,000 | ---D | C] -- C:\Users\Noah Holt\AppData\Local\SKIDROW [2013/04/27 22:41:50 | 000,000,000 | ---D | C] -- C:\Users\Noah Holt\AppData\Local\Programs [2013/04/20 19:52:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2013/04/20 19:52:49 | 000,000,000 | RH-D | C] -- C:\Users\Noah Holt\AppData\Roaming\SecuROM [2013/04/12 22:58:25 | 000,000,000 | ---D | C] -- C:\Users\Noah Holt\AppData\Roaming\vlc [2013/04/12 22:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013/04/10 07:55:20 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/04/10 07:55:19 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/04/10 07:55:18 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/04/10 07:55:18 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/04/10 07:55:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/04/10 07:55:18 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/04/10 07:55:07 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 07:55:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 07:55:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 07:55:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 07:55:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 07:55:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/04/07 22:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 [2013/04/07 22:09:54 | 000,000,000 | ---D | C] -- C:\Python27 [2013/04/06 19:55:44 | 003,003,392 | ---- | C] (Python Software Foundation) -- C:\Windows\SysNative\python27.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/30 20:19:43 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/30 20:19:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/30 20:18:58 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2013/04/30 20:16:18 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/30 20:16:18 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/30 20:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/30 18:43:17 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/04/30 18:42:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/04/30 18:27:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/04/30 17:18:25 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2013/04/30 17:18:24 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/04/30 08:02:43 | 000,000,221 | ---- | M] () -- C:\Users\Noah Holt\Desktop\Shoot Many Robots.url [2013/04/30 03:05:26 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/30 03:05:26 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/04/30 03:05:26 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/04/30 03:05:26 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/04/30 03:05:26 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/30 03:05:26 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/04/30 03:05:26 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/30 03:05:26 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/04/30 03:05:26 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/30 03:05:26 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/04/30 03:05:26 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/04/30 03:05:26 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/04/30 03:05:26 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/04/30 03:05:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/04/30 03:05:26 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/04/30 03:05:26 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/04/30 03:05:26 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/30 03:05:26 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/04/30 03:05:26 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/04/30 03:05:26 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/04/30 03:05:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/04/30 03:05:26 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/04/30 03:05:26 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/04/30 03:05:26 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/30 03:05:26 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/04/30 03:05:26 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/04/30 03:05:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/04/30 03:05:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/04/30 03:05:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/04/30 03:05:26 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/04/30 03:05:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/04/30 03:05:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/04/30 03:05:26 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/30 03:05:26 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/04/30 03:05:26 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/04/30 03:05:25 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/30 03:05:25 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/30 03:05:25 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/04/30 03:05:25 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/04/30 03:05:25 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/30 03:05:25 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/04/30 03:05:25 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/30 03:05:25 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/04/30 03:05:25 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/30 03:05:25 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/04/30 03:05:25 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/04/30 03:05:25 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/04/30 03:05:25 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/30 03:05:25 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/30 03:05:25 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/04/30 03:05:25 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/04/30 03:05:25 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/04/30 03:05:25 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/04/30 03:05:25 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/04/30 03:05:25 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/04/30 03:05:25 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/04/30 03:05:25 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/30 03:05:25 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/04/30 03:05:25 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/04/30 03:05:25 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/04/30 03:05:25 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/04/30 03:05:25 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/04/30 03:05:25 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/04/30 03:05:25 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/04/30 03:05:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/04/30 03:05:25 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/04/30 03:05:25 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/04/30 03:05:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/30 03:05:25 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/04/30 03:05:25 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/04/29 23:31:02 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/04/29 23:13:14 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/04/29 16:42:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/23 18:38:09 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013/04/20 19:50:11 | 000,000,220 | ---- | M] () -- C:\Users\Noah Holt\Desktop\Borderlands.url [2013/04/14 12:20:47 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/14 12:20:47 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/14 12:20:47 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/12 22:58:13 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/10 22:05:23 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/10 21:49:52 | 000,000,195 | ---- | M] () -- C:\Users\Noah Holt\Desktop\Hotline Miami.url [2013/04/10 19:16:07 | 000,022,794 | ---- | M] () -- C:\Users\Noah Holt\Documents\Code Language Demonstration Speech.odt [2013/04/10 16:22:47 | 000,322,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/06 19:55:44 | 003,003,392 | ---- | M] (Python Software Foundation) -- C:\Windows\SysNative\python27.dll [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/03 20:38:28 | 000,037,095 | ---- | M] () -- C:\Users\Noah Holt\Documents\Economics Project.odt [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/30 18:43:17 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/04/30 18:43:00 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013/04/30 18:42:57 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013/04/30 18:15:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/30 18:15:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/30 18:15:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/30 18:15:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/30 18:15:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/04/30 17:18:25 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2013/04/30 17:18:24 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/04/30 08:02:43 | 000,000,221 | ---- | C] () -- C:\Users\Noah Holt\Desktop\Shoot Many Robots.url [2013/04/30 03:05:26 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/30 03:05:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/29 23:31:02 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/04/29 23:21:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013/04/29 16:46:01 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/04/29 16:42:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/23 18:38:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013/04/20 19:50:11 | 000,000,220 | ---- | C] () -- C:\Users\Noah Holt\Desktop\Borderlands.url [2013/04/12 22:58:13 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/10 21:35:42 | 000,000,195 | ---- | C] () -- C:\Users\Noah Holt\Desktop\Hotline Miami.url [2013/04/09 16:41:48 | 000,022,794 | ---- | C] () -- C:\Users\Noah Holt\Documents\Code Language Demonstration Speech.odt [2013/03/29 16:43:56 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe [2013/03/18 14:35:43 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/02/26 20:45:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
  8. noaoh
    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Noah Holt [Admin rights] Mode : Remove -- Date : 04/30/2013 20:30:06 | ARK || FAK || MBR | ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] Torque.exe -- C:\Users\Noah Holt\AppData\Roaming\Torque\Torque.exe [7] -> KILLED [TermProc] [RESIDUE] Torque.exe -- C:\Users\Noah Holt\AppData\Roaming\Torque\Torque.exe [7] -> KILLED [TermProc] [RESIDUE] Torque.exe -- C:\Users\Noah Holt\AppData\Roaming\Torque\Torque.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9320325AS ATA Device +++++ --- User --- [MBR] 559f43aa9ba65e4b3ccbf48ffb605c42 [bSP] 5892bc61fb12bae13a953beec79e90f6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_D_04302013_02d2030.txt >> RKreport[1]_S_04302013_02d2027.txt ; RKreport[2]_D_04302013_02d2028.txt ; RKreport[3]_D_04302013_02d2030.txt I have a feeling the malware's gone now, but if you insist, I'll run as many programs as needed.
  9. noaoh
    # AdwCleaner v2.300 - Logfile created 04/30/2013 at 20:17:55 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Noah Holt - R2-D2 # Boot Mode : Normal # Running from : C:\Users\Noah Holt\Downloads\adwcleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16521 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Noah Holt\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1203 octets] - [30/04/2013 17:10:16] AdwCleaner[s1].txt - [1281 octets] - [30/04/2013 17:10:31] AdwCleaner[s2].txt - [792 octets] - [30/04/2013 20:17:55] ########## EOF - C:\AdwCleaner[s2].txt - [851 octets] ##########
  10. noaoh
    Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 17 Java version out of Date! Adobe Reader XI Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  11. noaoh
    I found out the hard way about Privitize Vpn. I looked it up, and ran tons of different software trying to fix it. Eventually I got frustrated and ran ComboFix and got this log: ComboFix 13-04-29.01 - Noah Holt 04/30/2013 18:20:39.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2755 [GMT -5:00] Running from: c:\users\Noah Holt\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\1367273648.bdinstall.bin c:\programdata\1367274068.bdinstall.bin c:\programdata\1367274070.bdinstall.bin c:\programdata\1367274466.bdinstall.bin c:\programdata\1367274471.1520.bin c:\programdata\1367274471.3320.bin c:\programdata\1367274471.5792.bin c:\programdata\1367274471.916.bin . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 ))))))))))))))))))))))))))))))) . . 2013-04-30 23:27 . 2013-04-30 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-30 23:14 . 2013-04-30 23:14 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-04-30 23:08 . 2013-04-30 23:08 -------- d-----w- c:\users\Noah Holt\AppData\Roaming\GetRightToGo 2013-04-30 22:55 . 2013-04-30 23:06 -------- d-----w- c:\program files (x86)\mbar 2013-04-30 22:18 . 2013-04-30 22:18 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-04-30 22:18 . 2013-04-30 22:18 -------- d-----w- c:\program files\HitmanPro 2013-04-30 22:18 . 2013-04-30 22:18 -------- d-----w- c:\programdata\HitmanPro 2013-04-30 13:06 . 2013-04-30 13:06 -------- d-----w- c:\users\Noah Holt\AppData\Local\Demiurge Studios 2013-04-30 04:30 . 2013-04-30 04:31 -------- d-----w- c:\program files\CCleaner 2013-04-30 04:21 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-04-30 04:20 . 2013-04-30 04:20 -------- d-----w- c:\program files\AVAST Software 2013-04-30 04:20 . 2013-04-30 23:15 -------- d-----w- c:\programdata\AVAST Software 2013-04-30 04:12 . 2013-04-30 04:13 -------- d-----w- C:\7c0bc8d1fbf711a0559b7f8048 2013-04-29 21:42 . 2013-04-29 21:42 -------- d-----w- c:\users\Noah Holt\AppData\Roaming\Malwarebytes 2013-04-29 21:42 . 2013-04-29 21:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-29 21:42 . 2013-04-29 21:42 -------- d-----w- c:\programdata\Malwarebytes 2013-04-29 21:42 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-28 03:42 . 2013-04-28 03:42 -------- d-----w- c:\users\Noah Holt\AppData\Local\SKIDROW 2013-04-28 03:41 . 2013-04-28 03:41 -------- d-----w- c:\users\Noah Holt\AppData\Local\Programs 2013-04-26 21:20 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB65653D-0151-4F7D-BBD2-56A1E3A8BEDF}\mpengine.dll 2013-04-23 21:02 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-21 00:52 . 2013-04-21 00:52 -------- d-sh--w- c:\programdata\SecuROM 2013-04-21 00:52 . 2013-04-21 00:52 -------- d--h--r- c:\users\Noah Holt\AppData\Roaming\SecuROM 2013-04-13 03:58 . 2013-04-13 04:15 -------- d-----w- c:\users\Noah Holt\AppData\Roaming\vlc 2013-04-13 03:57 . 2013-04-13 03:57 -------- d-----w- c:\program files (x86)\VideoLAN 2013-04-08 03:09 . 2013-04-08 03:10 -------- d-----w- C:\Python27 2013-04-07 00:55 . 2013-04-07 00:55 3003392 ----a-w- c:\windows\system32\python27.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-29 21:54 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll 2013-03-29 21:54 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll 2013-03-29 21:54 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll 2013-03-29 21:54 . 2013-03-29 21:43 833024 ----a-w- c:\windows\SysWow64\user32.dll 2013-03-29 21:54 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll 2013-03-29 21:44 . 2013-03-29 21:43 2048 ----a-w- c:\windows\SysWow64\winver.exe 2013-03-29 21:44 . 2013-03-29 21:43 833024 ----a-w- c:\windows\SysWow64\user32.dll.bak 2013-03-29 21:43 . 2013-03-29 21:43 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll 2013-03-29 21:43 . 2013-03-29 21:43 1536 ----a-w- c:\windows\SysWow64\sppcomapi.dll 2013-03-12 06:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-09 22:14 . 2013-03-09 22:14 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-09 22:14 . 2013-03-09 22:15 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-09 22:14 . 2013-03-09 22:15 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-02 20:14 . 2009-08-18 18:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2013-03-02 20:14 . 2009-08-18 17:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-02-12 05:45 . 2013-03-12 23:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-12 23:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-12 23:28 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-12 23:28 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-12 23:28 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-12 23:28 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-20 20:03 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2013-03-29 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2013-03-29 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-04-19 1631144] "F.lux"="c:\users\Noah Holt\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-04-30 32000] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-27 1255736] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-11 03:04 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-27 01:59] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-27 01:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://searchou.com/?id=16939a5e00000000000000ffffd80256 mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-InstallerLauncher - c:\program files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1346346648-3954540990-3674180685-1000\Software\SecuROM\License information*] "datasecu"=hex:40,9d,ad,6d,17,61,34,0d,2d,ff,74,3c,9b,40,23,37,ca,35,4b,37,54, 1b,da,3c,c0,f6,b7,dc,49,9f,fe,56,32,ad,90,a0,94,60,f8,07,e9,63,12,05,12,6a,\ "rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-30 18:29:10 ComboFix-quarantined-files.txt 2013-04-30 23:29 . Pre-Run: 235,114,708,992 bytes free Post-Run: 235,737,321,472 bytes free . - - End Of File - - 7CC992D5E21623A829BA99E5FC94809C Does my computer still have viruses, malware or rootkits? Thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.