Jump to content

GPU usage is through the roof, I believe I have a BitCoin Miner trojan


Recommended Posts

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.
 
 
 
 
Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16618  BrowserJavaVersion: 10.21.2

Run by Lucas at 3:48:18 on 2013-07-03

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8163.5914 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\viakaraokesrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

"C:\Users\Lucas\AppData\Local\Temp\svchost.exe"  -o http://p.9d3e622df914d8de7f747b7b8b143c52.com -O r3:r3 -l 1

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.



mWinlogon: Userinit = userinit.exe,

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Adobe] C:\Users\Lucas\AppData\Roaming\Adobe\color.vbe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 208.180.42.68 208.180.42.100

TCP: Interfaces\{53057F99-F1D5-4EBF-B2C7-C54D880ED774} : DHCPNameServer = 208.180.42.68 208.180.42.100

TCP: Interfaces\{E8C79C70-4888-413D-82D3-95E075744554} : DHCPNameServer = 10.0.0.2 10.0.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-1-22 82560]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-1-22 42624]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-1-22 22128]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-6-29 9216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-3 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-3 701512]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-14 144368]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-1-22 27792]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-22 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-14 169048]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-6 138912]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-1-22 65152]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-1-22 88832]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130604.001\IDSviA64.sys [2013-6-4 513184]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-3 25928]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-10-30 13368]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-22 565352]

R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-14 493656]

R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-14 1139800]

R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-14 224416]

R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-14 433752]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-1-22 2206352]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-14 49152]

S3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [2009-8-10 28984]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2013-07-03 06:17:53 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Malwarebytes

2013-07-03 06:17:43 -------- d-----w- C:\ProgramData\Malwarebytes

2013-07-03 06:17:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-07-03 06:17:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-03 06:00:31 -------- d-----w- C:\Users\Lucas\AppData\Local\AMD

2013-07-03 06:00:13 -------- d-----w- C:\Users\Lucas\AppData\Local\ATI

2013-07-03 05:59:22 0 ----a-w- C:\Windows\ativpsrm.bin

2013-07-03 05:57:38 -------- d-----w- C:\ProgramData\AMD

2013-07-03 05:57:37 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-07-03 05:57:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-07-03 05:57:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-07-03 05:56:00 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-07-03 05:55:58 -------- d-----w- C:\Program Files\ATI

2013-07-03 05:55:41 -------- d-----w- C:\Program Files\ATI Technologies

2013-07-03 05:54:54 -------- d-----w- C:\AMD

2013-07-03 05:52:48 -------- d-----w- C:\Program Files (x86)\MSI Afterburner

2013-07-02 07:21:10 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24A780D0-9B76-47B5-8F36-59CDF8B60068}\mpengine.dll

2013-07-01 18:04:30 33856 ---ha-w- C:\Windows\System32\hamachi.sys

2013-07-01 18:04:24 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2013-06-29 18:13:56 -------- d-----w- C:\Users\Lucas\AppData\Roaming\LolClient

2013-06-29 16:40:40 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Awesomium

2013-06-29 16:39:47 -------- d-----w- C:\ProgramData\Hi-Rez Studios

2013-06-29 16:39:31 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios

2013-06-29 02:05:04 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2013-06-29 02:05:03 -------- d-----w- C:\Riot Games

2013-06-29 02:03:50 -------- d-----w- C:\Users\Lucas\AppData\Local\PMB Files

2013-06-29 02:03:49 -------- d-----w- C:\ProgramData\PMB Files

2013-06-29 02:03:21 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Riot Games

2013-06-29 00:00:08 -------- d-----w- C:\Users\Lucas\AppData\Local\WarThunder

2013-06-29 00:00:08 -------- d-----w- C:\ProgramData\WarThunder

2013-06-29 00:00:01 -------- d-----w- C:\Program Files (x86)\War Thunder

2013-06-24 09:01:35 -------- d-----w- C:\Users\Lucas\AppData\Roaming\TortoiseSVN

2013-06-24 08:53:00 -------- d-----w- C:\Users\Lucas\AppData\Local\TSVNCache

2013-06-24 08:50:49 -------- d-----w- C:\Program Files\TortoiseSVN

2013-06-24 08:50:49 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays

2013-06-24 08:50:49 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays

2013-06-15 02:13:25 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys

2013-06-15 02:13:25 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys

2013-06-15 02:13:25 433752 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys

2013-06-15 02:13:25 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys

2013-06-15 02:13:25 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys

2013-06-15 02:13:25 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys

2013-06-15 02:13:25 169048 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys

2013-06-15 02:13:25 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys

2013-06-15 02:13:14 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.028

2013-06-14 03:38:47 -------- d-----w- C:\Users\Lucas\AppData\Roaming\.minecraft

2013-06-12 05:56:59 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-06-10 17:01:26 -------- d-----w- C:\ProgramData\Package Cache

2013-06-05 00:00:21 -------- d-----w- C:\Users\Lucas\AppData\Local\Warframe

.

==================== Find3M  ====================

.

2013-07-03 05:29:25 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-07-03 05:29:25 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-06-19 21:09:04 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-06-19 02:45:25 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-06-05 22:06:33 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-16 14:37:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe

2013-04-16 14:37:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe

2013-04-16 14:37:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe

2013-04-16 14:37:12 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe

2013-04-14 23:04:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-14 23:04:38 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 10:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

============= FINISH:  3:48:48.67 ===============

 

 

 

 

 

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 1/28/2013 6:17:23 PM

System Uptime: 7/3/2013 3:37:57 AM (0 hours ago)

.

Motherboard: AMD Corporation |  | 970A-D3

Processor: AMD FX-4100 Quad-Core Processor             | CPU 1 | 3600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 288.342 GiB free.

D: is CDROM (CDFS)

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP148: 7/2/2013 9:21:17 PM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

RP149: 7/2/2013 9:21:38 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

RP150: 7/3/2013 3:00:51 AM - Removed Battlefield 2

.

==== Installed Programs ======================

.

Ace of Spades

Adobe Flash Player 11 Plugin

Alien Swarm

AMD Accelerated Video Transcoding

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Application Profiles

Arma 2

Arma 2: Operation Arrowhead

Arma 2: Operation Arrowhead - Dedicated Server

Assassin's Creed II

Battlefield 1942™

BattlEye for OA Uninstall

BioShock

Blacklight: Retribution

Call of Duty: World at War

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Cave Story+

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Chivalry: Medieval Warfare

Company of Heroes

Company of Heroes (New Steam Version)

Company of Heroes 2

Company of Heroes: Tales of Valor

Counter-Strike: Global Offensive

Counter-Strike: Source

Cry of Fear

Darksiders

Day of Defeat: Source

DayZ Commander

Dead Island

Dead Pixels

Dead Space™ 2

Dedicated Server

Dolby Axon - 1.5.0.1

Dota 2

Dungeon Defenders

Eastern Front

Empire: Total War

Etron USB3.0 Host Controller

Far Cry

Far Cry 2

Far Cry 3

Garry's Mod

Google Chrome

Google Update Helper

Half-Life

Half-Life 2

Half-Life 2: Deathmatch

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life Dedicated Server Update Tool

Hearts of Iron III

Heroes & Generals

Hi-Rez Studios Authenticate and Update Service

Hitman: Blood Money

Insurgency: Modern Infantry Combat

Java 7 Update 21

Java Auto Updater

Junk Mail filter update

Killing Floor

League of Legends

Legend of Grimrock

LogMeIn Hamachi

Magicka

Making History: The Calm & The Storm

Malwarebytes Anti-Malware version 1.75.0.1300

Medieval II Total War

Medieval II Total War : Kingdoms : Americas

Medieval II Total War : Kingdoms : Britannia

Medieval II Total War : Kingdoms : Crusades

Medieval II Total War : Kingdoms : Teutonic

Men of War: Assault Squad

Metro 2033

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft Xbox 360 Accessories 1.2

Microsoft XNA Framework Redistributable 4.0

Mortal Online

Mount & Blade: Warband

Mount & Blade: With Fire and Sword

MSI Afterburner 2.2.5

MSVCRT

Norton Internet Security

NVIDIA PhysX

Oblivion mod manager 1.1.12

ON_OFF Charge B12.0308.1

OpenOffice.org 3.4.1

Operation Flashpoint: Dragon Rising

Operation Flashpoint: Dragon Rising Mission Editor

Origin

Pando Media Booster

Path of Exile

PAYDAY: The Heist

PlanetSide 2

Platform

Play withSIX

Portal

Portal 2

PunkBuster Services

Quake Live Mozilla Plugin

Qualcomm Atheros Client Installation Program

Realm of the Mad God

Realtek Ethernet Controller Driver

Red Orchestra 2: Heroes of Stalingrad

Red Orchestra 2: Heroes of Stalingrad - Single Player

S.T.A.L.K.E.R.: Call of Pripyat

Saints Row: The Third

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

Sid Meier's Civilization V

Skype™ 6.3

Sleeping Dogs™

Smite

Sniper Elite V2

Source Multiplayer Dedicated Server

Source SDK Base 2007

Star Wars: Knights of the Old Republic

Steam

Stronghold

Stronghold 2

Stronghold 3

Stronghold Crusader + Extreme

Stronghold Kingdoms

Stronghold Legends

Super Meat Boy

System Requirements Lab CYRI

Team Fortress 2

TeamSpeak 3 Client

Terraria

The Basement Collection

The Binding of Isaac

The Elder Scrolls III: Morrowind

The Elder Scrolls IV: Oblivion 

The Ultimate DOOM

The War Z

Titan Quest

Tom Clancy's Rainbow Six: Vegas 2

TortoiseSVN 1.8.0.24401 (64 bit)

UE3Redist

Unity Web Player

Unofficial Oblivion Patch v3.4.3

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Uplay

Ventrilo Client for Windows x64

VIA Platform Device Manager

War Thunder Launcher 1.0.1.246

Warframe

Warhammer 40,000 Space Marine

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Wings of Prey

WinRAR 4.20 (32-bit)

World of Tanks

World of Warcraft

Wrye Bash

.

==== Event Viewer Messages From Past Week ========

.

7/3/2013 3:39:07 AM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

7/3/2013 12:47:57 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.

7/3/2013 12:47:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/3/2013 12:47:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/3/2013 12:47:55 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/3/2013 12:47:49 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/3/2013 12:45:29 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.

7/3/2013 12:45:27 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AppleCharger discache spldr Wanarpv6

7/2/2013 10:44:52 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

7/1/2013 1:04:31 PM, Error: Service Control Manager [7030]  - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

7/1/2013 1:04:31 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

7/1/2013 1:04:31 PM, Error: Service Control Manager [7000]  - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

 

 

 

 

 

 

 


GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-03 03:54:52

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST31000524AS rev.JC4B 931.51GB

Running: mnhgpcu9.exe; Driver: C:\Users\Lucas\AppData\Local\Temp\kwtdykow.sys

 

 

---- Registry - GMER 2.1 ----

 

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543e43867                      

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543e43867 (not active ControlSet)  

 

---- EOF - GMER 2.1 ----

 


Link to post
Share on other sites

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

Combofix


Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Link to post
Share on other sites
ComboFix 13-07-02.03 - Lucas 07/03/2013   7:30.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8163.5771 [GMT -5:00]

Running from: c:\users\Lucas\Downloads\ComboFix.exe

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-03 to 2013-07-03  )))))))))))))))))))))))))))))))

.

.

2013-07-03 06:17 . 2013-07-03 06:17 -------- d-----w- c:\users\Lucas\AppData\Roaming\Malwarebytes

2013-07-03 06:17 . 2013-07-03 06:17 -------- d-----w- c:\programdata\Malwarebytes

2013-07-03 06:17 . 2013-07-03 06:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-07-03 06:17 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\users\Lucas\AppData\Local\AMD

2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\users\Lucas\AppData\Roaming\ATI

2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\users\Lucas\AppData\Local\ATI

2013-07-03 06:00 . 2013-07-03 06:00 -------- d-----w- c:\programdata\ATI

2013-07-03 05:59 . 2013-07-03 05:59 0 ----a-w- c:\windows\ativpsrm.bin

2013-07-03 05:57 . 2013-07-03 05:59 -------- d-----w- c:\programdata\AMD

2013-07-03 05:57 . 2013-07-03 05:57 -------- d-----w- c:\program files (x86)\AMD AVT

2013-07-03 05:57 . 2013-07-03 05:57 -------- d-----w- c:\program files\Common Files\ATI Technologies

2013-07-03 05:57 . 2013-07-03 05:57 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2013-07-03 05:56 . 2013-07-03 05:56 -------- d-----w- c:\program files (x86)\ATI Technologies

2013-07-03 05:55 . 2013-07-03 05:55 -------- d-----w- c:\program files\ATI

2013-07-03 05:55 . 2013-07-03 05:57 -------- d-----w- c:\program files\ATI Technologies

2013-07-03 05:54 . 2013-07-03 05:54 -------- d-----w- C:\AMD

2013-07-03 05:52 . 2013-07-03 09:12 -------- d-----w- c:\program files (x86)\MSI Afterburner

2013-07-02 07:21 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24A780D0-9B76-47B5-8F36-59CDF8B60068}\mpengine.dll

2013-07-01 18:04 . 2009-03-18 23:35 33856 ---ha-w- c:\windows\system32\hamachi.sys

2013-07-01 18:04 . 2013-07-03 12:40 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2013-06-29 18:13 . 2013-06-29 18:13 -------- d-----w- c:\users\Lucas\AppData\Roaming\LolClient

2013-06-29 16:40 . 2013-06-29 16:40 -------- d-----w- c:\users\Lucas\AppData\Roaming\Awesomium

2013-06-29 16:39 . 2013-06-29 16:39 -------- d-----w- c:\programdata\Hi-Rez Studios

2013-06-29 16:39 . 2013-06-29 16:39 -------- d-----w- c:\program files (x86)\Hi-Rez Studios

2013-06-29 02:05 . 2013-06-29 02:05 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2013-06-29 02:05 . 2013-06-29 02:05 -------- d-----w- C:\Riot Games

2013-06-29 02:03 . 2013-07-03 05:27 -------- d-----w- c:\users\Lucas\AppData\Local\PMB Files

2013-06-29 02:03 . 2013-07-03 05:27 -------- d-----w- c:\programdata\PMB Files

2013-06-29 02:03 . 2013-06-29 02:03 -------- d-----w- c:\users\Lucas\AppData\Roaming\Riot Games

2013-06-29 00:00 . 2013-06-29 00:00 -------- d-----w- c:\users\Lucas\AppData\Local\WarThunder

2013-06-29 00:00 . 2013-06-29 00:00 -------- d-----w- c:\programdata\WarThunder

2013-06-29 00:00 . 2013-06-29 01:45 -------- d-----w- c:\program files (x86)\War Thunder

2013-06-24 09:01 . 2013-06-24 09:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\TortoiseSVN

2013-06-24 08:53 . 2013-07-03 12:38 -------- d-----w- c:\users\Lucas\AppData\Local\TSVNCache

2013-06-24 08:50 . 2013-06-24 08:50 -------- d-----w- c:\program files\TortoiseSVN

2013-06-24 08:50 . 2013-06-24 08:50 -------- d-----w- c:\program files\Common Files\TortoiseOverlays

2013-06-24 08:50 . 2013-06-24 08:50 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays

2013-06-14 03:38 . 2013-06-18 02:12 -------- d-----w- c:\users\Lucas\AppData\Roaming\.minecraft

2013-06-12 05:56 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-06-10 17:01 . 2013-06-10 17:01 -------- d-----w- c:\programdata\Package Cache

2013-06-05 00:00 . 2013-06-19 03:24 -------- d-----w- c:\users\Lucas\AppData\Local\Warframe

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-03 05:29 . 2013-01-29 02:20 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-07-03 05:29 . 2013-01-29 02:18 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-06-19 21:09 . 2013-01-29 02:18 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-06-05 22:06 . 2013-01-29 02:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-05-02 07:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 14:37 . 2013-04-16 14:37 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe

2013-04-16 14:37 . 2013-04-16 14:37 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe

2013-04-16 14:37 . 2013-04-16 14:37 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe

2013-04-16 14:37 . 2013-04-16 14:37 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe

2013-04-14 23:04 . 2013-02-05 21:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-14 23:04 . 2013-02-05 21:17 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-13 05:49 . 2013-05-14 22:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-14 22:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-14 22:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-14 22:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-14 22:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-14 22:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 21:07 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 06:01 . 2013-05-14 22:17 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 06:01 . 2013-05-14 22:17 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 03:30 . 2013-05-14 22:17 3153920 ----a-w- c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]

"Adobe"="c:\users\Lucas\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]

.

c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys;c:\windows\SYSNATIVE\Drivers\UsbFltr.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-19 02:44 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23 00:48]

.

2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23 00:48]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2013-07-03  07:44:17 - machine was rebooted

ComboFix-quarantined-files.txt  2013-07-03 12:44

.

Pre-Run: 309,379,821,568 bytes free

Post-Run: 309,363,781,632 bytes free

.

- - End Of File - - A45FD617538110A7C6C4578D8246517F

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites
C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81X1MYVW\svchost[1].exe a variant of Win32/BitCoinMiner.N application

C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVNVRM3W\svchost[1].exe a variant of Win32/BitCoinMiner.N application

C:\Users\Lucas\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.N application

C:\Users\Lucas\AppData\Roaming\Adobe\color.vbe VBS/Agent.NGJ trojan

Operating memory a variant of Win32/BitCoinMiner.N application
Link to post
Share on other sites

Download and run OTL

  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the OTL.exe icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.


    Note: If you are using a Windows 64bit machine, please make sure the checkbox next to Include 64Bit Scans is checked. It will be checked by default.

  4. Push the runscanbutton.png button.
  5. It will now begin to scan, please be paitent while it scans.
  6. Two reports will open once it's done.
  7. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Link to post
Share on other sites

Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

     

     

    :OTL
    O4 - HKLM..\Run: [Adobe] C:\Users\Lucas\AppData\Roaming\Adobe\color.vbe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    :COMMANDS
    [emptytemp]
  • Return to OTL, right click in the "Custom Scans/Fixes" section and choose Paste.
  • Click the red Run Fix button.
  • OTL may ask to reboot the machine. Please do so.
  • If OTL did not reboot the machine, click OK and the log will open. Post the contents of the log in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

    Also post a new OTL log.
Link to post
Share on other sites
All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe deleted successfully.

C:\Users\Lucas\AppData\Roaming\Adobe\color.vbe moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-21-3221062888-723041811-78501554-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3221062888-723041811-78501554-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Lucas

->Temp folder emptied: 125751502 bytes

->Temporary Internet Files folder emptied: 6272452 bytes

->Java cache emptied: 319307 bytes

->Google Chrome cache emptied: 350097880 bytes

->Flash cache emptied: 618 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 356352 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 28124 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310864 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 501.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 07042013_091914

 

Files\Folders moved on Reboot...

C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

__________________________________________________________________________________________________________________________________________

 

Now you want the OTL scan log, correct? If so, should I post the Extra log as well?

Link to post
Share on other sites
OTL logfile created on: 7/4/2013 9:36:24 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lucas\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16618)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.97 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 76.56% Memory free

15.94 Gb Paging File | 13.64 Gb Available in Paging File | 85.56% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 289.75 Gb Free Space | 31.11% Space Free | Partition Type: NTFS

Drive D: | 2.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: LUCASESRIG | User Name: Lucas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/07/04 05:37:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe

PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2013/06/14 20:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/06/05 17:06:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/06/17 19:35:06 | 000,065,264 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll

MOD - [2013/06/17 19:34:52 | 000,070,896 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll

MOD - [2013/06/14 20:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll

MOD - [2013/06/14 20:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll

MOD - [2013/06/14 20:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll

MOD - [2013/06/14 20:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll

MOD - [2013/06/14 20:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll

MOD - [2013/06/14 20:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll

MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2013/03/28 20:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/08/03 00:27:50 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)

SRV:64bit: - [2010/04/06 19:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2013/06/18 10:42:28 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2013/06/12 16:13:14 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)

SRV - [2013/06/06 17:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/06/05 17:06:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/28 21:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2013/03/28 21:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2013/03/28 20:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2013/02/14 06:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/08/07 02:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2012/08/07 02:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2012/08/03 00:27:44 | 002,206,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2012/07/24 11:03:48 | 003,718,144 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2012/04/10 20:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2012/04/10 20:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)

DRV:64bit: - [2012/03/08 12:53:14 | 000,022,128 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/23 08:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)

DRV - [2009/08/10 11:08:04 | 000,028,984 | R--- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- D:\CDriver64.sys -- (MSICDSetup)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}

IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}

IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3221062888-723041811-78501554-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}

IE - HKU\S-1-5-21-3221062888-723041811-78501554-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@live.heroesandgenerals.com/npretox: C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

 

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.annaisd.org/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_1\

CHR - Extension: Google Search = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Realm of the Mad God = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\

CHR - Extension: Realm of the Mad God = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~

CHR - Extension: Don't Starve = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\

CHR - Extension: Reddit Enhancement Suite = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0\

CHR - Extension: Dolan Duck Theme = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\koaeffkbbmgkgedccaiaaecjlnpnnofi\1_0\

CHR - Extension: Contract Killer = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\meklndaflopgghbomkdpofehonfclipi\1.1.3_0\

CHR - Extension: Gmail = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2013/07/03 07:40:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-3221062888-723041811-78501554-1001..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3221062888-723041811-78501554-1001\..Trusted Domains: sony.com ([]* in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53057F99-F1D5-4EBF-B2C7-C54D880ED774}: DhcpNameServer = 208.180.42.68 208.180.42.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8C79C70-4888-413D-82D3-95E075744554}: DhcpNameServer = 10.0.0.2 10.0.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/01 03:11:42 | 000,000,049 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/07/04 09:19:14 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/07/04 05:37:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe

[2013/07/03 08:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013/07/03 07:44:19 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/07/03 07:40:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/07/03 07:28:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/07/03 07:28:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/07/03 07:28:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/07/03 07:25:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/07/03 07:24:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/07/03 04:21:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013/07/03 03:45:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Lucas\Desktop\dds.com

[2013/07/03 01:17:53 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Malwarebytes

[2013/07/03 01:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/07/03 01:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/07/03 01:17:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/07/03 01:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/07/03 01:00:31 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\AMD

[2013/07/03 01:00:13 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ATI

[2013/07/03 01:00:13 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\ATI

[2013/07/03 01:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2013/07/03 00:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD

[2013/07/03 00:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT

[2013/07/03 00:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2013/07/03 00:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2013/07/03 00:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

[2013/07/03 00:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies

[2013/07/03 00:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2013/07/03 00:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2013/07/03 00:54:54 | 000,000,000 | ---D | C] -- C:\AMD

[2013/07/03 00:53:00 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

[2013/07/03 00:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner

[2013/07/01 13:04:30 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys

[2013/07/01 13:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2013/07/01 13:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2013/07/01 13:04:16 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2013/06/29 13:13:56 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\LolClient

[2013/06/29 11:40:40 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Awesomium

[2013/06/29 11:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios

[2013/06/29 11:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios

[2013/06/29 11:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios

[2013/06/28 21:05:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin

[2013/06/28 21:05:03 | 000,000,000 | ---D | C] -- C:\Riot Games

[2013/06/28 21:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

[2013/06/28 21:03:50 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\PMB Files

[2013/06/28 21:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

[2013/06/28 21:03:21 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Riot Games

[2013/06/28 19:00:08 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\WarThunder

[2013/06/28 19:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder

[2013/06/28 19:00:02 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder

[2013/06/28 19:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\War Thunder

[2013/06/25 03:02:35 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/06/25 03:02:35 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/06/25 03:02:35 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2013/06/25 03:02:35 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/06/25 03:02:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/06/25 03:02:35 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/06/25 03:02:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/06/25 03:02:35 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/06/25 03:02:35 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/06/25 03:02:35 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll

[2013/06/25 03:02:35 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2013/06/25 03:02:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2013/06/25 03:02:35 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/06/25 03:02:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/06/25 03:02:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/06/25 03:02:35 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/06/25 03:02:35 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/06/25 03:02:35 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/06/25 03:02:35 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/06/25 03:02:35 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/06/25 03:02:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/06/25 03:02:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/06/25 03:02:35 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/06/25 03:02:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/06/25 03:02:35 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/06/25 03:02:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/06/25 03:02:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/06/25 03:02:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/06/25 03:02:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/06/25 03:02:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/06/25 03:02:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/06/25 03:02:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/06/25 03:02:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/06/25 03:02:35 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/06/25 03:02:34 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/06/25 03:02:34 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/06/25 03:02:34 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2013/06/25 03:02:34 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2013/06/25 03:02:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/06/25 03:02:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2013/06/25 03:02:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/06/25 03:02:34 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/06/25 03:02:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/06/25 03:02:34 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2013/06/25 03:02:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2013/06/25 03:02:34 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2013/06/25 03:02:34 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/06/25 03:02:34 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/06/25 03:02:34 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2013/06/25 03:02:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2013/06/25 03:02:34 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2013/06/25 03:02:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/06/25 03:02:34 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2013/06/25 03:02:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2013/06/25 03:02:34 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2013/06/25 03:02:34 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/06/25 03:02:34 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2013/06/25 03:02:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2013/06/25 03:02:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2013/06/25 03:02:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/06/25 03:02:34 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2013/06/25 03:02:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/06/25 03:02:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2013/06/25 03:02:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2013/06/25 03:02:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/06/25 03:02:34 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2013/06/25 03:02:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2013/06/25 03:02:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2013/06/24 04:01:35 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\TortoiseSVN

[2013/06/24 03:53:00 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\TSVNCache

[2013/06/24 03:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN

[2013/06/24 03:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN

[2013/06/24 03:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays

[2013/06/24 03:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays

[2013/06/14 21:46:38 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\1964_11

[2013/06/13 22:38:47 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\.minecraft

[2013/06/12 00:57:31 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/06/12 00:57:31 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/06/12 00:57:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll

[2013/06/12 00:57:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll

[2013/06/12 00:57:18 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/06/12 00:57:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/06/12 00:57:10 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe

[2013/06/12 00:57:10 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe

[2013/06/12 00:57:09 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/06/12 00:57:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll

[2013/06/12 00:57:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll

[2013/06/12 00:57:00 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/06/12 00:56:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/06/10 12:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache

[2013/06/04 19:00:21 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Warframe

[2013/04/07 12:48:46 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\Lucas\AppData\Roaming\dotNetFx35setup.exe

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/04 09:27:51 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/07/04 09:27:51 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/07/04 09:24:50 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/07/04 09:24:50 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/07/04 09:24:50 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/07/04 09:21:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/04 09:20:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/07/04 09:20:31 | 2124,308,479 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/04 09:04:50 | 000,035,518 | ---- | M] () -- C:\Users\Lucas\Desktop\Logs.zip

[2013/07/04 08:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/04 05:37:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe

[2013/07/03 07:40:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/07/03 05:50:43 | 000,000,947 | ---- | M] () -- C:\Users\Lucas\Desktop\mbam-log-2013-07-03 (01-18-42).zip

[2013/07/03 04:21:38 | 554,402,820 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/07/03 03:46:08 | 000,377,856 | ---- | M] () -- C:\Users\Lucas\Desktop\mnhgpcu9.exe

[2013/07/03 03:45:49 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Lucas\Desktop\dds.com

[2013/07/03 00:59:22 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[2013/07/03 00:53:05 | 000,001,082 | ---- | M] () -- C:\Users\Lucas\Desktop\MSI Afterburner.lnk

[2013/07/03 00:29:25 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2013/07/03 00:29:25 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013/07/01 22:52:52 | 000,000,000 | -H-- | M] () -- C:\Users\Lucas\Documents\Default.rdp

[2013/06/30 14:07:18 | 000,292,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/06/29 11:39:49 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk

[2013/06/29 11:39:49 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk

[2013/06/25 08:48:56 | 3298,098,513 | ---- | M] () -- C:\Users\Lucas\Desktop\blackmesa.7z

[2013/06/25 05:52:14 | 000,000,101 | ---- | M] () -- C:\Users\Lucas\Desktop\blackmesa.md5

[2013/06/25 05:51:40 | 000,827,720 | ---- | M] () -- C:\Users\Lucas\Desktop\blackmesa-setup.exe

[2013/06/25 03:02:35 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/06/25 03:02:35 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/06/25 03:02:35 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2013/06/25 03:02:35 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/06/25 03:02:35 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/06/25 03:02:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/06/25 03:02:35 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/06/25 03:02:35 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/06/25 03:02:35 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/06/25 03:02:35 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll

[2013/06/25 03:02:35 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2013/06/25 03:02:35 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2013/06/25 03:02:35 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/06/25 03:02:35 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/06/25 03:02:35 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/06/25 03:02:35 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/06/25 03:02:35 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/06/25 03:02:35 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/06/25 03:02:35 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/06/25 03:02:35 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/06/25 03:02:35 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/06/25 03:02:35 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/06/25 03:02:35 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/06/25 03:02:35 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/06/25 03:02:35 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/06/25 03:02:35 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/06/25 03:02:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/06/25 03:02:35 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/06/25 03:02:35 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/06/25 03:02:35 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/06/25 03:02:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/06/25 03:02:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/06/25 03:02:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/06/25 03:02:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/06/25 03:02:35 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/06/25 03:02:34 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/06/25 03:02:34 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/06/25 03:02:34 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2013/06/25 03:02:34 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2013/06/25 03:02:34 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/06/25 03:02:34 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2013/06/25 03:02:34 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/06/25 03:02:34 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/06/25 03:02:34 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/06/25 03:02:34 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2013/06/25 03:02:34 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2013/06/25 03:02:34 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2013/06/25 03:02:34 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/06/25 03:02:34 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/06/25 03:02:34 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2013/06/25 03:02:34 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2013/06/25 03:02:34 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2013/06/25 03:02:34 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/06/25 03:02:34 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2013/06/25 03:02:34 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2013/06/25 03:02:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2013/06/25 03:02:34 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/06/25 03:02:34 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2013/06/25 03:02:34 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2013/06/25 03:02:34 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2013/06/25 03:02:34 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/06/25 03:02:34 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2013/06/25 03:02:34 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/06/25 03:02:34 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2013/06/25 03:02:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2013/06/25 03:02:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/06/25 03:02:34 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2013/06/25 03:02:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013/06/25 03:02:34 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2013/06/25 03:02:34 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2013/06/20 02:25:34 | 000,014,466 | ---- | M] () -- C:\Users\Lucas\Documents\cc_20130620_022517.reg

[2013/06/19 16:09:04 | 000,291,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2013/06/19 02:46:32 | 167,580,928 | ---- | M] () -- C:\Users\Lucas\Desktop\RP_EvoCity_v33x.bsp.bz2

[2013/06/14 15:47:32 | 011,536,839 | ---- | M] () -- C:\Users\Lucas\Desktop\traincraft-4.0.1_002.jar

[2013/06/13 14:53:19 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini

[2013/06/05 20:09:11 | 000,002,544 | ---- | M] () -- C:\Users\Lucas\Documents\OpenOffice.odb

[2013/06/05 17:06:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

 

========== Files Created - No Company Name ==========

 

[2013/07/04 09:04:44 | 000,035,518 | ---- | C] () -- C:\Users\Lucas\Desktop\Logs.zip

[2013/07/03 07:28:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/07/03 07:28:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/07/03 07:28:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/07/03 07:28:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/07/03 07:28:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/07/03 05:50:43 | 000,000,947 | ---- | C] () -- C:\Users\Lucas\Desktop\mbam-log-2013-07-03 (01-18-42).zip

[2013/07/03 04:21:38 | 554,402,820 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013/07/03 03:46:05 | 000,377,856 | ---- | C] () -- C:\Users\Lucas\Desktop\mnhgpcu9.exe

[2013/07/03 00:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2013/07/03 00:53:05 | 000,001,082 | ---- | C] () -- C:\Users\Lucas\Desktop\MSI Afterburner.lnk

[2013/07/01 22:52:52 | 000,000,000 | -H-- | C] () -- C:\Users\Lucas\Documents\Default.rdp

[2013/06/29 11:39:49 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk

[2013/06/29 11:39:48 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk

[2013/06/25 06:34:45 | 3298,098,513 | ---- | C] () -- C:\Users\Lucas\Desktop\blackmesa.7z

[2013/06/25 05:52:14 | 000,000,101 | ---- | C] () -- C:\Users\Lucas\Desktop\blackmesa.md5

[2013/06/25 05:51:39 | 000,827,720 | ---- | C] () -- C:\Users\Lucas\Desktop\blackmesa-setup.exe

[2013/06/25 03:02:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/06/25 03:02:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013/06/20 02:25:26 | 000,014,466 | ---- | C] () -- C:\Users\Lucas\Documents\cc_20130620_022517.reg

[2013/06/19 02:40:29 | 167,580,928 | ---- | C] () -- C:\Users\Lucas\Desktop\RP_EvoCity_v33x.bsp.bz2

[2013/06/14 15:46:49 | 011,536,839 | ---- | C] () -- C:\Users\Lucas\Desktop\traincraft-4.0.1_002.jar

[2013/04/27 21:44:08 | 000,000,093 | ---- | C] () -- C:\Users\Lucas\AppData\Local\fusioncache.dat

[2013/04/21 22:23:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2013/04/16 09:37:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe

[2013/04/16 09:37:12 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe

[2013/03/28 20:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2013/03/28 20:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2013/02/24 20:05:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2013/02/01 07:40:38 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe

[2013/01/29 20:26:38 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2013/01/28 21:18:15 | 000,280,856 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013/01/28 21:18:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2013/01/22 19:51:22 | 000,786,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/01/22 19:47:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011/09/19 08:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

 

========== ZeroAccess Check ==========

 

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

< End of report >
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.