Jump to content

Eri

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com""Search Page"="http://www.google.com""Search Bar"="http://www.google.com"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com""Search Page"="http://www.google.com""Search Bar"="http://www.google.com""Start Page Redirect Cache"="http://www.google.com"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com""Search Page"="http://www.google.com""Search Bar"="http://www.google.com""Start Page Redirect Cache"="http://www.google.com"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]No DefaultScope Set For HKCU New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896""Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896""Start Page"="http://www.google.com"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896""Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896""Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157""Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896""Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896""Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157""Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" ==== Reset Google Chrome ====================== C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rO4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunO4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunO4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startupO4 - HKCU\..\Run: [MxDock] C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exeO4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: CurseClientStartup.ccipO4 - Startup: Steam.lnk = C:\Program Files (x86)\Steam\Steam.exeO8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htmO8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htmO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeO23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exeO23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=34 folders=37 35489965 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\John\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\John\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Tue 07/15/2014 at 20:26:18.48 ====================== Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/15/2014Scan Time: 20:28:37Logfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.15.15Rootkit Database: v2014.07.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: John Scan Type: Threat ScanResult: CompletedObjects Scanned: 277938Time Elapsed: 11 min, 15 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) ==== EOF on Tue 07/15/2014 at 20:26:18.48 ======================
  2. According to MB it isn't there now. Zoek.exe v5.0.0.0 Updated 15-07-2014Tool run by John on Tue 07/15/2014 at 19:49:11.56.Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\John\Desktop\zoek.com [scan all users] [script inserted] ==== System Restore Info ====================== 7/15/2014 19:49:58 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfullyC:\PROGRA~3\ASUS OC Profiles deleted successfullyC:\PROGRA~3\Oracle deleted successfullyC:\Users\John\AppData\Roaming\Malwarebytes deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exeC:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exeC:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeC:\ASUS.SYS\config\DVMExportService.exeC:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exeC:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exeC:\Program Files\ASUS\Turbo Key\TurboKey.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\PROGRA~2\Raptr\raptr.exeC:\PROGRA~2\Raptr\raptr_im.exeC:\Windows\SysWOW64\WinMsgBalloonServer.exeC:\Windows\SysWOW64\WinMsgBalloonClient.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deletedC:\Users\John\Searches deleted ==== System Specs ====================== Windows: Windows XP Professional Service Pack 2 (Build 2600)Memory (RAM): 6144 MBCPU Info: AMD Phenom 9850 Quad-Core ProcessorCPU Speed: 2508.4 MHzSound Card: Speakers (VIA High Definition A | SPDIF Interface (TX1) (VIA High | SPDIF Interface (TX0) (VIA High | Digital Audio (S/PDIF) (2- High | Display Adapters: AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display DriverMonitors: 2x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bitNetwork: Network PresentNetwork Adapters: Realtek PCIe GBE Family ControllerCD / DVD Drives: No optical drives found.Ports: COM1 LPT1Mouse: 7 Button Wheel Mouse PresentHard Disks: C: 1397.2GBHard Disks - Free: C: 752.0GBManufacturer *: American Megatrends Inc.BIOS Info: AT/AT COMPATIBLE | 04/14/10 | ACRSYS - 20100414Time Zone: Eastern Standard TimeMotherboard *: ASUSTeK Computer INC. M4A785-MCountry: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Anti-Spyware: Microsoft Security Essentials disabled (Outdated)Default Browser: Google Chrome 35.0.1916.153Internet Explorer Version: 11.0.9600.17207 Google Chrome version: 35.0.1916.153Adobe Reader version: 9.1.0.2009022700Sun Java version: 1.7.0_60 (64-bit) Flash Player version: 14.0.0.145 ==== Files Recently Created / Modified ====================== ====== C:\Windows ========== C:\Users\John\AppData\Local\Temp ========== Java Cache =========== C:\Windows\SysWOW64 =====2014-07-09 21:03:17 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe2014-07-09 21:03:11 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll2014-07-09 21:03:06 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll2014-07-09 21:03:06 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll2014-07-09 21:03:06 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-09 21:03:05 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-09 21:03:05 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll2014-07-09 21:03:05 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll2014-07-09 21:03:05 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\SysWOW64\urlmon.dll2014-07-09 21:03:04 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll2014-07-09 21:03:04 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\SysWOW64\mshtml.dll2014-07-09 21:03:03 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll2014-07-09 21:03:03 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl2014-07-09 21:03:03 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb2014-07-09 21:03:02 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll2014-07-09 21:03:02 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll2014-07-09 21:03:01 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\SysWOW64\ieui.dll2014-07-09 21:03:01 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll2014-07-09 21:03:01 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll2014-07-09 21:03:00 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\SysWOW64\ieframe.dll2014-07-09 21:02:58 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-09 21:02:58 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll2014-07-09 21:02:58 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe2014-07-09 21:02:57 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\SysWOW64\wininet.dll2014-07-09 21:02:57 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll2014-07-09 21:02:57 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll2014-07-09 21:02:57 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll2014-07-09 21:02:57 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll2014-07-09 21:02:33 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll2014-07-09 21:02:33 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll====== C:\Windows\SysWOW64\drivers =========== C:\Windows\Sysnative =====2014-07-15 05:15:57 80DD24235A7E13AFC9E9EBC55ACE1ACF 313256 ----a-w- C:\Windows\Sysnative\javaws.exe2014-07-15 05:15:54 B139EECAC4B3B43949FA0E2EDB66B905 111016 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll2014-07-15 05:15:54 75F20BEDF6B95AA316C08D9D3F247692 189352 ----a-w- C:\Windows\Sysnative\java.exe2014-07-15 05:15:54 22AEEB5D70AFF7C6CB43D16E6F5E2FFF 189352 ----a-w- C:\Windows\Sysnative\javaw.exe2014-07-09 21:03:18 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys2014-07-09 21:03:16 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe2014-07-09 21:03:12 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll2014-07-09 21:03:06 FC50DF22550C565DD096ACFAF18A37ED 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll2014-07-09 21:03:06 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb2014-07-09 21:03:05 C2F62DF01E3552DB0571FEF4D514675B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll2014-07-09 21:03:05 C0F9F52C36E584C0339406ABF6DA1FBA 266424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll2014-07-09 21:03:05 5E646AD50848A409291418B5759595B9 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll2014-07-09 21:03:03 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll2014-07-09 21:03:02 391D68668CFC061F26BE593A61F745E0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll2014-07-09 21:03:01 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll2014-07-09 21:03:01 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe2014-07-09 21:03:01 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\Windows\Sysnative\dxtmsft.dll2014-07-09 21:03:00 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe2014-07-09 21:02:59 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll2014-07-09 21:02:59 7469D4E046BD7D155CAC2697BD28B58B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll2014-07-09 21:02:59 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl2014-07-09 21:02:57 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll2014-07-09 21:02:56 854C5F171F5CEE272232AC0286F3B3B9 598016 ----a-w- C:\Windows\Sysnative\ieui.dll2014-07-09 21:02:56 797E36BAD01FD7C8F0FB92E86A9E01D7 13527040 ----a-w- C:\Windows\Sysnative\ieframe.dll2014-07-09 21:02:56 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll2014-07-09 21:02:55 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe2014-07-09 21:02:55 945FA19B388FCF0FEA6124B5FD71C72F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll2014-07-09 21:02:55 50FF2DD806CC6CF3B3F98F9A1A711603 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll2014-07-09 21:02:55 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll2014-07-09 21:02:54 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll2014-07-09 21:02:54 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\Windows\Sysnative\jscript9.dll2014-07-09 21:02:54 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll2014-07-09 21:02:54 00401347C3BC466E5F2516387EBBCA7D 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll2014-07-09 21:02:53 F876957CA193B20A21D52F91418657D7 195584 ----a-w- C:\Windows\Sysnative\msrating.dll2014-07-09 21:02:53 89A53CDE0DA5680AF48A181D82C752CA 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll2014-07-09 21:02:52 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\Windows\Sysnative\mshtml.dll2014-07-09 21:02:52 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe2014-07-09 21:02:35 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll====== C:\Windows\Sysnative\drivers =====2014-07-15 22:23:42 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\48230029.sys2014-07-09 21:03:10 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys2014-06-26 00:56:05 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys2014-06-26 00:55:43 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys2014-06-26 00:55:43 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys====== C:\Windows\Tasks ======2014-07-15 23:48:58 E3C8B1C8494F59562D76092776A87302 3100 ----a-w- C:\Windows\Sysnative\Tasks\{04049363-B53F-4733-8DB7-044094010B7F}====== C:\Windows\Temp ============= C:\Program Files =====2014-07-15 05:15:31 -------- d-----w- C:\Program Files\Java2014-07-09 20:52:56 -------- d-----w- C:\Program Files\iPod2014-07-09 20:52:55 -------- d-----w- C:\Program Files\iTunes======= C:\PROGRA~2 =====2014-07-13 05:57:11 -------- d-----w- C:\PROGRA~2\Warcraft III2014-07-09 20:52:55 -------- d-----w- C:\PROGRA~2\iTunes2014-07-03 02:27:30 -------- d-----w- C:\PROGRA~2\Twitter2014-06-21 06:50:20 -------- d-----w- C:\PROGRA~2\VTFEdit======= C: =========== C:\Users\John\AppData\Roaming ======2014-07-15 07:58:29 -------- d-sh--w- C:\Users\John\AppData\Local\EmieUserList2014-07-15 07:58:29 -------- d-sh--w- C:\Users\John\AppData\Local\EmieSiteList2014-07-10 05:55:00 -------- d-----w- C:\Users\John\AppData\Roaming\Yacht Club Games2014-07-03 02:27:45 -------- d-----w- C:\Users\John\AppData\Local\twitter2014-07-03 02:27:33 -------- d-----w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck2014-06-23 15:48:39 -------- d-----w- C:\Users\John\AppData\Roaming\Maxthon3====== C:\Users\John ======2014-07-15 22:16:23 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\John\Desktop\OTM.exe2014-07-15 21:53:38 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\John\Desktop\SystemLook_x64.exe2014-07-15 16:55:45 32EC56D740D3817B253B3B5C104C6ED8 2086912 ----a-w- C:\Users\John\Desktop\FRST64.exe2014-07-15 16:55:10 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\John\Desktop\JRT.exe2014-07-15 16:45:49 DB95B03031E66AC45495EDF1D16B8887 1348263 ----a-w- C:\Users\John\Desktop\AdwCleaner.exe2014-07-15 07:48:30 E1263309FB4AA7F83E7E67FBEA6A59F4 890744 ----a-w- C:\Users\John\Downloads\amddriverdownloader.exe2014-07-15 05:13:59 8970C0476E96E4B9ABF074C93307E924 30984104 ----a-w- C:\Users\John\Downloads\jre-7u60-windows-x64.exe2014-07-13 05:57:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III2014-07-13 05:41:57 1D74B60E80A1939911BABABF27B49349 1172376 ----a-w- C:\Users\John\Warcraft III 1.21b TFT Installer enUS\Installer.exe2014-07-13 05:41:57 -------- d-----w- C:\Users\John\Warcraft III 1.21b TFT Installer enUS2014-07-13 05:41:37 33D0CB7A9E784AA523E2A3CC418E945E 2687056 ----a-w- C:\Users\John\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe2014-07-13 05:40:54 7A74B8D767E43FB0742DD0C145A90101 1172376 ----a-w- C:\Users\John\Warcraft III 1.21b ROC Installer enUS\Installer.exe2014-07-13 05:40:54 -------- d-----w- C:\Users\John\Warcraft III 1.21b ROC Installer enUS2014-07-13 05:40:26 9736C50D06A950ABE29BABFF17E8FA87 2693589 ----a-w- C:\Users\John\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe2014-07-09 20:54:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-09 20:52:55 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-06 15:56:40 6F8ED99945D5B5406B717BDE754DAE0C 1455528 ----a-w- C:\Users\John\Downloads\SystemCheck_enUS.exe2014-06-21 06:50:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit ====== C: exe-files ==2014-07-15 05:15:41 B5C895A0CE2252C2BE13E4DB60059A67 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe2014-07-15 05:15:41 50D36E49C4FCF2F0936E55FC64F2C20A 180648 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe2014-07-15 05:15:40 C8846A5A7613B2B9BFF678182A9B3676 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe2014-07-15 05:15:40 66567DB2EDB5396F7839687F48CD9D6A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe2014-07-15 05:15:40 4E41FB38C3CE8A907F574217061B43DB 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe2014-07-15 05:15:40 4E40EEF592340030DE0FB62532238FD4 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe2014-07-15 05:15:40 354A7C881CC32CD63314B0BA7AA8DA24 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe2014-07-15 05:15:40 0A7264A972A49FDBE00B4431DC2B101E 64424 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe2014-07-15 05:15:40 0648CE22986703A3618C2F60D2B34EAC 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe2014-07-15 05:15:39 FEAEFB0DFC2A55F5E3670CFFD97B12E3 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe2014-07-15 05:15:39 DEB108631ED814878B4D0F8F66BA7D54 67496 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe2014-07-15 05:15:39 80DD24235A7E13AFC9E9EBC55ACE1ACF 313256 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe2014-07-15 05:15:39 6FC165F778DC7E3A0C573A555CAD5EE4 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe2014-07-15 05:15:39 63943EF8CDC05D71AA3EDEFF14A8BA43 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe2014-07-15 05:15:39 22AEEB5D70AFF7C6CB43D16E6F5E2FFF 189352 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe2014-07-15 05:15:39 1EE4BEAA034A42AA91DD4ACB71800E97 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe2014-07-15 05:15:38 B6FE60CC39FC7CB597FBA0EB0A91AA97 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe2014-07-15 05:15:38 AF463A23D7F45C297BC7F0CF9AAE5C2F 76200 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe2014-07-15 05:15:38 75F20BEDF6B95AA316C08D9D3F247692 189352 ----a-w- C:\Program Files\Java\jre7\bin\java.exe2014-07-15 05:15:38 5AD390906C2F6B84B93877E8DC30707E 55720 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe2014-07-13 05:57:11 D3C14AB1D76CC88E131BA31667326A68 397312 ----a-w- C:\Program Files (x86)\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe2014-07-09 23:51:45 DFAA288E67F98A2FDB9BD3C2F10C1CEA 2478592 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe2014-07-09 23:51:45 C9D9EEBCCEF20D637F193490CEC05E79 10274136 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\vcredist\2010\vcredist_x64.exe2014-07-09 23:51:45 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\DirectX\Jun2010\DXSETUP.exe2014-07-09 23:51:45 1801436936E64598BAB5B87B37DC7F87 8990552 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\vcredist\2010\vcredist_x86.exe2014-07-09 21:03:17 20235ED4653CFDDCDEF721F5126A1C47 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe2014-07-09 21:03:14 89D2706FCD45E33CECFBD46BCBAD7E16 10240 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe2014-07-09 21:03:05 61FF1A9683EDD471797FE0F56057FD09 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe2014-07-09 21:03:05 24868C9D422EDB5B249C0C81B01A0C19 810160 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe2014-07-09 21:03:03 CD900EFB4F8946A2BB1950D9F45915C2 812216 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe2014-07-09 21:03:03 65D0ECD485C8605B07C8338708224818 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe2014-07-09 21:03:03 2168067C03FADB690B77633104A2E64B 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe2014-07-09 21:02:59 8395829B1CE9E11C6441753257DC7591 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe2014-07-09 20:42:49 B3F5836DDD18A9665C188F1C63BF4B35 9786416 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.4826\Battle.net.exe=== C: other files ==2014-07-15 23:48:16 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\John\AppData\Local\Temp\scripttest.vbs2014-07-15 22:23:42 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys2014-07-15 22:22:46 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server3.raptr.com2014-07-15 21:18:44 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server5.raptr.com2014-07-15 17:03:11 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server2.raptr.com2014-07-15 15:27:35 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server6.raptr.com2014-07-15 07:46:55 E73DEFA22FB39F931679296041C16B5C 104304693 ----a-w- C:\Users\John\Downloads\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip2014-07-15 05:23:53 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server8.raptr.com2014-07-15 05:15:41 8C3C73B2287D15AD508BA3B78185EAC3 18619 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip2014-07-15 03:31:27 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server7.raptr.com2014-07-14 23:38:05 DEA4703BF33F6F49E78D54B118E8BBCF 14416 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\XEW\Binaries\Win32\XComGame.com2014-07-14 21:27:58 DEA4703BF33F6F49E78D54B118E8BBCF 14416 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.com2014-07-14 16:19:49 0E038984F0CC7AD51415E527D569A07B 2189 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\MapEditor\Content\GameObjects\UserCreated\as.xml.zip2014-07-14 16:19:48 2CEAEB04EEAB5E35294CE20DA0F44120 946 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\MapEditor\Content\GameObjects\UserCreated\sssss.xml.zip2014-07-12 16:00:40 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server4.raptr.com2014-07-09 21:03:18 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\System32\win32k.sys2014-07-09 21:03:10 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\System32\drivers\afd.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2551759079-2592656266-3710109343-1000\Software\Microsoft\Windows\CurrentVersion\Run]"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun""Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup""MxDock"="C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe""HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r""Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe""Turbo Key"="C:\Program Files\ASUS\Turbo Key\TurboKey.exe""StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun""Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe""iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe""bncsaui.exe"="%ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun""Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup""MxDock"="C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe""HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Folders ====================== 2014-02-13 03:27:20 0 ----a-w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip2014-02-14 19:17:00 967 ----a-w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/08/2014 16:38]C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2014 19:47]C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2014 19:47] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\ASUS\ASUS RegRun Loader" [C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe]"C:\Windows\SysNative\tasks\ASUS\ASUS SIX Engine" [C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe]"C:\Windows\SysNative\tasks\ASUS\ASUS Update Checker" [C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe] ==== Chrome Look ====================== BTTV - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgpedGoogle Drive - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalfGoogle Voice Search Hotword (Beta) - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfnYouTube - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoLast updated at time on date - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddbGoogle Search - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfimgur Extension by Metronomik - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlaoFrankerFaceZ - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmiebStylish - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffeGoogle Wallet - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaChecker Plus for Gmail™ - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemjAudio Converter - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipgaGmail - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaediaLuna Theme - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmhihobegibbfdeogahppfhmbfmbjann ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com""Search Page"="http://www.google.com""Search Bar"="http://www.google.com"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com""Search Page"="http://www.google.com""Search Bar"="http://www.google.com""Start Page Redirect Cache"="http://www.google.com"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com""Search Page"="http://www.google.com""Search Bar"="http://www.google.com""Start Page Redirect Cache"="http://www.google.com"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]No DefaultScope Set For HKCU New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896""Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896""Start Page"="http://www.google.com"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896""Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896""Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157""Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896""Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896""Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157""Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" ==== Reset Google Chrome ====================== C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rO4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunO4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunO4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startupO4 - HKCU\..\Run: [MxDock] C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exeO4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: CurseClientStartup.ccipO4 - Startup: Steam.lnk = C:\Program Files (x86)\Steam\Steam.exeO8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htmO8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htmO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeO23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exeO23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=34 folders=37 35489965 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\John\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\John\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied Zoek.exe v5.0.0.0 Updated 15-07-2014Tool run by John on Tue 07/15/2014 at 19:49:11.56.Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\John\Desktop\zoek.com [scan all users] [script inserted] ==== System Restore Info ====================== 7/15/2014 19:49:58 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfullyC:\PROGRA~3\ASUS OC Profiles deleted successfullyC:\PROGRA~3\Oracle deleted successfullyC:\Users\John\AppData\Roaming\Malwarebytes deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exeC:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exeC:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeC:\ASUS.SYS\config\DVMExportService.exeC:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exeC:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exeC:\Program Files\ASUS\Turbo Key\TurboKey.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\PROGRA~2\Raptr\raptr.exeC:\PROGRA~2\Raptr\raptr_im.exeC:\Windows\SysWOW64\WinMsgBalloonServer.exeC:\Windows\SysWOW64\WinMsgBalloonClient.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deletedC:\Users\John\Searches deleted ==== System Specs ====================== Windows: Windows XP Professional Service Pack 2 (Build 2600)Memory (RAM): 6144 MBCPU Info: AMD Phenom 9850 Quad-Core ProcessorCPU Speed: 2508.4 MHzSound Card: Speakers (VIA High Definition A | SPDIF Interface (TX1) (VIA High | SPDIF Interface (TX0) (VIA High | Digital Audio (S/PDIF) (2- High | Display Adapters: AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display DriverMonitors: 2x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bitNetwork: Network PresentNetwork Adapters: Realtek PCIe GBE Family ControllerCD / DVD Drives: No optical drives found.Ports: COM1 LPT1Mouse: 7 Button Wheel Mouse PresentHard Disks: C: 1397.2GBHard Disks - Free: C: 752.0GBManufacturer *: American Megatrends Inc.BIOS Info: AT/AT COMPATIBLE | 04/14/10 | ACRSYS - 20100414Time Zone: Eastern Standard TimeMotherboard *: ASUSTeK Computer INC. M4A785-MCountry: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Anti-Spyware: Microsoft Security Essentials disabled (Outdated)Default Browser: Google Chrome 35.0.1916.153Internet Explorer Version: 11.0.9600.17207 Google Chrome version: 35.0.1916.153Adobe Reader version: 9.1.0.2009022700Sun Java version: 1.7.0_60 (64-bit) Flash Player version: 14.0.0.145 ==== Files Recently Created / Modified ====================== ====== C:\Windows ========== C:\Users\John\AppData\Local\Temp ========== Java Cache =========== C:\Windows\SysWOW64 =====2014-07-09 21:03:17 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe2014-07-09 21:03:11 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll2014-07-09 21:03:06 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll2014-07-09 21:03:06 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll2014-07-09 21:03:06 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-09 21:03:05 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-09 21:03:05 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll2014-07-09 21:03:05 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll2014-07-09 21:03:05 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\SysWOW64\urlmon.dll2014-07-09 21:03:04 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll2014-07-09 21:03:04 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\SysWOW64\mshtml.dll2014-07-09 21:03:03 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll2014-07-09 21:03:03 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl2014-07-09 21:03:03 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb2014-07-09 21:03:02 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll2014-07-09 21:03:02 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll2014-07-09 21:03:01 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\SysWOW64\ieui.dll2014-07-09 21:03:01 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll2014-07-09 21:03:01 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll2014-07-09 21:03:00 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\SysWOW64\ieframe.dll2014-07-09 21:02:58 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-09 21:02:58 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll2014-07-09 21:02:58 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe2014-07-09 21:02:57 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\SysWOW64\wininet.dll2014-07-09 21:02:57 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll2014-07-09 21:02:57 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll2014-07-09 21:02:57 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll2014-07-09 21:02:57 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll2014-07-09 21:02:33 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll2014-07-09 21:02:33 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll====== C:\Windows\SysWOW64\drivers =========== C:\Windows\Sysnative =====2014-07-15 05:15:57 80DD24235A7E13AFC9E9EBC55ACE1ACF 313256 ----a-w- C:\Windows\Sysnative\javaws.exe2014-07-15 05:15:54 B139EECAC4B3B43949FA0E2EDB66B905 111016 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll2014-07-15 05:15:54 75F20BEDF6B95AA316C08D9D3F247692 189352 ----a-w- C:\Windows\Sysnative\java.exe2014-07-15 05:15:54 22AEEB5D70AFF7C6CB43D16E6F5E2FFF 189352 ----a-w- C:\Windows\Sysnative\javaw.exe2014-07-09 21:03:18 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys2014-07-09 21:03:16 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe2014-07-09 21:03:12 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll2014-07-09 21:03:06 FC50DF22550C565DD096ACFAF18A37ED 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll2014-07-09 21:03:06 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb2014-07-09 21:03:05 C2F62DF01E3552DB0571FEF4D514675B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll2014-07-09 21:03:05 C0F9F52C36E584C0339406ABF6DA1FBA 266424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll2014-07-09 21:03:05 5E646AD50848A409291418B5759595B9 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll2014-07-09 21:03:03 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll2014-07-09 21:03:02 391D68668CFC061F26BE593A61F745E0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll2014-07-09 21:03:01 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll2014-07-09 21:03:01 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe2014-07-09 21:03:01 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\Windows\Sysnative\dxtmsft.dll2014-07-09 21:03:00 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe2014-07-09 21:02:59 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll2014-07-09 21:02:59 7469D4E046BD7D155CAC2697BD28B58B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll2014-07-09 21:02:59 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl2014-07-09 21:02:57 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll2014-07-09 21:02:56 854C5F171F5CEE272232AC0286F3B3B9 598016 ----a-w- C:\Windows\Sysnative\ieui.dll2014-07-09 21:02:56 797E36BAD01FD7C8F0FB92E86A9E01D7 13527040 ----a-w- C:\Windows\Sysnative\ieframe.dll2014-07-09 21:02:56 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll2014-07-09 21:02:55 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe2014-07-09 21:02:55 945FA19B388FCF0FEA6124B5FD71C72F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll2014-07-09 21:02:55 50FF2DD806CC6CF3B3F98F9A1A711603 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll2014-07-09 21:02:55 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll2014-07-09 21:02:54 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll2014-07-09 21:02:54 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\Windows\Sysnative\jscript9.dll2014-07-09 21:02:54 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll2014-07-09 21:02:54 00401347C3BC466E5F2516387EBBCA7D 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll2014-07-09 21:02:53 F876957CA193B20A21D52F91418657D7 195584 ----a-w- C:\Windows\Sysnative\msrating.dll2014-07-09 21:02:53 89A53CDE0DA5680AF48A181D82C752CA 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll2014-07-09 21:02:52 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\Windows\Sysnative\mshtml.dll2014-07-09 21:02:52 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe2014-07-09 21:02:35 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll====== C:\Windows\Sysnative\drivers =====2014-07-15 22:23:42 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\48230029.sys2014-07-09 21:03:10 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys2014-06-26 00:56:05 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys2014-06-26 00:55:43 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys2014-06-26 00:55:43 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys====== C:\Windows\Tasks ======2014-07-15 23:48:58 E3C8B1C8494F59562D76092776A87302 3100 ----a-w- C:\Windows\Sysnative\Tasks\{04049363-B53F-4733-8DB7-044094010B7F}====== C:\Windows\Temp ============= C:\Program Files =====2014-07-15 05:15:31 -------- d-----w- C:\Program Files\Java2014-07-09 20:52:56 -------- d-----w- C:\Program Files\iPod2014-07-09 20:52:55 -------- d-----w- C:\Program Files\iTunes======= C:\PROGRA~2 =====2014-07-13 05:57:11 -------- d-----w- C:\PROGRA~2\Warcraft III2014-07-09 20:52:55 -------- d-----w- C:\PROGRA~2\iTunes2014-07-03 02:27:30 -------- d-----w- C:\PROGRA~2\Twitter2014-06-21 06:50:20 -------- d-----w- C:\PROGRA~2\VTFEdit======= C: =========== C:\Users\John\AppData\Roaming ======2014-07-15 07:58:29 -------- d-sh--w- C:\Users\John\AppData\Local\EmieUserList2014-07-15 07:58:29 -------- d-sh--w- C:\Users\John\AppData\Local\EmieSiteList2014-07-10 05:55:00 -------- d-----w- C:\Users\John\AppData\Roaming\Yacht Club Games2014-07-03 02:27:45 -------- d-----w- C:\Users\John\AppData\Local\twitter2014-07-03 02:27:33 -------- d-----w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck2014-06-23 15:48:39 -------- d-----w- C:\Users\John\AppData\Roaming\Maxthon3====== C:\Users\John ======2014-07-15 22:16:23 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\John\Desktop\OTM.exe2014-07-15 21:53:38 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\John\Desktop\SystemLook_x64.exe2014-07-15 16:55:45 32EC56D740D3817B253B3B5C104C6ED8 2086912 ----a-w- C:\Users\John\Desktop\FRST64.exe2014-07-15 16:55:10 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\John\Desktop\JRT.exe2014-07-15 16:45:49 DB95B03031E66AC45495EDF1D16B8887 1348263 ----a-w- C:\Users\John\Desktop\AdwCleaner.exe2014-07-15 07:48:30 E1263309FB4AA7F83E7E67FBEA6A59F4 890744 ----a-w- C:\Users\John\Downloads\amddriverdownloader.exe2014-07-15 05:13:59 8970C0476E96E4B9ABF074C93307E924 30984104 ----a-w- C:\Users\John\Downloads\jre-7u60-windows-x64.exe2014-07-13 05:57:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III2014-07-13 05:41:57 1D74B60E80A1939911BABABF27B49349 1172376 ----a-w- C:\Users\John\Warcraft III 1.21b TFT Installer enUS\Installer.exe2014-07-13 05:41:57 -------- d-----w- C:\Users\John\Warcraft III 1.21b TFT Installer enUS2014-07-13 05:41:37 33D0CB7A9E784AA523E2A3CC418E945E 2687056 ----a-w- C:\Users\John\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe2014-07-13 05:40:54 7A74B8D767E43FB0742DD0C145A90101 1172376 ----a-w- C:\Users\John\Warcraft III 1.21b ROC Installer enUS\Installer.exe2014-07-13 05:40:54 -------- d-----w- C:\Users\John\Warcraft III 1.21b ROC Installer enUS2014-07-13 05:40:26 9736C50D06A950ABE29BABFF17E8FA87 2693589 ----a-w- C:\Users\John\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe2014-07-09 20:54:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-09 20:52:55 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-06 15:56:40 6F8ED99945D5B5406B717BDE754DAE0C 1455528 ----a-w- C:\Users\John\Downloads\SystemCheck_enUS.exe2014-06-21 06:50:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit ====== C: exe-files ==2014-07-15 05:15:41 B5C895A0CE2252C2BE13E4DB60059A67 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe2014-07-15 05:15:41 50D36E49C4FCF2F0936E55FC64F2C20A 180648 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe2014-07-15 05:15:40 C8846A5A7613B2B9BFF678182A9B3676 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe2014-07-15 05:15:40 66567DB2EDB5396F7839687F48CD9D6A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe2014-07-15 05:15:40 4E41FB38C3CE8A907F574217061B43DB 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe2014-07-15 05:15:40 4E40EEF592340030DE0FB62532238FD4 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe2014-07-15 05:15:40 354A7C881CC32CD63314B0BA7AA8DA24 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe2014-07-15 05:15:40 0A7264A972A49FDBE00B4431DC2B101E 64424 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe2014-07-15 05:15:40 0648CE22986703A3618C2F60D2B34EAC 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe2014-07-15 05:15:39 FEAEFB0DFC2A55F5E3670CFFD97B12E3 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe2014-07-15 05:15:39 DEB108631ED814878B4D0F8F66BA7D54 67496 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe2014-07-15 05:15:39 80DD24235A7E13AFC9E9EBC55ACE1ACF 313256 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe2014-07-15 05:15:39 6FC165F778DC7E3A0C573A555CAD5EE4 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe2014-07-15 05:15:39 63943EF8CDC05D71AA3EDEFF14A8BA43 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe2014-07-15 05:15:39 22AEEB5D70AFF7C6CB43D16E6F5E2FFF 189352 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe2014-07-15 05:15:39 1EE4BEAA034A42AA91DD4ACB71800E97 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe2014-07-15 05:15:38 B6FE60CC39FC7CB597FBA0EB0A91AA97 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe2014-07-15 05:15:38 AF463A23D7F45C297BC7F0CF9AAE5C2F 76200 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe2014-07-15 05:15:38 75F20BEDF6B95AA316C08D9D3F247692 189352 ----a-w- C:\Program Files\Java\jre7\bin\java.exe2014-07-15 05:15:38 5AD390906C2F6B84B93877E8DC30707E 55720 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe2014-07-13 05:57:11 D3C14AB1D76CC88E131BA31667326A68 397312 ----a-w- C:\Program Files (x86)\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe2014-07-09 23:51:45 DFAA288E67F98A2FDB9BD3C2F10C1CEA 2478592 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe2014-07-09 23:51:45 C9D9EEBCCEF20D637F193490CEC05E79 10274136 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\vcredist\2010\vcredist_x64.exe2014-07-09 23:51:45 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\DirectX\Jun2010\DXSETUP.exe2014-07-09 23:51:45 1801436936E64598BAB5B87B37DC7F87 8990552 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\vcredist\2010\vcredist_x86.exe2014-07-09 21:03:17 20235ED4653CFDDCDEF721F5126A1C47 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe2014-07-09 21:03:14 89D2706FCD45E33CECFBD46BCBAD7E16 10240 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe2014-07-09 21:03:05 61FF1A9683EDD471797FE0F56057FD09 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe2014-07-09 21:03:05 24868C9D422EDB5B249C0C81B01A0C19 810160 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe2014-07-09 21:03:03 CD900EFB4F8946A2BB1950D9F45915C2 812216 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe2014-07-09 21:03:03 65D0ECD485C8605B07C8338708224818 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe2014-07-09 21:03:03 2168067C03FADB690B77633104A2E64B 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe2014-07-09 21:02:59 8395829B1CE9E11C6441753257DC7591 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe2014-07-09 20:42:49 B3F5836DDD18A9665C188F1C63BF4B35 9786416 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.4826\Battle.net.exe=== C: other files ==2014-07-15 23:48:16 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\John\AppData\Local\Temp\scripttest.vbs2014-07-15 22:23:42 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys2014-07-15 22:22:46 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server3.raptr.com2014-07-15 21:18:44 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server5.raptr.com2014-07-15 17:03:11 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server2.raptr.com2014-07-15 15:27:35 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server6.raptr.com2014-07-15 07:46:55 E73DEFA22FB39F931679296041C16B5C 104304693 ----a-w- C:\Users\John\Downloads\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip2014-07-15 05:23:53 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server8.raptr.com2014-07-15 05:15:41 8C3C73B2287D15AD508BA3B78185EAC3 18619 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip2014-07-15 03:31:27 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server7.raptr.com2014-07-14 23:38:05 DEA4703BF33F6F49E78D54B118E8BBCF 14416 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\XEW\Binaries\Win32\XComGame.com2014-07-14 21:27:58 DEA4703BF33F6F49E78D54B118E8BBCF 14416 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.com2014-07-14 16:19:49 0E038984F0CC7AD51415E527D569A07B 2189 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\MapEditor\Content\GameObjects\UserCreated\as.xml.zip2014-07-14 16:19:48 2CEAEB04EEAB5E35294CE20DA0F44120 946 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\MapEditor\Content\GameObjects\UserCreated\sssss.xml.zip2014-07-12 16:00:40 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server4.raptr.com2014-07-09 21:03:18 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\System32\win32k.sys2014-07-09 21:03:10 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\System32\drivers\afd.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2551759079-2592656266-3710109343-1000\Software\Microsoft\Windows\CurrentVersion\Run]"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun""Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup""MxDock"="C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe""HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r""Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe""Turbo Key"="C:\Program Files\ASUS\Turbo Key\TurboKey.exe""StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun""Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe""iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe""bncsaui.exe"="%ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun""Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup""MxDock"="C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe""HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Folders ====================== 2014-02-13 03:27:20 0 ----a-w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip2014-02-14 19:17:00 967 ----a-w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/08/2014 16:38]C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2014 19:47]C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2014 19:47] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\ASUS\ASUS RegRun Loader" [C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe]"C:\Windows\SysNative\tasks\ASUS\ASUS SIX Engine" [C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe]"C:\Windows\SysNative\tasks\ASUS\ASUS Update Checker" [C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe] ==== Chrome Look ====================== BTTV - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgpedGoogle Drive - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalfGoogle Voice Search Hotword (Beta) - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfnYouTube - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoLast updated at time on date - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddbGoogle Search - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfimgur Extension by Metronomik - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlaoFrankerFaceZ - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmiebStylish - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffeGoogle Wallet - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaChecker Plus for Gmail™ - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemjAudio Converter - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipgaGmail - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaediaLuna Theme - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmhihobegibbfdeogahppfhmbfmbjann
  3. It says it is still there :/ Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/15/2014Scan Time: 19:17:40Logfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.15.15Rootkit Database: v2014.07.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: John Scan Type: Threat ScanResult: CompletedObjects Scanned: 278602Time Elapsed: 15 min, 21 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=",), Replaced,[15c6a4fb651692a4b17418ba4fb56b95] Physical Sectors: 0(No malicious items detected) (end)
  4. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/15/2014 Scan Time: 18:59:12 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.15.15 Rootkit Database: v2014.07.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: John Scan Type: Threat Scan Result: Completed Objects Scanned: 278499 Time Elapsed: 13 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=",), Replaced,[fbe0b9e67902c5715bcab61c1ce829d7] Physical Sectors: 0 (No malicious items detected) (end)
  5. A weird thing I noticed after I ran Malwarebytes is that every time It has found the PUP.conduit the default action is for it to be ignored once. is that normal? All processes killed ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 not found. ========== FILES ========== LoadLibrary failed for C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\John\Desktop\cmd.bat deleted successfully. C:\Users\John\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 57311 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: John ->Temp folder emptied: 3019376 bytes ->Temporary Internet Files folder emptied: 310839788 bytes ->Java cache emptied: 3736720 bytes ->Google Chrome cache emptied: 361043444 bytes ->Flash cache emptied: 84364 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 53440979 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43282603 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 740.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 07152014_181753 Files moved on Reboot... C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File C:\Windows\temp\hsperfdata_JOHN-PC$\1968 not found! Registry entries deleted on Reboot... Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/15/2014 Scan Time: 18:24:15 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.15.14 Rootkit Database: v2014.07.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: John Scan Type: Threat Scan Result: Completed Objects Scanned: 278369 Time Elapsed: 12 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=",), No Action By User,[22b8a2fdc6b536009f61ca08956f9070] Physical Sectors: 0 (No malicious items detected) (end)
  6. Okay, here is the log SystemLook 30.07.11 by jpshortstuffLog created at 17:54 on 15/07/2014 by JohnAdministrator - Elevation successful ========== regfind ========== Searching for "conduit"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]"2D6317878F0F5264AAF3277D97A58C24"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll" Searching for "*conduit*"No data found. -= EOF =-
  7. I ran Adwcleaner again and it removed the same Registry key and chrome settings as before # AdwCleaner v3.215 - Report created 15/07/2014 at 17:14:16# Updated 09/07/2014 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : John - JOHN-PC# Running from : C:\Users\John\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\Software\DeviceVM ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushplDeleted [search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=naruto&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV= ************************* AdwCleaner[R0].txt - [942 octets] - [23/03/2014 20:33:41]AdwCleaner[R1].txt - [1117 octets] - [15/07/2014 12:46:33]AdwCleaner[R2].txt - [1235 octets] - [15/07/2014 16:42:10]AdwCleaner[R3].txt - [1356 octets] - [15/07/2014 17:13:33]AdwCleaner[s0].txt - [1008 octets] - [23/03/2014 20:35:58]AdwCleaner[s1].txt - [1648 octets] - [15/07/2014 12:48:14]AdwCleaner[s2].txt - [1766 octets] - [15/07/2014 16:43:06]AdwCleaner[s3].txt - [1746 octets] - [15/07/2014 17:14:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1806 octets] ##########
  8. The weird thing is the default was never Conduit. It has always gone to what I've set it to which is YouTube. That's why I'm sort of worried that it detects Conduit as my default homepage.
  9. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014Ran by John at 2014-07-15 16:40:50 Run:1Running from C:\Users\John\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************StartHKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\MountPoints2: {7c1a8b65-9455-11e3-a497-806e6f6e6963} - D:\Bin\assetup.exeHosts: Hosts file not detected in the default directoryC:\Users\John\jagex_cl_oldschool_LIVE.datC:\Users\John\random.datC:\Users\John\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exeC:\Users\John\AppData\Local\Temp\Quarantine.exeEnd***************** 'HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c1a8b65-9455-11e3-a497-806e6f6e6963}' => Key deleted successfully.'HKCR\CLSID\{7c1a8b65-9455-11e3-a497-806e6f6e6963}'=> Key not found.Hosts was reset successfully.C:\Users\John\jagex_cl_oldschool_LIVE.dat => Moved successfully.C:\Users\John\random.dat => Moved successfully.C:\Users\John\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe => Moved successfully.C:\Users\John\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ==== and AdwCleaner # AdwCleaner v3.215 - Report created 15/07/2014 at 16:43:06# Updated 09/07/2014 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : John - JOHN-PC# Running from : C:\Users\John\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\Software\DeviceVM ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushplDeleted [search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=naruto&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV= ************************* AdwCleaner[R0].txt - [942 octets] - [23/03/2014 20:33:41]AdwCleaner[R1].txt - [1117 octets] - [15/07/2014 12:46:33]AdwCleaner[R2].txt - [1235 octets] - [15/07/2014 16:42:10]AdwCleaner[s0].txt - [1008 octets] - [23/03/2014 20:35:58]AdwCleaner[s1].txt - [1648 octets] - [15/07/2014 12:48:14]AdwCleaner[s2].txt - [1626 octets] - [15/07/2014 16:43:06] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1686 octets] ########## I think Adwcleaner deleted the conduit search homepage before, I also know conduit is a browser hijacker; is that the source of the problem most likely?
  10. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/15/2014Scan Time: 12:54:34Logfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.15.09Rootkit Database: v2014.07.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: John Scan Type: Threat ScanResult: CompletedObjects Scanned: 278338Time Elapsed: 13 min, 12 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=",), Replaced,[b025128db2c959dd1f3db819bd47f907] Physical Sectors: 0(No malicious items detected) (end) here is the AdwCleaner log # AdwCleaner v3.215 - Report created 15/07/2014 at 12:48:14# Updated 09/07/2014 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : John - JOHN-PC# Running from : C:\Users\John\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\Software\DeviceVM ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushplDeleted [search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=naruto&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV= ************************* AdwCleaner[R0].txt - [942 octets] - [23/03/2014 20:33:41]AdwCleaner[R1].txt - [1117 octets] - [15/07/2014 12:46:33]AdwCleaner[s0].txt - [1008 octets] - [23/03/2014 20:35:58]AdwCleaner[s1].txt - [1508 octets] - [15/07/2014 12:48:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1568 octets] ########## Here is JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Ultimate x64Ran by John on Tue 07/15/2014 at 13:12:10.84~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 07/15/2014 at 13:19:56.72End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ and finally Farbar Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014Ran by John (administrator) on JOHN-PC on 15-07-2014 13:21:10Running from C:\Users\John\DesktopPlatform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Curse) C:\Users\John\AppData\Local\Apps\2.0\GYGCPO5Z.910\40AN6Q20.PJA\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe() C:\Windows\SysWOW64\WinMsgBalloonServer.exe() C:\Windows\SysWOW64\WinMsgBalloonClient.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\System32\audiodg.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2763776 2009-10-27] (VIA)HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2627728 2012-09-24] (Bradford Networks)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-15] (Microsoft Corporation)HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-24] (Raptr, Inc)HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\Run: [MxDock] => C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exeHKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\MountPoints2: {7c1a8b65-9455-11e3-a497-806e6f6e6963} - D:\Bin\assetup.exeStartup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnkShortcutTarget: Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x69E59CB44C28CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usStartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM-x32 - DefaultScope value is missing.BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: Hosts file not detected in the default directoryTcpip\Parameters: [DhcpNameServer] 24.247.15.53 66.189.0.100 24.217.0.5 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=CHR StartupUrls: "https://www.youtube.com/feed/subscriptions"CHR Extension: (BetterTTV) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-07-15]CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-15]CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-15]CHR Extension: (CIRC) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebigdkelppomhhjaaianniiifjbgocn [2014-07-15]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-15]CHR Extension: (4chan X) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl [2014-07-15]CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-15]CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-15]CHR Extension: (imgur Extension by Metronomik) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2014-07-15]CHR Extension: (FrankerFaceZ) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2014-07-15]CHR Extension: (Stylish) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-07-15]CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2014-07-15]CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-12]CHR Extension: (Checker Plus for Gmail™) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-07-15]CHR Extension: (Audio Converter) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2014-07-15]CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-15]CHR Extension: (Luna Theme ) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmhihobegibbfdeogahppfhmbfmbjann [2014-07-15] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-09-24] (Bradford Networks)R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed]R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.) ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-10] (Windows ® Codename Longhorn DDK provider)R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-15 13:21 - 2014-07-15 13:21 - 00014950 _____ () C:\Users\John\Desktop\FRST.txt2014-07-15 13:21 - 2014-07-15 13:21 - 00000000 ____D () C:\FRST2014-07-15 13:19 - 2014-07-15 13:19 - 00000628 _____ () C:\Users\John\Desktop\JRT.txt2014-07-15 13:11 - 2014-07-15 13:11 - 00001648 _____ () C:\Users\John\Desktop\AdwCleaner[s1].txt2014-07-15 13:10 - 2014-07-15 13:10 - 00001384 _____ () C:\Users\John\Desktop\MBAM.txt2014-07-15 12:55 - 2014-07-15 12:55 - 02086912 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe2014-07-15 12:55 - 2014-07-15 12:55 - 01016261 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe2014-07-15 12:45 - 2014-07-15 12:45 - 01348263 _____ () C:\Users\John\Desktop\AdwCleaner.exe2014-07-15 03:58 - 2014-07-15 03:58 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieUserList2014-07-15 03:58 - 2014-07-15 03:58 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieSiteList2014-07-15 03:48 - 2014-07-15 03:48 - 00890744 _____ (AMD) C:\Users\John\Downloads\amddriverdownloader.exe2014-07-15 03:46 - 2014-07-15 03:47 - 104304693 _____ () C:\Users\John\Downloads\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip2014-07-15 01:15 - 2014-07-15 01:15 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-15 01:15 - 2014-07-15 01:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-15 01:15 - 2014-07-15 01:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-15 01:15 - 2014-07-15 01:15 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2014-07-15 01:15 - 2014-07-15 01:15 - 00000000 ____D () C:\Program Files\Java2014-07-15 01:13 - 2014-07-15 01:14 - 30984104 _____ (Oracle Corporation) C:\Users\John\Downloads\jre-7u60-windows-x64.exe2014-07-14 23:15 - 2014-07-14 23:15 - 00275624 _____ () C:\Windows\Minidump\071414-23790-01.dmp2014-07-14 01:19 - 2014-07-14 01:19 - 00275624 _____ () C:\Windows\Minidump\071414-26863-01.dmp2014-07-13 01:59 - 2014-07-13 02:00 - 00001098 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk2014-07-13 01:57 - 2014-07-13 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III2014-07-13 01:57 - 2014-07-13 02:00 - 00000000 ____D () C:\Program Files (x86)\Warcraft III2014-07-13 01:57 - 2014-07-13 01:57 - 00001053 _____ () C:\Users\Public\Desktop\Warcraft III.lnk2014-07-13 01:41 - 2014-07-13 01:58 - 00000000 ____D () C:\Users\John\Warcraft III 1.21b TFT Installer enUS2014-07-13 01:41 - 2014-07-13 01:41 - 02687056 _____ (Blizzard Entertainment) C:\Users\John\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe2014-07-13 01:40 - 2014-07-13 01:55 - 00000000 ____D () C:\Users\John\Warcraft III 1.21b ROC Installer enUS2014-07-13 01:40 - 2014-07-13 01:40 - 02693589 _____ (Blizzard Entertainment) C:\Users\John\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe2014-07-10 01:55 - 2014-07-10 01:55 - 00000000 ____D () C:\Users\John\AppData\Roaming\Yacht Club Games2014-07-09 17:03 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-09 17:03 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-09 17:03 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-09 17:03 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-09 17:03 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-09 17:03 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-09 17:03 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-09 17:03 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-09 17:03 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-09 17:03 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-09 17:03 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-09 17:03 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-09 17:03 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-09 17:03 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-09 17:03 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-09 17:03 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-09 17:03 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-09 17:03 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-09 17:03 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-09 17:03 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-09 17:03 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-09 17:03 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-09 17:03 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-09 17:03 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-09 17:03 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-09 17:03 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-09 17:03 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-09 17:03 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-09 17:03 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-09 17:03 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-09 17:03 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-09 17:03 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-09 17:03 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-09 17:03 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-09 17:03 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-09 17:02 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-09 17:02 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-09 17:02 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-09 17:02 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-09 17:02 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-09 17:02 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-09 17:02 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-09 17:02 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-09 17:02 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-09 17:02 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-09 17:02 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-09 17:02 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-09 17:02 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-09 17:02 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-09 17:02 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-09 17:02 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-09 17:02 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-09 17:02 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-09 17:02 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-09 17:02 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-09 17:02 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-09 17:02 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-09 17:02 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-09 17:02 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-09 17:02 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-09 17:02 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-09 17:02 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-09 17:02 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-09 17:02 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-09 17:02 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-09 16:54 - 2014-07-09 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-09 16:52 - 2014-07-09 16:54 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-09 16:52 - 2014-07-09 16:54 - 00000000 ____D () C:\Program Files\iTunes2014-07-09 16:52 - 2014-07-09 16:54 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-09 16:52 - 2014-07-09 16:52 - 00000000 ____D () C:\Program Files\iPod2014-07-08 00:34 - 2014-07-08 00:38 - 00000000 ____D () C:\Users\John\Downloads\zsnesw1512014-07-08 00:34 - 2014-07-08 00:34 - 00867785 _____ () C:\Users\John\Downloads\zsnesw151.zip2014-07-08 00:33 - 2014-07-08 00:33 - 00923454 _____ () C:\Users\John\Downloads\Megaman X.zip2014-07-08 00:33 - 2014-07-08 00:33 - 00000000 ____D () C:\Users\John\Downloads\Megaman X2014-07-06 11:56 - 2014-07-06 11:56 - 01455528 _____ () C:\Users\John\Downloads\SystemCheck_enUS.exe2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Users\John\AppData\Local\twitter2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Twitter2014-07-02 22:26 - 2014-07-02 22:26 - 29261824 _____ () C:\Users\John\Downloads\TweetDeck.msi2014-06-26 20:40 - 2014-07-01 01:46 - 00000000 ____D () C:\Users\John\Desktop\Backup2014-06-26 20:40 - 2014-06-26 20:40 - 00001864 _____ () C:\Users\John\Desktop\437 - Shortcut.lnk2014-06-26 17:39 - 2014-07-04 14:42 - 00000000 ____D () C:\Users\John\Documents\Assassin's Creed IV Black Flag2014-06-26 13:52 - 2014-06-26 13:52 - 00000222 _____ () C:\Users\John\Desktop\Assassin's Creed IV Black Flag.url2014-06-25 20:56 - 2014-07-15 12:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-25 20:55 - 2014-06-25 20:55 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-25 20:55 - 2014-06-25 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-25 20:55 - 2014-06-25 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-25 20:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-25 20:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-06-23 19:03 - 2014-06-23 19:03 - 00850340 _____ () C:\Users\John\Downloads\OCD pack 1.7.2.zip2014-06-23 11:48 - 2014-06-23 11:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\Maxthon32014-06-23 11:47 - 2014-06-23 11:47 - 01505096 _____ (Maxthon International ltd.) C:\Users\John\Downloads\mxsetup.exe2014-06-21 19:32 - 2014-06-21 19:32 - 00000000 ____D () C:\Users\John\Documents\TecmoKoei2014-06-21 02:54 - 2014-06-21 02:54 - 00000000 ____D () C:\Users\John\Desktop\Stuff2014-06-21 02:50 - 2014-06-21 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit2014-06-21 02:50 - 2014-06-21 02:50 - 00000000 ____D () C:\Program Files (x86)\VTFEdit2014-06-21 02:49 - 2014-06-21 02:50 - 00852049 _____ (Neil Jedrzejewski & Ryan Gregg ) C:\Users\John\Downloads\vtfedit125-11.exe2014-06-18 21:00 - 2014-06-18 21:00 - 00000000 ____D () C:\Users\John\Downloads\Tinted Glass 1.02014-06-18 20:58 - 2014-06-18 20:59 - 64343718 _____ () C:\Users\John\Downloads\Tinted Glass 1.0.zip ==================== One Month Modified Files and Folders ======= 2014-07-15 13:21 - 2014-07-15 13:21 - 00014950 _____ () C:\Users\John\Desktop\FRST.txt2014-07-15 13:21 - 2014-07-15 13:21 - 00000000 ____D () C:\FRST2014-07-15 13:19 - 2014-07-15 13:19 - 00000628 _____ () C:\Users\John\Desktop\JRT.txt2014-07-15 13:11 - 2014-07-15 13:11 - 00001648 _____ () C:\Users\John\Desktop\AdwCleaner[s1].txt2014-07-15 13:11 - 2014-02-12 22:14 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype2014-07-15 13:10 - 2014-07-15 13:10 - 00001384 _____ () C:\Users\John\Desktop\MBAM.txt2014-07-15 13:09 - 2014-02-12 19:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-15 13:09 - 2009-07-14 00:51 - 00296596 _____ () C:\Windows\setupact.log2014-07-15 12:59 - 2014-02-12 20:10 - 00000012 ____H () C:\dvmexp.idx2014-07-15 12:59 - 2009-07-14 00:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-15 12:59 - 2009-07-14 00:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-15 12:56 - 2014-02-12 22:26 - 01416301 _____ () C:\Windows\WindowsUpdate.log2014-07-15 12:55 - 2014-07-15 12:55 - 02086912 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe2014-07-15 12:55 - 2014-07-15 12:55 - 01016261 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe2014-07-15 12:54 - 2014-06-25 20:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-15 12:53 - 2014-02-12 22:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\Raptr2014-07-15 12:52 - 2014-02-12 19:47 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment2014-07-15 12:50 - 2014-02-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Steam2014-07-15 12:50 - 2014-02-12 19:47 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-15 12:49 - 2014-02-12 21:45 - 00043044 _____ () C:\Windows\PFRO.log2014-07-15 12:49 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-15 12:48 - 2014-03-23 20:33 - 00000000 ____D () C:\AdwCleaner2014-07-15 12:47 - 2014-02-12 22:09 - 00000000 ____D () C:\Users\John\AppData\Local\Battle.net2014-07-15 12:45 - 2014-07-15 12:45 - 01348263 _____ () C:\Users\John\Desktop\AdwCleaner.exe2014-07-15 12:38 - 2014-04-12 12:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-15 03:58 - 2014-07-15 03:58 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieUserList2014-07-15 03:58 - 2014-07-15 03:58 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieSiteList2014-07-15 03:58 - 2014-02-12 23:08 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies2014-07-15 03:48 - 2014-07-15 03:48 - 00890744 _____ (AMD) C:\Users\John\Downloads\amddriverdownloader.exe2014-07-15 03:47 - 2014-07-15 03:46 - 104304693 _____ () C:\Users\John\Downloads\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip2014-07-15 03:16 - 2014-02-14 19:14 - 00000000 ____D () C:\Users\John\Documents\My Games2014-07-15 03:15 - 2014-02-13 00:18 - 00321612 _____ () C:\Windows\DirectX.log2014-07-15 01:18 - 2014-03-31 21:28 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool2014-07-15 01:15 - 2014-07-15 01:15 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-15 01:15 - 2014-07-15 01:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-15 01:15 - 2014-07-15 01:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-15 01:15 - 2014-07-15 01:15 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2014-07-15 01:15 - 2014-07-15 01:15 - 00000000 ____D () C:\Program Files\Java2014-07-15 01:14 - 2014-07-15 01:13 - 30984104 _____ (Oracle Corporation) C:\Users\John\Downloads\jre-7u60-windows-x64.exe2014-07-15 01:09 - 2014-03-31 21:28 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe2014-07-14 23:27 - 2014-02-12 22:31 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS2014-07-14 23:27 - 2014-02-12 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS2014-07-14 23:23 - 2014-05-26 09:05 - 00106748 _____ () C:\Windows\DPINST.LOG2014-07-14 23:15 - 2014-07-14 23:15 - 00275624 _____ () C:\Windows\Minidump\071414-23790-01.dmp2014-07-14 23:15 - 2014-02-13 09:07 - 665376046 _____ () C:\Windows\MEMORY.DMP2014-07-14 23:15 - 2014-02-13 09:07 - 00000000 ____D () C:\Windows\Minidump2014-07-14 01:19 - 2014-07-14 01:19 - 00275624 _____ () C:\Windows\Minidump\071414-26863-01.dmp2014-07-13 02:00 - 2014-07-13 01:59 - 00001098 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk2014-07-13 02:00 - 2014-07-13 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III2014-07-13 02:00 - 2014-07-13 01:57 - 00000000 ____D () C:\Program Files (x86)\Warcraft III2014-07-13 01:58 - 2014-07-13 01:41 - 00000000 ____D () C:\Users\John\Warcraft III 1.21b TFT Installer enUS2014-07-13 01:57 - 2014-07-13 01:57 - 00001053 _____ () C:\Users\Public\Desktop\Warcraft III.lnk2014-07-13 01:55 - 2014-07-13 01:40 - 00000000 ____D () C:\Users\John\Warcraft III 1.21b ROC Installer enUS2014-07-13 01:41 - 2014-07-13 01:41 - 02687056 _____ (Blizzard Entertainment) C:\Users\John\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe2014-07-13 01:41 - 2014-02-12 22:26 - 00000000 ____D () C:\Users\John2014-07-13 01:40 - 2014-07-13 01:40 - 02693589 _____ (Blizzard Entertainment) C:\Users\John\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe2014-07-12 19:56 - 2014-02-12 22:26 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft2014-07-12 12:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-07-10 10:01 - 2009-07-14 00:45 - 00301016 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 09:59 - 2009-07-14 03:46 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 02:27 - 2014-02-12 21:37 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 02:25 - 2014-02-12 21:37 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-10 01:55 - 2014-07-10 01:55 - 00000000 ____D () C:\Users\John\AppData\Roaming\Yacht Club Games2014-07-09 16:54 - 2014-07-09 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-09 16:54 - 2014-07-09 16:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-09 16:54 - 2014-07-09 16:52 - 00000000 ____D () C:\Program Files\iTunes2014-07-09 16:54 - 2014-07-09 16:52 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-09 16:52 - 2014-07-09 16:52 - 00000000 ____D () C:\Program Files\iPod2014-07-09 16:43 - 2014-02-12 22:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-07-08 16:38 - 2014-04-12 12:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 16:38 - 2014-03-27 00:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-08 16:38 - 2014-03-27 00:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 00:38 - 2014-07-08 00:34 - 00000000 ____D () C:\Users\John\Downloads\zsnesw1512014-07-08 00:34 - 2014-07-08 00:34 - 00867785 _____ () C:\Users\John\Downloads\zsnesw151.zip2014-07-08 00:33 - 2014-07-08 00:33 - 00923454 _____ () C:\Users\John\Downloads\Megaman X.zip2014-07-08 00:33 - 2014-07-08 00:33 - 00000000 ____D () C:\Users\John\Downloads\Megaman X2014-07-06 11:56 - 2014-07-06 11:56 - 01455528 _____ () C:\Users\John\Downloads\SystemCheck_enUS.exe2014-07-04 14:42 - 2014-06-26 17:39 - 00000000 ____D () C:\Users\John\Documents\Assassin's Creed IV Black Flag2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Users\John\AppData\Local\twitter2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Twitter2014-07-02 22:26 - 2014-07-02 22:26 - 29261824 _____ () C:\Users\John\Downloads\TweetDeck.msi2014-07-01 13:10 - 2014-03-15 23:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone2014-07-01 01:46 - 2014-06-26 20:40 - 00000000 ____D () C:\Users\John\Desktop\Backup2014-06-26 20:40 - 2014-06-26 20:40 - 00001864 _____ () C:\Users\John\Desktop\437 - Shortcut.lnk2014-06-26 20:11 - 2014-05-06 19:51 - 00000000 ____D () C:\Users\John\AppData\Local\Ubisoft Game Launcher2014-06-26 13:52 - 2014-06-26 13:52 - 00000222 _____ () C:\Users\John\Desktop\Assassin's Creed IV Black Flag.url2014-06-26 10:55 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance2014-06-25 20:55 - 2014-06-25 20:55 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-25 20:55 - 2014-06-25 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-25 20:55 - 2014-06-25 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-25 20:55 - 2014-03-23 20:19 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes2014-06-25 20:55 - 2014-03-23 20:19 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-25 20:55 - 2014-03-23 20:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-06-25 13:06 - 2014-02-12 22:57 - 00000000 ____D () C:\Program Files (x86)\Raptr2014-06-23 19:03 - 2014-06-23 19:03 - 00850340 _____ () C:\Users\John\Downloads\OCD pack 1.7.2.zip2014-06-23 11:48 - 2014-06-23 11:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\Maxthon32014-06-23 11:47 - 2014-06-23 11:47 - 01505096 _____ (Maxthon International ltd.) C:\Users\John\Downloads\mxsetup.exe2014-06-22 16:26 - 2014-03-30 10:16 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc2014-06-21 20:01 - 2014-04-20 22:43 - 00000000 ____D () C:\Users\John\Downloads\Xpadder2014-06-21 19:32 - 2014-06-21 19:32 - 00000000 ____D () C:\Users\John\Documents\TecmoKoei2014-06-21 02:54 - 2014-06-21 02:54 - 00000000 ____D () C:\Users\John\Desktop\Stuff2014-06-21 02:51 - 2014-02-12 22:26 - 00000000 ____D () C:\Users\John\AppData\Local\VirtualStore2014-06-21 02:50 - 2014-06-21 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit2014-06-21 02:50 - 2014-06-21 02:50 - 00000000 ____D () C:\Program Files (x86)\VTFEdit2014-06-21 02:50 - 2014-06-21 02:49 - 00852049 _____ (Neil Jedrzejewski & Ryan Gregg ) C:\Users\John\Downloads\vtfedit125-11.exe2014-06-21 02:04 - 2014-02-12 19:47 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-21 02:04 - 2014-02-12 19:47 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-06-20 16:14 - 2014-07-09 17:03 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-06-20 15:39 - 2014-07-09 17:03 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-06-18 21:39 - 2014-07-09 17:02 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-18 21:06 - 2014-07-09 17:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-18 21:06 - 2014-07-09 17:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-06-18 21:00 - 2014-06-18 21:00 - 00000000 ____D () C:\Users\John\Downloads\Tinted Glass 1.02014-06-18 20:59 - 2014-06-18 20:58 - 64343718 _____ () C:\Users\John\Downloads\Tinted Glass 1.0.zip2014-06-18 20:48 - 2014-07-09 17:02 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-06-18 20:42 - 2014-07-09 17:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-06-18 20:42 - 2014-07-09 17:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-06-18 20:41 - 2014-07-09 17:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-06-18 20:41 - 2014-07-09 17:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-06-18 20:32 - 2014-07-09 17:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-06-18 20:31 - 2014-07-09 17:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-06-18 20:26 - 2014-07-09 17:02 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-06-18 20:24 - 2014-07-09 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-06-18 20:24 - 2014-07-09 17:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-06-18 20:23 - 2014-07-09 17:02 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-06-18 20:16 - 2014-07-09 17:03 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-18 20:14 - 2014-07-09 17:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-06-18 20:09 - 2014-07-09 17:03 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-06-18 19:59 - 2014-07-09 17:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-06-18 19:56 - 2014-07-09 17:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-18 19:53 - 2014-07-09 17:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-06-18 19:51 - 2014-07-09 17:02 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-06-18 19:50 - 2014-07-09 17:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-18 19:48 - 2014-07-09 17:02 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-06-18 19:39 - 2014-07-09 17:03 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-06-18 19:38 - 2014-07-09 17:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-06-18 19:37 - 2014-07-09 17:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-06-18 19:36 - 2014-07-09 17:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-06-18 19:35 - 2014-07-09 17:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-06-18 19:33 - 2014-07-09 17:03 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-06-18 19:32 - 2014-07-09 17:03 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-06-18 19:28 - 2014-07-09 17:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-06-18 19:28 - 2014-07-09 17:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-06-18 19:27 - 2014-07-09 17:02 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-06-18 19:27 - 2014-07-09 17:02 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-06-18 19:25 - 2014-07-09 17:03 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-06-18 19:23 - 2014-07-09 17:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-06-18 19:22 - 2014-07-09 17:03 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-06-18 19:12 - 2014-07-09 17:03 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-06-18 19:06 - 2014-07-09 17:03 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-18 19:01 - 2014-07-09 17:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-06-18 18:59 - 2014-07-09 17:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-18 18:58 - 2014-07-09 17:03 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-06-18 18:58 - 2014-07-09 17:02 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-06-18 18:52 - 2014-07-09 17:02 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-06-18 18:51 - 2014-07-09 17:02 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-06-18 18:49 - 2014-07-09 17:03 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-06-18 18:46 - 2014-07-09 17:02 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-06-18 18:45 - 2014-07-09 17:03 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-06-18 18:35 - 2014-07-09 17:03 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-06-18 18:34 - 2014-07-09 17:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-06-18 18:15 - 2014-07-09 17:02 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-06-18 18:13 - 2014-07-09 17:02 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-06-18 18:09 - 2014-07-09 17:03 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-06-18 18:07 - 2014-07-09 17:02 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-06-17 22:18 - 2014-07-09 17:03 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-06-17 21:51 - 2014-07-09 17:03 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-06-17 21:10 - 2014-07-09 17:03 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Files to move or delete:====================C:\Users\John\jagex_cl_oldschool_LIVE.datC:\Users\John\random.dat Some content of TEMP:====================C:\Users\John\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exeC:\Users\John\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 12:36 ==================== End Of Log ============================Addition.txt
  11. About an hour ago at this point I got a random tab pop-up in my firefox browser. the pop-up was to a site named lpmxp2020 . com saying that firefox was out of date, obviously I did not trust it and checked. Firefox was not out of date so I did some research and it looks to be a new malware or something of the sort. I already ran Malwarebytes and it came up with nothing. Ever since I closed out of the tab I have not gotten another one since. Any ideas on how to get it out of my system?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.