Jump to content

I have some malware.....

smemeber
 Share

Recommended Posts

smemeber

smemeber

Posted
Posted

Hi Malwarebytes. I recently went into malwarebytes and did a scan and found 1 malware.

 

now you might be thinking : OH NO! 1 MALWARE! MALWAREBYTES HAS NO CHANCE OF STOPPING THAT!(sarcasm)

 

What you didn't know is that Malwarebytes crashed shortly after it found the malware.

 

Up there was some important info, I just wanted to jazz it up a little :P

 

Anyways, I went to task manager and found two unknown processes (It might just be windows but it doesn't look like it): CCC.exe and MOM.exe. The description for CCC.exe is: Catalyst Control Center: Host application. The one for MOM.exe is: Catalyst Control Center: Monitoring Program. What this file looks like to me is some kind of fake "internet sitter". If you don't know what that is it's what they put on computers used by kids to block websites with porn, viruses, inappropriate content, etc. What I think it might do is block me from every website saying that they are"restricted". It hasn't done anything bad yet but it might soon. Here's the FRST log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by test (administrator) on JUSTIIN-PC on 30-06-2014 15:49:09
Running from C:\Users\test\Downloads\FRST-OlderVersion\FRST-OlderVersion
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-17] (SRS Labs, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TRUUpdater] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.)
HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
HKU\S-1-5-21-573630501-3468752300-2657990606-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-15] (Google Inc.)
HKU\S-1-5-21-573630501-3468752300-2657990606-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X]
HKU\S-1-5-21-573630501-3468752300-2657990606-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-15] (Google Inc.)
HKU\S-1-5-21-573630501-3468752300-2657990606-1004\...\Run: [Akamai NetSession Interface] => "C:\Users\test\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-573630501-3468752300-2657990606-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-15] (Google Inc.)
HKU\S-1-5-21-573630501-3468752300-2657990606-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => "C:\Users\test\AppData\Local\Akamai\netsession_win.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.lnk
ShortcutTarget: Adobe.lnk -> C:\Users\test\AppData\Roaming\data\Adobe.vbs (No File)
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E}: [NameServer]64.71.255.205 64.71.255.253
 
FireFox:
========
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-02]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-02]
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Minecraft 2D) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmbhgomhppajmfjpllklachcikbflfk [2013-05-11]
CHR Extension: (Angry Birds) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-03-20]
CHR Extension: (Google Docs) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-10]
CHR Extension: (Google Drive) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-10]
CHR Extension: (Adblock Plus) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-29]
CHR Extension: (Google Search) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-10]
CHR Extension: (XJZ Survey Remover) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh [2014-06-28]
CHR Extension: (Minecraft Tower Defense) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\djankeomhapijmcecgohnhhfppehfbkc [2013-05-23]
CHR Extension: (Powered by Redstone) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaafagdemifnmjbmblhleneomcfdmofm [2013-05-23]
CHR Extension: (backgroundPage) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-03-20]
CHR Extension: (AdBlock) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-18]
CHR Extension: (Cut the Rope) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-06-14]
CHR Extension: (Cut the Rope) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\habdpkhpblcjnaceicglhhnbaikmicoo [2013-06-21]
CHR Extension: (Angry Birds Space HD) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\headjcpkijafflpiedpeefofgjfcbkkb [2013-05-07]
CHR Extension: (Angry Birds Rio) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbmidndnnlgjoedckgkmdhgaphfbkaf [2013-06-14]
CHR Extension: (Ultimate Flash Sonic) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp [2013-03-20]
CHR Extension: (Mine Clone) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimhmcpjdmonneljpfolgacbkdoocmpd [2013-05-23]
CHR Extension: (Google Forms) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2013-05-08]
CHR Extension: (MP3 Player) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadoojjbafjcfdjcafflfnoimccbnlfd [2013-05-11]
CHR Extension: (Quick Earth) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2013-03-19]
CHR Extension: (Gmail Print All for Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfcbaaedcknfcojckihmfmolepkpihp [2013-06-14]
CHR Extension: (Games) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdiijhhdoaefbcpgngkfeckicgphcof [2013-05-08]
CHR Extension: (Google Wallet) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Clash of Clans) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofafmlelfljkaoaglplpikoonkceepai [2014-03-09]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2014-04-23]
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-10]
CHR Extension: (Extutil) - C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-02-15]
CHR Extension: (Managera) - C:\Users\test\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-02-15]
 
==================== Services (Whitelisted) =================
 
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [321392 2011-11-03] (Sierra Wireless, Inc.)
R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-30 15:36 - 2014-06-30 15:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 15:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-30 15:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-29 15:45 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.electriciansjourney
2014-06-29 15:36 - 2014-06-29 15:37 - 00000000 ____D () C:\Users\test\Desktop\test
2014-06-29 14:56 - 2014-06-29 15:13 - 00000000 ____D () C:\Users\test\Desktop\Website
2014-06-29 14:45 - 2014-03-18 05:15 - 00000000 ____D () C:\Users\test\Desktop\SGH-I317M
2014-06-29 14:44 - 2014-06-29 14:44 - 13828035 _____ () C:\Users\test\Downloads\SGH-I317M.zip
2014-06-29 14:25 - 2014-06-29 14:31 - 00000286 _____ () C:\Users\test\Desktop\index.html
2014-06-29 14:24 - 2014-06-29 14:24 - 00204568 _____ () C:\Users\test\Downloads\bootstrap-3.2.0-dist.zip
2014-06-29 14:22 - 2014-06-29 14:35 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\test\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe
2014-06-29 14:02 - 2014-06-29 14:02 - 00006853 _____ () C:\Users\test\Downloads\download (18).jpeg
2014-06-28 16:46 - 2014-06-28 16:46 - 00004094 _____ () C:\Users\test\Downloads\MAX TROOPS HACK.zip
2014-06-28 15:30 - 2014-06-28 15:30 - 00788580 _____ () C:\Users\test\Downloads\jd-gui-0.3.6.windows.zip
2014-06-28 14:58 - 2014-06-28 14:58 - 00742594 _____ () C:\Users\test\Downloads\Clash of CLans v1.4.3.zip
2014-06-28 13:43 - 2014-06-28 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-28 13:43 - 2014-06-28 13:43 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-28 13:43 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-28 13:43 - 2014-06-28 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-28 13:42 - 2014-06-28 13:42 - 02650408 _____ (Malwarebytes ) C:\Users\test\Downloads\mbae-setup-1.03.1.1220.exe
2014-06-26 21:13 - 2014-06-26 21:13 - 01680483 _____ () C:\Users\test\Downloads\dex2jar-0.0.9.15.zip
2014-06-26 21:07 - 2014-06-26 21:08 - 52253462 _____ () C:\Users\test\Downloads\GBOD_1.4.1.apk
2014-06-25 20:45 - 2014-06-30 15:50 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf90d7f57546e3.job
2014-06-25 20:45 - 2014-06-30 13:32 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf90d7f37ec6b7.job
2014-06-25 20:45 - 2014-06-25 20:45 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf90d7f57546e3
2014-06-25 20:45 - 2014-06-25 20:45 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf90d7f37ec6b7
2014-06-24 19:18 - 2014-06-24 19:18 - 00036830 _____ () C:\Users\test\Downloads\FromDarkness.zip
2014-06-24 19:01 - 2014-06-24 19:01 - 32483740 _____ () C:\Users\test\Downloads\Boulder.zip
2014-06-21 17:52 - 2014-06-21 17:52 - 00000000 ____D () C:\Users\test\Downloads\minecraftpe
2014-06-19 18:38 - 2014-06-19 18:38 - 00285344 _____ () C:\Users\test\Downloads\34005__jobro__eas-beep.wma
2014-06-19 18:36 - 2014-06-19 18:36 - 00022525 _____ () C:\Users\test\Downloads\34005__jobro__eas-beep.ogg
2014-06-16 16:34 - 2014-06-16 16:35 - 28820329 _____ () C:\Users\test\Downloads\modpack (3).zip
2014-06-16 16:33 - 2014-06-16 16:34 - 28820329 _____ () C:\Users\test\Downloads\modpack (2).zip
2014-06-16 16:32 - 2014-06-16 16:32 - 28820329 _____ () C:\Users\test\Downloads\modpack (1).zip
2014-06-16 16:26 - 2014-06-16 16:26 - 07399578 _____ () C:\Users\test\Downloads\modpack (6).zip
2014-06-13 20:30 - 2014-06-13 20:30 - 02269863 _____ () C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-installer (2).jar
2014-06-13 20:28 - 2014-06-13 20:28 - 00090835 _____ () C:\Users\test\Downloads\[1.7.2]BigItemsModInstaller.jar
2014-06-13 20:23 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft2
2014-06-13 20:20 - 2014-06-13 20:21 - 53514938 _____ () C:\Users\test\Downloads\MorphHideAndSeekServer.zip
2014-06-13 20:18 - 2014-06-29 21:52 - 00000000 ____D () C:\VoidLauncher
2014-06-13 20:18 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft
2014-06-13 20:18 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.aethericcrusade
2014-06-13 20:18 - 2014-06-29 15:40 - 00000000 ____D () C:\Users\test\AppData\Roaming\.beta-jurassiccraft
2014-06-13 20:18 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\VoidLauncher
2014-06-13 20:18 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.VoidLauncher
2014-06-13 20:17 - 2014-06-13 20:18 - 02534838 _____ () C:\Users\test\Downloads\VoidLauncher.zip
2014-06-13 18:43 - 2014-06-13 18:43 - 00386383 _____ (http://magiclauncher.com) C:\Users\test\Downloads\MagicLauncher_1.2.5.exe
2014-06-13 18:05 - 2014-06-10 18:07 - 00108324 _____ () C:\Users\test\Desktop\Animals mod planetcraft (9).zip
2014-06-11 20:44 - 2014-06-11 20:44 - 01972443 _____ () C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-universal.jar
2014-06-11 20:39 - 2014-06-11 20:40 - 08396743 _____ () C:\Users\test\Downloads\modpack.zip
2014-06-11 20:18 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 20:18 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 20:18 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-11 20:18 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 20:18 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-11 20:18 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 20:18 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-11 20:18 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 20:18 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 20:18 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-11 20:18 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-11 20:18 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-11 20:18 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-11 20:18 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 20:18 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-11 20:18 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 20:18 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 20:18 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 20:18 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 20:18 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 20:18 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 20:18 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-11 20:18 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 20:18 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 20:18 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-11 20:18 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 20:18 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 20:18 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 20:18 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 20:18 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-11 20:18 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 20:18 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-11 20:18 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-11 20:18 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-11 20:18 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 20:18 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 20:18 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 20:18 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 20:18 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 20:18 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 20:18 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 20:18 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 20:18 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 20:18 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-11 20:18 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 20:18 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 20:18 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 20:18 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 20:18 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 20:18 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 20:18 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-11 20:18 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 20:18 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-11 20:18 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-11 20:18 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 20:18 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 20:18 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-11 20:18 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-11 20:18 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-11 20:18 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 20:18 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-11 20:18 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 20:18 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-11 20:18 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-11 20:16 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 20:16 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-11 20:14 - 2014-06-11 20:14 - 00013093 _____ () C:\Users\test\Downloads\modpack.zip.download
2014-06-10 18:49 - 2014-06-10 18:49 - 01900295 _____ () C:\Users\test\Downloads\minecraftforge-universal-1.6.4-9.11.0.883.jar
2014-06-10 18:31 - 2014-06-10 18:32 - 01020488 _____ () C:\Users\test\Downloads\Morph-Beta-0.7.1.zip
2014-06-10 18:15 - 2014-06-10 19:09 - 00000000 ____D () C:\Users\test\Desktop\TheUltimateMobpack!
2014-06-10 18:14 - 2014-06-10 18:14 - 00456541 _____ () C:\Users\test\Downloads\[1.6.4]MoreWolvesMod.zip
2014-06-10 18:11 - 2014-06-10 18:11 - 04290345 _____ () C:\Users\test\Downloads\LotsOMobs_104.0.0.jar
2014-06-10 18:07 - 2014-06-10 18:07 - 00108324 _____ () C:\Users\test\Downloads\Animals mod planetcraft (9).zip
2014-06-10 17:37 - 2014-06-10 17:37 - 22012596 _____ () C:\Users\test\Downloads\DrZharks MoCreatures Mod v6.1.0.zip
2014-06-09 19:45 - 2014-06-09 20:35 - 00000000 ____D () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion)
2014-06-09 19:44 - 2012-12-08 07:42 - 68936437 _____ () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion).lib4d
2014-06-09 19:42 - 2014-06-09 19:43 - 28568219 _____ () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion).rar
2014-06-09 18:25 - 2014-06-09 18:25 - 02129030 _____ () C:\Users\test\Documents\testanimation.obj
2014-06-09 18:25 - 2014-06-09 18:25 - 00006963 _____ () C:\Users\test\Documents\testanimation.mtl
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 ___HD () C:\CanoScan
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 ____D () C:\Users\test\Downloads\lide80vst7250a_xpen
2014-06-09 17:48 - 2014-06-09 17:49 - 06341968 _____ () C:\Users\test\Downloads\lide80vst7250a_xpen.exe
2014-06-08 21:30 - 2014-06-08 21:30 - 00574639 _____ () C:\Users\test\Documents\teamcrafted.c4d
2014-06-08 21:22 - 2014-06-08 21:22 - 01966760 _____ () C:\Users\test\Downloads\winrar-x64-501.exe
2014-06-08 21:22 - 2014-06-08 21:22 - 00000986 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-08 21:14 - 2014-06-08 21:16 - 00000000 ____D () C:\Users\test\Downloads\Minecraft Steve Rig v1.2 (by WeedLion)
2014-06-08 21:14 - 2014-06-08 21:14 - 05528688 _____ () C:\Users\test\Downloads\Minecraft Steve Rig v1.2 (by WeedLion).rar
2014-06-08 20:59 - 2014-06-08 20:59 - 00032813 _____ () C:\Users\test\Documents\teamcrafted.obj
2014-06-08 20:59 - 2014-06-08 20:59 - 00000228 _____ () C:\Users\test\Documents\teamcrafted.mtl
2014-06-08 20:19 - 2014-06-08 20:19 - 05362369 _____ () C:\Users\test\Downloads\mineways.zip
2014-06-08 20:19 - 2014-06-08 20:19 - 00000000 ____D () C:\Users\test\Downloads\mineways
2014-06-08 18:46 - 2014-06-16 17:50 - 00000000 ____D () C:\Users\test\Desktop\c4d rigs
2014-06-08 18:34 - 2014-06-08 18:34 - 00694267 _____ () C:\Users\test\Downloads\MC RIG 2013.rar
2014-06-08 18:26 - 2014-06-08 18:26 - 04078448 _____ () C:\Users\test\Downloads\SkybriXs C4D Craft Pack.zip
2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Users\test\AppData\Roaming\MAXON
2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
2014-06-08 18:04 - 2014-06-08 18:04 - 00440812 _____ () C:\Users\test\Downloads\WM v1.1.1.2 (2).zip
2014-06-08 18:04 - 2014-06-08 18:04 - 00440812 _____ () C:\Users\test\Downloads\WM v1.1.1.2 (1).zip
2014-06-08 18:01 - 2014-06-08 18:01 - 00000000 ____D () C:\Program Files\MAXON
2014-06-08 17:47 - 2014-06-08 17:47 - 00274248 _____ () C:\Users\test\Downloads\UNIQUE ANIMALS MOD 0.0.5 - 1.5.2.zip
2014-06-08 17:46 - 2014-06-08 17:56 - 00000000 ____D () C:\Users\test\Downloads\installer_r15_demo
2014-06-08 16:47 - 2014-06-08 16:48 - 03827245 _____ () C:\Users\test\Downloads\BTWMod4-99999A0CbMarsupial.zip
2014-06-08 16:32 - 2014-06-08 16:32 - 00009600 _____ () C:\Users\test\Downloads\RoboticStoneMod.zip
2014-06-08 15:46 - 2014-06-08 17:17 - 2958994837 _____ () C:\Users\test\Downloads\installer_r15_demo.zip
 
==================== One Month Modified Files and Folders =======
 
2014-06-30 15:50 - 2014-06-25 20:45 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf90d7f57546e3.job
2014-06-30 15:49 - 2014-01-02 20:29 - 00000000 ____D () C:\FRST
2014-06-30 15:37 - 2014-06-30 15:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 15:36 - 2014-01-03 14:24 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-30 15:36 - 2014-01-03 14:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-30 15:36 - 2013-02-04 17:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 15:22 - 2013-07-13 20:53 - 00000000 ____D () C:\Users\test\Downloads\powder-87.2-win32
2014-06-30 15:17 - 2013-06-08 17:00 - 00000000 ____D () C:\Users\test\AppData\Roaming\Dropbox
2014-06-30 15:15 - 2012-03-15 21:14 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 13:52 - 2012-05-30 13:43 - 02020592 _____ () C:\windows\WindowsUpdate.log
2014-06-30 13:38 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 13:38 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 13:34 - 2014-03-28 17:49 - 00000000 ____D () C:\Users\test\AppData\Roaming\DropboxMaster
2014-06-30 13:33 - 2013-05-13 20:06 - 00000000 ____D () C:\Users\test\AppData\Local\Deployment
2014-06-30 13:32 - 2014-06-25 20:45 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf90d7f37ec6b7.job
2014-06-30 13:31 - 2013-07-14 08:38 - 00025586 _____ () C:\windows\setupact.log
2014-06-30 13:31 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-29 21:52 - 2014-06-13 20:18 - 00000000 ____D () C:\VoidLauncher
2014-06-29 15:45 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.electriciansjourney
2014-06-29 15:45 - 2014-06-13 20:23 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft2
2014-06-29 15:45 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft
2014-06-29 15:45 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.aethericcrusade
2014-06-29 15:40 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.beta-jurassiccraft
2014-06-29 15:37 - 2014-06-29 15:36 - 00000000 ____D () C:\Users\test\Desktop\test
2014-06-29 15:13 - 2014-06-29 14:56 - 00000000 ____D () C:\Users\test\Desktop\Website
2014-06-29 14:44 - 2014-06-29 14:44 - 13828035 _____ () C:\Users\test\Downloads\SGH-I317M.zip
2014-06-29 14:35 - 2014-06-29 14:22 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\test\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe
2014-06-29 14:31 - 2014-06-29 14:25 - 00000286 _____ () C:\Users\test\Desktop\index.html
2014-06-29 14:24 - 2014-06-29 14:24 - 00204568 _____ () C:\Users\test\Downloads\bootstrap-3.2.0-dist.zip
2014-06-29 14:02 - 2014-06-29 14:02 - 00006853 _____ () C:\Users\test\Downloads\download (18).jpeg
2014-06-28 17:58 - 2013-07-10 19:11 - 00000000 ____D () C:\Users\test\AppData\Roaming\.minecraft
2014-06-28 16:46 - 2014-06-28 16:46 - 00004094 _____ () C:\Users\test\Downloads\MAX TROOPS HACK.zip
2014-06-28 16:46 - 2013-02-22 09:04 - 00000000 ____D () C:\Users\test\AppData\Roaming\SoftGrid Client
2014-06-28 15:30 - 2014-06-28 15:30 - 00788580 _____ () C:\Users\test\Downloads\jd-gui-0.3.6.windows.zip
2014-06-28 15:28 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-28 14:58 - 2014-06-28 14:58 - 00742594 _____ () C:\Users\test\Downloads\Clash of CLans v1.4.3.zip
2014-06-28 13:43 - 2014-06-28 13:43 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-28 13:43 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-28 13:43 - 2014-06-28 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-28 13:42 - 2014-06-28 13:42 - 02650408 _____ (Malwarebytes ) C:\Users\test\Downloads\mbae-setup-1.03.1.1220.exe
2014-06-26 21:13 - 2014-06-26 21:13 - 01680483 _____ () C:\Users\test\Downloads\dex2jar-0.0.9.15.zip
2014-06-26 21:10 - 2013-11-16 21:33 - 00000000 ____D () C:\Users\test\Desktop\TABLETANDPHONE IMPORTANT
2014-06-26 21:08 - 2014-06-26 21:07 - 52253462 _____ () C:\Users\test\Downloads\GBOD_1.4.1.apk
2014-06-25 20:45 - 2014-06-25 20:45 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf90d7f57546e3
2014-06-25 20:45 - 2014-06-25 20:45 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf90d7f37ec6b7
2014-06-24 19:18 - 2014-06-24 19:18 - 00036830 _____ () C:\Users\test\Downloads\FromDarkness.zip
2014-06-24 19:01 - 2014-06-24 19:01 - 32483740 _____ () C:\Users\test\Downloads\Boulder.zip
2014-06-23 17:47 - 2009-07-14 01:08 - 00032534 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-06-21 17:52 - 2014-06-21 17:52 - 00000000 ____D () C:\Users\test\Downloads\minecraftpe
2014-06-19 18:57 - 2013-03-03 21:00 - 00000000 ____D () C:\Users\test\Documents\Camtasia Studio
2014-06-19 18:38 - 2014-06-19 18:38 - 00285344 _____ () C:\Users\test\Downloads\34005__jobro__eas-beep.wma
2014-06-19 18:36 - 2014-06-19 18:36 - 00022525 _____ () C:\Users\test\Downloads\34005__jobro__eas-beep.ogg
2014-06-18 21:00 - 2013-03-03 20:39 - 00006656 _____ () C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-17 20:17 - 2013-06-03 12:55 - 00000000 ____D () C:\Users\test\AppData\Local\Paint.NET
2014-06-16 17:50 - 2014-06-08 18:46 - 00000000 ____D () C:\Users\test\Desktop\c4d rigs
2014-06-16 16:35 - 2014-06-16 16:34 - 28820329 _____ () C:\Users\test\Downloads\modpack (3).zip
2014-06-16 16:34 - 2014-06-16 16:33 - 28820329 _____ () C:\Users\test\Downloads\modpack (2).zip
2014-06-16 16:32 - 2014-06-16 16:32 - 28820329 _____ () C:\Users\test\Downloads\modpack (1).zip
2014-06-16 16:26 - 2014-06-16 16:26 - 07399578 _____ () C:\Users\test\Downloads\modpack (6).zip
2014-06-14 13:00 - 2013-02-03 16:41 - 00000000 ____D () C:\Users\test\AppData\Local\Google
2014-06-13 20:30 - 2014-06-13 20:30 - 02269863 _____ () C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-installer (2).jar
2014-06-13 20:28 - 2014-06-13 20:28 - 00090835 _____ () C:\Users\test\Downloads\[1.7.2]BigItemsModInstaller.jar
2014-06-13 20:21 - 2014-06-13 20:20 - 53514938 _____ () C:\Users\test\Downloads\MorphHideAndSeekServer.zip
2014-06-13 20:18 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\VoidLauncher
2014-06-13 20:18 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.VoidLauncher
2014-06-13 20:18 - 2014-06-13 20:17 - 02534838 _____ () C:\Users\test\Downloads\VoidLauncher.zip
2014-06-13 18:43 - 2014-06-13 18:43 - 00386383 _____ (http://magiclauncher.com) C:\Users\test\Downloads\MagicLauncher_1.2.5.exe
2014-06-13 17:49 - 2013-02-05 14:33 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 15:41 - 2013-08-19 15:55 - 00000000 ____D () C:\windows\system32\MRT
2014-06-12 15:39 - 2012-08-12 15:28 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-12 15:34 - 2014-05-06 20:57 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-11 20:44 - 2014-06-11 20:44 - 01972443 _____ () C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-universal.jar
2014-06-11 20:40 - 2014-06-11 20:39 - 08396743 _____ () C:\Users\test\Downloads\modpack.zip
2014-06-11 20:14 - 2014-06-11 20:14 - 00013093 _____ () C:\Users\test\Downloads\modpack.zip.download
2014-06-10 19:09 - 2014-06-10 18:15 - 00000000 ____D () C:\Users\test\Desktop\TheUltimateMobpack!
2014-06-10 18:49 - 2014-06-10 18:49 - 01900295 _____ () C:\Users\test\Downloads\minecraftforge-universal-1.6.4-9.11.0.883.jar
2014-06-10 18:32 - 2014-06-10 18:31 - 01020488 _____ () C:\Users\test\Downloads\Morph-Beta-0.7.1.zip
2014-06-10 18:14 - 2014-06-10 18:14 - 00456541 _____ () C:\Users\test\Downloads\[1.6.4]MoreWolvesMod.zip
2014-06-10 18:11 - 2014-06-10 18:11 - 04290345 _____ () C:\Users\test\Downloads\LotsOMobs_104.0.0.jar
2014-06-10 18:07 - 2014-06-13 18:05 - 00108324 _____ () C:\Users\test\Desktop\Animals mod planetcraft (9).zip
2014-06-10 18:07 - 2014-06-10 18:07 - 00108324 _____ () C:\Users\test\Downloads\Animals mod planetcraft (9).zip
2014-06-10 17:37 - 2014-06-10 17:37 - 22012596 _____ () C:\Users\test\Downloads\DrZharks MoCreatures Mod v6.1.0.zip
2014-06-09 20:35 - 2014-06-09 19:45 - 00000000 ____D () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion)
2014-06-09 19:43 - 2014-06-09 19:42 - 28568219 _____ () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion).rar
2014-06-09 18:25 - 2014-06-09 18:25 - 02129030 _____ () C:\Users\test\Documents\testanimation.obj
2014-06-09 18:25 - 2014-06-09 18:25 - 00006963 _____ () C:\Users\test\Documents\testanimation.mtl
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 ___HD () C:\CanoScan
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 ____D () C:\Users\test\Downloads\lide80vst7250a_xpen
2014-06-09 17:49 - 2014-06-09 17:48 - 06341968 _____ () C:\Users\test\Downloads\lide80vst7250a_xpen.exe
2014-06-08 21:30 - 2014-06-08 21:30 - 00574639 _____ () C:\Users\test\Documents\teamcrafted.c4d
2014-06-08 21:22 - 2014-06-08 21:22 - 01966760 _____ () C:\Users\test\Downloads\winrar-x64-501.exe
2014-06-08 21:22 - 2014-06-08 21:22 - 00000986 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-08 21:16 - 2014-06-08 21:14 - 00000000 ____D () C:\Users\test\Downloads\Minecraft Steve Rig v1.2 (by WeedLion)
2014-06-08 21:14 - 2014-06-08 21:14 - 05528688 _____ () C:\Users\test\Downloads\Minecraft Steve Rig v1.2 (by WeedLion).rar
2014-06-08 20:59 - 2014-06-08 20:59 - 00032813 _____ () C:\Users\test\Documents\teamcrafted.obj
2014-06-08 20:59 - 2014-06-08 20:59 - 00000228 _____ () C:\Users\test\Documents\teamcrafted.mtl
2014-06-08 20:19 - 2014-06-08 20:19 - 05362369 _____ () C:\Users\test\Downloads\mineways.zip
2014-06-08 20:19 - 2014-06-08 20:19 - 00000000 ____D () C:\Users\test\Downloads\mineways
2014-06-08 20:08 - 2013-10-05 07:07 - 00247216 _____ () C:\windows\PFRO.log
2014-06-08 18:34 - 2014-06-08 18:34 - 00694267 _____ () C:\Users\test\Downloads\MC RIG 2013.rar
2014-06-08 18:26 - 2014-06-08 18:26 - 04078448 _____ () C:\Users\test\Downloads\SkybriXs C4D Craft Pack.zip
2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Users\test\AppData\Roaming\MAXON
2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
2014-06-08 18:04 - 2014-06-08 18:04 - 00440812 _____ () C:\Users\test\Downloads\WM v1.1.1.2 (2).zip
2014-06-08 18:04 - 2014-06-08 18:04 - 00440812 _____ () C:\Users\test\Downloads\WM v1.1.1.2 (1).zip
2014-06-08 18:03 - 2013-08-01 16:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-08 18:01 - 2014-06-08 18:01 - 00000000 ____D () C:\Program Files\MAXON
2014-06-08 17:56 - 2014-06-08 17:46 - 00000000 ____D () C:\Users\test\Downloads\installer_r15_demo
2014-06-08 17:47 - 2014-06-08 17:47 - 00274248 _____ () C:\Users\test\Downloads\UNIQUE ANIMALS MOD 0.0.5 - 1.5.2.zip
2014-06-08 17:17 - 2014-06-08 15:46 - 2958994837 _____ () C:\Users\test\Downloads\installer_r15_demo.zip
2014-06-08 17:00 - 2013-11-02 17:25 - 00000000 ____D () C:\Program Files (x86)\RAR Password Unlocker
2014-06-08 16:55 - 2013-06-13 16:21 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-06-08 16:49 - 2012-03-15 21:08 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-06-08 16:48 - 2014-06-08 16:47 - 03827245 _____ () C:\Users\test\Downloads\BTWMod4-99999A0CbMarsupial.zip
2014-06-08 16:46 - 2012-03-15 21:08 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-06-08 16:44 - 2012-03-15 21:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-08 16:39 - 2012-03-15 21:09 - 00000000 ____D () C:\ProgramData\Toshiba
2014-06-08 16:32 - 2014-06-08 16:32 - 00009600 _____ () C:\Users\test\Downloads\RoboticStoneMod.zip
2014-06-08 16:31 - 2013-02-03 18:04 - 00000000 ____D () C:\Users\test\AppData\Local\TOSHIBA
2014-06-08 16:20 - 2013-06-14 19:02 - 00000000 ____D () C:\Program Files (x86)\Pinnacle
2014-06-08 16:13 - 2013-06-14 19:02 - 00000000 ____D () C:\ProgramData\Pinnacle
2014-06-08 16:07 - 2014-04-19 20:03 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-06-08 16:05 - 2013-06-04 17:53 - 00000000 ____D () C:\Program Files (x86)\MediaFire Express
2014-06-08 16:04 - 2014-01-20 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-06-08 16:04 - 2014-01-20 21:20 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-06-08 16:04 - 2013-02-03 16:41 - 00000000 ____D () C:\Users\test
2014-06-08 15:39 - 2014-04-19 19:57 - 00000000 ____D () C:\ProgramData\Autodesk
2014-06-08 15:26 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-08 15:15 - 2013-10-08 19:26 - 00000000 ____D () C:\Users\test\AppData\Local\Android
2014-06-08 15:08 - 2012-03-15 21:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-08 14:57 - 2014-01-03 15:47 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-08 05:13 - 2014-06-11 20:16 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 20:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-05 21:27 - 2013-05-14 20:03 - 00000000 ____D () C:\Users\test\AppData\Roaming\.technic
2014-06-04 20:54 - 2013-05-14 20:03 - 02346942 _____ () C:\Users\test\Desktop\TechnicLauncher.exe
2014-06-03 20:10 - 2013-10-22 19:18 - 00000000 ____D () C:\Users\test\workspace
2014-06-03 20:03 - 2009-07-14 01:13 - 00783360 _____ () C:\windows\system32\PerfStringBackup.INI
 
Some content of TEMP:
====================
C:\Users\test\AppData\Local\Temp\7za.exe
C:\Users\test\AppData\Local\Temp\AcDeltree.exe
C:\Users\test\AppData\Local\Temp\DLMGuardian.exe
C:\Users\test\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnhqqxm.dll
C:\Users\test\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\test\AppData\Local\Temp\GLFC7E9.tmp.dll
C:\Users\test\AppData\Local\Temp\GLFDA23.tmp.dll
C:\Users\test\AppData\Local\Temp\hijackthis.exe
C:\Users\test\AppData\Local\Temp\InstHelper.exe
C:\Users\test\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\test\AppData\Local\Temp\NirCmd.exe
C:\Users\test\AppData\Local\Temp\PEVZ.EXE
C:\Users\test\AppData\Local\Temp\pylE7FD.tmp.exe
C:\Users\test\AppData\Local\Temp\remove.exe
C:\Users\test\AppData\Local\Temp\sed.exe
C:\Users\test\AppData\Local\Temp\shortcut.exe
C:\Users\test\AppData\Local\Temp\SkypeSetup.exe
C:\Users\test\AppData\Local\Temp\swreg.exe
C:\Users\test\AppData\Local\Temp\swxcacls.exe
C:\Users\test\AppData\Local\Temp\wget.exe
C:\Users\test\AppData\Local\Temp\zoek-delete.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-07 19:29
 

==================== End Of Log ============================ 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites
smemeber

smemeber

Posted
  • Author
Posted

I scanned, here's the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 03/07/2014
Scan Time: 4:15:42 PM
Logfile: log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.02.08
Rootkit Database: v2014.07.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: test
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375844
Time Elapsed: 26 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-573630501-3468752300-2657990606-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [744c386299e286b06348b09abf4323dd], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, , [eed2504a79022c0a08d7149d51b1847c], 
 
Registry Values: 2
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_Dlls, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, , [00c08b0f9fdc999d7b1e64a7907401ff]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, , [eed2504a79022c0a08d7149d51b1847c]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 9
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\Logs, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\Logs, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\rep, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\UI, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\UI\rep, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.Extutil.A, C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [8a3607934c2ff93db8aa6c43ab57966a], 
PUP.Optional.Managera.A, C:\Users\test\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [50700694007bd36382e1d0df8280c040], 
 
Files: 11
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [c1ff900a601bf73f89763f6d9a68eb15], 
PUP.Optional.Extutil.A, C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [8a3607934c2ff93db8aa6c43ab57966a], 
PUP.Optional.Extutil.A, C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [8a3607934c2ff93db8aa6c43ab57966a], 
PUP.Optional.Extutil.A, C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [8a3607934c2ff93db8aa6c43ab57966a], 
PUP.Optional.Managera.A, C:\Users\test\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [50700694007bd36382e1d0df8280c040], 
PUP.Optional.Managera.A, C:\Users\test\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [50700694007bd36382e1d0df8280c040], 
PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=",), ,[4c747d1d83f8f046bf507a46729203fd]
PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=" ],), ,[c5fb3e5cd1aaa393a69befd144c0e21e]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please restart the computer and run the following.

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Link to post
Share on other sites
  • 2 weeks later...
smemeber

smemeber

Posted
  • Author
Posted

IMPORTANT NOTE: The PUP's that are in the chrome preferences folder have always shown up in the scan, no matter how many times i try to quarantine it.......

 

Also, just looked at the log, the search engine it's showing was the default search engine a long time ago after I installed some freeware, but I removed that virus a long time ago, so I don't know how it could still be there........

 

Do you think it has anything to do with MOM.exe and CCC.exe?

 

 

Log: 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 20/07/2014
Scan Time: 3:33:41 PM
Logfile: secondlog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.20.05
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: test
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393063
Time Elapsed: 45 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=",), Replaced,[861b1b85c7b4a09684e49248f80ca957]
PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=" ],), Replaced,[a8f98c14ee8d1d194654855526de46ba]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

You need to log onto your Google Chrome website and then under options disable ALL synching  - then after that's done reset your browsers to default.

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 
 

Give that a try and let me know.

Link to post
Share on other sites
smemeber

smemeber

Posted
  • Author
Posted

I couldn't find the syncing setting, but I did reset my browser. Anyways, I did a custom scan of the chrome folder, and the PUP is still there  :angry2:

 

Log: 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/07/2014
Scan Time: 4:39:49 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.20.05
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: test
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 368821
Time Elapsed: 16 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=",), ,[7e47940d592201357deb6e6c4eb6ed13]
PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=" ],), ,[4580b8e9e695d363752598420afa02fe]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
smemeber

smemeber

Posted
  • Author
Posted

UPDATE: I was wondering if i can use FRST and get addition.txt, because in an old log I had, I found this in the log:

 

==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2013-02-04 15:55 - 00445034 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
-----------------------------------------------------------------------------------
 
Not one of these links looks legit. Really? "100sexlinks.com"? I don't think that helps my PC much  :rolleyes:. It's an old log, and I did quite a bit of cleaning after,  so Those links or whatever it is are probably gone, but I just want to double check :)
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Those links are legit. It tells the computer to ignore those sites when found and look at your own local computer on purpose.
 
Please download the correct version of SystemLook for your computer and save it to your desktop.
You can check here if you're not sure if your computer is 32-bit or 64-bit

SystemLook 32-bit x86 | or | SystemLook 64-bit x64

  • If using Windows XP just double click on SystemLook.exe to run it.
  • For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it
  • Copy the contents of the following code box into the main text field - including the colon characters.
    :filefind*conduit*:folderfind*conduit*:regfindconduit
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop named SystemLook.txt
Link to post
Share on other sites
smemeber

smemeber

Posted
  • Author
Posted
SystemLook 30.07.11 by jpshortstuff

Log created at 15:49 on 23/07/2014 by test

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*conduit*"

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1207392 bytes [16:43 06/12/2012] [16:43 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C

 

========== folderfind ==========

 

Searching for "*conduit*"

No folders found.

 

========== regfind ==========

 

Searching for "conduit"

[HKEY_CURRENT_USER\Software\Classes\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]

@="BIMConduitConnectorDefinition"

[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]

@="BIMConduitConnectorDefinition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]

@="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]

@="IControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}]

@="IControllerConduitCallback"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.10.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.10.0]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32\10.0.0.0]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]

@="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]

@="IControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}]

@="IControllerConduitCallback"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation\Debugger]

"ControllerConduitTypeName"="Microsoft.Workflow.DebugEngine.ControllerConduit, Microsoft.Workflow.DebugController, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]

"045F27F206F16624596059B2126D46D0"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation\Debugger]

"ControllerConduitTypeName"="Microsoft.Workflow.DebugEngine.ControllerConduit, Microsoft.Workflow.DebugController, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32\10.0.0.0]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]

@="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]

@="IControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}]

@="IControllerConduitCallback"

[HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004\Software\Classes\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]

@="BIMConduitConnectorDefinition"

[HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004\Software\Classes\Wow6432Node\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]

@="BIMConduitConnectorDefinition"

[HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]

@="BIMConduitConnectorDefinition"

[HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\Wow6432Node\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]

@="BIMConduitConnectorDefinition"

 

-= EOF =-

 

P.S this is a used version of systemlook

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Those entries are okay. It is only contained in the Chrome settings file. 

 

 

Chrome
First disable online data sync (Export your bookmarks if wanted)
How To Delete Your Google Chrome Browser Sync Data

 

Then reset the settings of Chrome which will include removing any bad entries like this.
Chrome - Reset browser settings
 

 

Then restart and test again and let me know.

 

Link to post
Share on other sites
smemeber

smemeber

Posted
  • Author
Posted

here's the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 28/07/2014
Scan Time: 11:19:02 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.25.07
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: test
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398923
Time Elapsed: 2 hr, 34 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=",), ,[d9c8c2de3843f73f8341c81c659fc838]
PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=" ],), ,[59480a96d9a270c6d62023c10ef6d22e]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay well this has to be a Chrome issue. Since you're having a bit of trouble clearing it please do the following.

If possible uninstall Chrome from your Control Panel, Add/Remove and when asked also delete ALL content.

If you've already removed Chrome then temporarily reinstall it, reboot the computer. Then logon and go to the Sync as shown before and disable sync of all items and delete cache as well (make sure that Chrome is closed at the time - use IE if possible for that)

Then go into Control Panel, Add/Remove and again choose to uninstall Chrome and delete ALL content. Then restart the computer again and run a new MBAM scan and post back the results.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please restart the computer 2 times. Then run the following.

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

If that still comes back clean then go ahead and reinstall Chrome if you want to use it.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.