smemeber
-
Posts
133 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by smemeber
-
Logs coming soon It's not the same computer.
-
Okay. I don't think it's an Eset problem now as the whole computer froze and I had to do a cold boot, so should I run Windows repair all in one? Thanks
-
Update: the CPU is also around 95-100%
-
Hi malwarebytes, on one of my computers Eset is frozen and won't close with task manager, what should I do? Thanks
-
136 threats, mostly PUPS, but there might of been 1 or 2 Trojans there.
-
Scanned, nothing found, and my computer is back to normal
-
Another update: now that I think about it, this is very similar to what happened when I had a malware exe file called zie.exe. The removal topic is here if you want. Do you think zie.exe came back for it's "vengeance"? .Anyways, like I said before, should I scan on safe mode, with a flash drive, or on normal mode? Thanks
-
Sorry for the late reply Anyways, I was playing a game called Garry's mod, but it froze and then gave me a BSOD. I restarted and my computer was VERY slow and it gave me an error message when I shut it down. Should I put it in safe mode?
-
Scanned, and conduit was gone! Should I re-install chrome now?
-
here's the log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 28/07/2014Scan Time: 11:19:02 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.25.07Rootkit Database: v2014.07.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: test Scan Type: Threat ScanResult: CompletedObjects Scanned: 398923Time Elapsed: 2 hr, 34 min, 57 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 2PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=",), ,[d9c8c2de3843f73f8341c81c659fc838] PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=" ],), ,[59480a96d9a270c6d62023c10ef6d22e] Physical Sectors: 0(No malicious items detected) (end)
-
Are you still here?
-
For some reason the "stop sync and delete data from google" button wasn't there...... I did reset my browser though. Malwarebytes still shows the PUP
-
SystemLook 30.07.11 by jpshortstuff Log created at 15:49 on 23/07/2014 by test Administrator - Elevation successful ========== filefind ========== Searching for "*conduit*" C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1207392 bytes [16:43 06/12/2012] [16:43 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C ========== folderfind ========== Searching for "*conduit*" No folders found. ========== regfind ========== Searching for "conduit" [HKEY_CURRENT_USER\Software\Classes\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}] @="BIMConduitConnectorDefinition" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}] @="BIMConduitConnectorDefinition" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}] @="Microsoft.Workflow.DebugEngine.ControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32] "Class"="Microsoft.Workflow.DebugEngine.ControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId] @="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}] @="IControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}] @="IControllerConduitCallback" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.10.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.10.0] @="Microsoft.Workflow.DebugEngine.ControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}] @="Microsoft.Workflow.DebugEngine.ControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32] "Class"="Microsoft.Workflow.DebugEngine.ControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32\10.0.0.0] "Class"="Microsoft.Workflow.DebugEngine.ControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId] @="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}] @="IControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}] @="IControllerConduitCallback" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation\Debugger] "ControllerConduitTypeName"="Microsoft.Workflow.DebugEngine.ControllerConduit, Microsoft.Workflow.DebugController, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966] "045F27F206F16624596059B2126D46D0"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation\Debugger] "ControllerConduitTypeName"="Microsoft.Workflow.DebugEngine.ControllerConduit, Microsoft.Workflow.DebugController, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}] @="Microsoft.Workflow.DebugEngine.ControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32] "Class"="Microsoft.Workflow.DebugEngine.ControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32\10.0.0.0] "Class"="Microsoft.Workflow.DebugEngine.ControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId] @="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}] @="IControllerConduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}] @="IControllerConduitCallback" [HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004\Software\Classes\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}] @="BIMConduitConnectorDefinition" [HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004\Software\Classes\Wow6432Node\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}] @="BIMConduitConnectorDefinition" [HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}] @="BIMConduitConnectorDefinition" [HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\Wow6432Node\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}] @="BIMConduitConnectorDefinition" -= EOF =- P.S this is a used version of systemlook
-
UPDATE: I was wondering if i can use FRST and get addition.txt, because in an old log I had, I found this in the log: ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-02-04 15:55 - 00445034 ____N C:\windows\system32\Drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 www.10sek.com127.0.0.1 10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 www.123fporn.info127.0.0.1 123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com127.0.0.1 123moviedownload.com There are 1000 more lines. ----------------------------------------------------------------------------------- Not one of these links looks legit. Really? "100sexlinks.com"? I don't think that helps my PC much . It's an old log, and I did quite a bit of cleaning after, so Those links or whatever it is are probably gone, but I just want to double check
-
I couldn't find the syncing setting, but I did reset my browser. Anyways, I did a custom scan of the chrome folder, and the PUP is still there Log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 22/07/2014Scan Time: 4:39:49 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.20.05Rootkit Database: v2014.07.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: test Scan Type: Custom ScanResult: CompletedObjects Scanned: 368821Time Elapsed: 16 min, 52 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 2PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=",), ,[7e47940d592201357deb6e6c4eb6ed13] PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=" ],), ,[4580b8e9e695d363752598420afa02fe] Physical Sectors: 0(No malicious items detected) (end)
-
UPDATE: looks like CCC.exe is just a system file, although it's getting some mixed reviews on virustotal: https://www.virustotal.com/en/file/f2164c69c089e5f9a32207e6b36808861692fa923318bff23447a34b2157cdea/analysis/1405888415/
-
IMPORTANT NOTE: The PUP's that are in the chrome preferences folder have always shown up in the scan, no matter how many times i try to quarantine it....... Also, just looked at the log, the search engine it's showing was the default search engine a long time ago after I installed some freeware, but I removed that virus a long time ago, so I don't know how it could still be there........ Do you think it has anything to do with MOM.exe and CCC.exe? Log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 20/07/2014Scan Time: 3:33:41 PMLogfile: secondlog.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.20.05Rootkit Database: v2014.07.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: test Scan Type: Threat ScanResult: CompletedObjects Scanned: 393063Time Elapsed: 45 min, 26 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 2PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=",), Replaced,[861b1b85c7b4a09684e49248f80ca957] PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=" ],), Replaced,[a8f98c14ee8d1d194654855526de46ba] Physical Sectors: 0(No malicious items detected) (end)
-
Sorry for the late reply I'm scanning right now
-
I did. Should I re-scan?
-
I scanned, here's the log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 03/07/2014Scan Time: 4:15:42 PMLogfile: log.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.02.08Rootkit Database: v2014.07.01.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: test Scan Type: Threat ScanResult: CompletedObjects Scanned: 375844Time Elapsed: 26 min, 51 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 2PUP.Optional.SearchProtect.A, HKU\S-1-5-21-573630501-3468752300-2657990606-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [744c386299e286b06348b09abf4323dd], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, , [eed2504a79022c0a08d7149d51b1847c], Registry Values: 2PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_Dlls, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, , [00c08b0f9fdc999d7b1e64a7907401ff]PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, , [eed2504a79022c0a08d7149d51b1847c] Registry Data: 0(No malicious items detected) Folders: 9PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\Logs, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\Logs, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\rep, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\UI, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\UI\rep, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.Extutil.A, C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [8a3607934c2ff93db8aa6c43ab57966a], PUP.Optional.Managera.A, C:\Users\test\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [50700694007bd36382e1d0df8280c040], Files: 11PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.SearchProtect.A, C:\Users\test\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [c1ff900a601bf73f89763f6d9a68eb15], PUP.Optional.Extutil.A, C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [8a3607934c2ff93db8aa6c43ab57966a], PUP.Optional.Extutil.A, C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [8a3607934c2ff93db8aa6c43ab57966a], PUP.Optional.Extutil.A, C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [8a3607934c2ff93db8aa6c43ab57966a], PUP.Optional.Managera.A, C:\Users\test\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [50700694007bd36382e1d0df8280c040], PUP.Optional.Managera.A, C:\Users\test\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [50700694007bd36382e1d0df8280c040], PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=",), ,[4c747d1d83f8f046bf507a46729203fd] PUP.Optional.Conduit.A, C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=" ],), ,[c5fb3e5cd1aaa393a69befd144c0e21e] Physical Sectors: 0(No malicious items detected) (end)
-
Rkill seems to not work .
-
Also, malwarebytes didn't crash. It found quite a bit of malware (with no log). Anyways I (may) have deleted it......
-
Never mind, I fixed it
-
Hi Malwarebytes. I recently went into malwarebytes and did a scan and found 1 malware. now you might be thinking : OH NO! 1 MALWARE! MALWAREBYTES HAS NO CHANCE OF STOPPING THAT!(sarcasm) What you didn't know is that Malwarebytes crashed shortly after it found the malware. Up there was some important info, I just wanted to jazz it up a little Anyways, I went to task manager and found two unknown processes (It might just be windows but it doesn't look like it): CCC.exe and MOM.exe. The description for CCC.exe is: Catalyst Control Center: Host application. The one for MOM.exe is: Catalyst Control Center: Monitoring Program. What this file looks like to me is some kind of fake "internet sitter". If you don't know what that is it's what they put on computers used by kids to block websites with porn, viruses, inappropriate content, etc. What I think it might do is block me from every website saying that they are"restricted". It hasn't done anything bad yet but it might soon. Here's the FRST log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02Ran by test (administrator) on JUSTIIN-PC on 30-06-2014 15:49:09Running from C:\Users\test\Downloads\FRST-OlderVersion\FRST-OlderVersionPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Dropbox, Inc.) C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe(Sierra Wireless Inc.) C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-17] (SRS Labs, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [TRUUpdater] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.)HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)HKU\S-1-5-21-573630501-3468752300-2657990606-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-15] (Google Inc.)HKU\S-1-5-21-573630501-3468752300-2657990606-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X]HKU\S-1-5-21-573630501-3468752300-2657990606-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-15] (Google Inc.)HKU\S-1-5-21-573630501-3468752300-2657990606-1004\...\Run: [Akamai NetSession Interface] => "C:\Users\test\AppData\Local\Akamai\netsession_win.exe"HKU\S-1-5-21-573630501-3468752300-2657990606-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-15] (Google Inc.)HKU\S-1-5-21-573630501-3468752300-2657990606-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => "C:\Users\test\AppData\Local\Akamai\netsession_win.exe"AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not FoundStartup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.lnkShortcutTarget: Adobe.lnk -> C:\Users\test\AppData\Roaming\data\Adobe.vbs (No File)Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCASearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCASearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCASearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&q={searchTerms}&SSPV=SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&q={searchTerms}&SSPV=SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCD_enCA496SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E}: [NameServer]64.71.255.205 64.71.255.253 FireFox:========FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.defaultFF DefaultSearchEngine: Norton Safe SearchFF SelectedSearchEngine: Norton Safe SearchFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-02]FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-02] Chrome: =======CHR HomePage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV=CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9807AC10-21E2-4C9A-B894-BDB7C69E97C5&SSPV="CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()CHR Plugin: (Norton Identity Safe) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Extension: (Minecraft 2D) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmbhgomhppajmfjpllklachcikbflfk [2013-05-11]CHR Extension: (Angry Birds) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-03-20]CHR Extension: (Google Docs) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-10]CHR Extension: (Google Drive) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-10]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-10]CHR Extension: (Adblock Plus) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-29]CHR Extension: (Google Search) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-10]CHR Extension: (XJZ Survey Remover) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh [2014-06-28]CHR Extension: (Minecraft Tower Defense) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\djankeomhapijmcecgohnhhfppehfbkc [2013-05-23]CHR Extension: (Powered by Redstone) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaafagdemifnmjbmblhleneomcfdmofm [2013-05-23]CHR Extension: (backgroundPage) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-03-20]CHR Extension: (AdBlock) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-18]CHR Extension: (Cut the Rope) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-06-14]CHR Extension: (Cut the Rope) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\habdpkhpblcjnaceicglhhnbaikmicoo [2013-06-21]CHR Extension: (Angry Birds Space HD) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\headjcpkijafflpiedpeefofgjfcbkkb [2013-05-07]CHR Extension: (Angry Birds Rio) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbmidndnnlgjoedckgkmdhgaphfbkaf [2013-06-14]CHR Extension: (Ultimate Flash Sonic) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp [2013-03-20]CHR Extension: (Mine Clone) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimhmcpjdmonneljpfolgacbkdoocmpd [2013-05-23]CHR Extension: (Google Forms) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2013-05-08]CHR Extension: (MP3 Player) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadoojjbafjcfdjcafflfnoimccbnlfd [2013-05-11]CHR Extension: (Quick Earth) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2013-03-19]CHR Extension: (Gmail Print All for Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfcbaaedcknfcojckihmfmolepkpihp [2013-06-14]CHR Extension: (Games) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdiijhhdoaefbcpgngkfeckicgphcof [2013-05-08]CHR Extension: (Google Wallet) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]CHR Extension: (Clash of Clans) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofafmlelfljkaoaglplpikoonkceepai [2014-03-09]CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2014-04-23]CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-10]CHR Extension: (Extutil) - C:\Users\test\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-02-15]CHR Extension: (Managera) - C:\Users\test\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-02-15] ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [321392 2011-11-03] (Sierra Wireless, Inc.)R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-30] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.)R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-30 15:36 - 2014-06-30 15:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-30 15:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-06-30 15:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-06-29 15:45 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.electriciansjourney2014-06-29 15:36 - 2014-06-29 15:37 - 00000000 ____D () C:\Users\test\Desktop\test2014-06-29 14:56 - 2014-06-29 15:13 - 00000000 ____D () C:\Users\test\Desktop\Website2014-06-29 14:45 - 2014-03-18 05:15 - 00000000 ____D () C:\Users\test\Desktop\SGH-I317M2014-06-29 14:44 - 2014-06-29 14:44 - 13828035 _____ () C:\Users\test\Downloads\SGH-I317M.zip2014-06-29 14:25 - 2014-06-29 14:31 - 00000286 _____ () C:\Users\test\Desktop\index.html2014-06-29 14:24 - 2014-06-29 14:24 - 00204568 _____ () C:\Users\test\Downloads\bootstrap-3.2.0-dist.zip2014-06-29 14:22 - 2014-06-29 14:35 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\test\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe2014-06-29 14:02 - 2014-06-29 14:02 - 00006853 _____ () C:\Users\test\Downloads\download (18).jpeg2014-06-28 16:46 - 2014-06-28 16:46 - 00004094 _____ () C:\Users\test\Downloads\MAX TROOPS HACK.zip2014-06-28 15:30 - 2014-06-28 15:30 - 00788580 _____ () C:\Users\test\Downloads\jd-gui-0.3.6.windows.zip2014-06-28 14:58 - 2014-06-28 14:58 - 00742594 _____ () C:\Users\test\Downloads\Clash of CLans v1.4.3.zip2014-06-28 13:43 - 2014-06-28 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2014-06-28 13:43 - 2014-06-28 13:43 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk2014-06-28 13:43 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2014-06-28 13:43 - 2014-06-28 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit2014-06-28 13:42 - 2014-06-28 13:42 - 02650408 _____ (Malwarebytes ) C:\Users\test\Downloads\mbae-setup-1.03.1.1220.exe2014-06-26 21:13 - 2014-06-26 21:13 - 01680483 _____ () C:\Users\test\Downloads\dex2jar-0.0.9.15.zip2014-06-26 21:07 - 2014-06-26 21:08 - 52253462 _____ () C:\Users\test\Downloads\GBOD_1.4.1.apk2014-06-25 20:45 - 2014-06-30 15:50 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf90d7f57546e3.job2014-06-25 20:45 - 2014-06-30 13:32 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf90d7f37ec6b7.job2014-06-25 20:45 - 2014-06-25 20:45 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf90d7f57546e32014-06-25 20:45 - 2014-06-25 20:45 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf90d7f37ec6b72014-06-24 19:18 - 2014-06-24 19:18 - 00036830 _____ () C:\Users\test\Downloads\FromDarkness.zip2014-06-24 19:01 - 2014-06-24 19:01 - 32483740 _____ () C:\Users\test\Downloads\Boulder.zip2014-06-21 17:52 - 2014-06-21 17:52 - 00000000 ____D () C:\Users\test\Downloads\minecraftpe2014-06-19 18:38 - 2014-06-19 18:38 - 00285344 _____ () C:\Users\test\Downloads\34005__jobro__eas-beep.wma2014-06-19 18:36 - 2014-06-19 18:36 - 00022525 _____ () C:\Users\test\Downloads\34005__jobro__eas-beep.ogg2014-06-16 16:34 - 2014-06-16 16:35 - 28820329 _____ () C:\Users\test\Downloads\modpack (3).zip2014-06-16 16:33 - 2014-06-16 16:34 - 28820329 _____ () C:\Users\test\Downloads\modpack (2).zip2014-06-16 16:32 - 2014-06-16 16:32 - 28820329 _____ () C:\Users\test\Downloads\modpack (1).zip2014-06-16 16:26 - 2014-06-16 16:26 - 07399578 _____ () C:\Users\test\Downloads\modpack (6).zip2014-06-13 20:30 - 2014-06-13 20:30 - 02269863 _____ () C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-installer (2).jar2014-06-13 20:28 - 2014-06-13 20:28 - 00090835 _____ () C:\Users\test\Downloads\[1.7.2]BigItemsModInstaller.jar2014-06-13 20:23 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft22014-06-13 20:20 - 2014-06-13 20:21 - 53514938 _____ () C:\Users\test\Downloads\MorphHideAndSeekServer.zip2014-06-13 20:18 - 2014-06-29 21:52 - 00000000 ____D () C:\VoidLauncher2014-06-13 20:18 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft2014-06-13 20:18 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.aethericcrusade2014-06-13 20:18 - 2014-06-29 15:40 - 00000000 ____D () C:\Users\test\AppData\Roaming\.beta-jurassiccraft2014-06-13 20:18 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\VoidLauncher2014-06-13 20:18 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.VoidLauncher2014-06-13 20:17 - 2014-06-13 20:18 - 02534838 _____ () C:\Users\test\Downloads\VoidLauncher.zip2014-06-13 18:43 - 2014-06-13 18:43 - 00386383 _____ (http://magiclauncher.com) C:\Users\test\Downloads\MagicLauncher_1.2.5.exe 2014-06-13 18:05 - 2014-06-10 18:07 - 00108324 _____ () C:\Users\test\Desktop\Animals mod planetcraft (9).zip2014-06-11 20:44 - 2014-06-11 20:44 - 01972443 _____ () C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-universal.jar2014-06-11 20:39 - 2014-06-11 20:40 - 08396743 _____ () C:\Users\test\Downloads\modpack.zip2014-06-11 20:18 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-06-11 20:18 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-06-11 20:18 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-06-11 20:18 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-06-11 20:18 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-06-11 20:18 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-06-11 20:18 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-06-11 20:18 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-06-11 20:18 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-06-11 20:18 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-06-11 20:18 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-06-11 20:18 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-06-11 20:18 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-06-11 20:18 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-06-11 20:18 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-06-11 20:18 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-06-11 20:18 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-06-11 20:18 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-06-11 20:18 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-06-11 20:18 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-06-11 20:18 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-06-11 20:18 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-06-11 20:18 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-06-11 20:18 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-06-11 20:18 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-06-11 20:18 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-06-11 20:18 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-06-11 20:18 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-06-11 20:18 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-06-11 20:18 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-06-11 20:18 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-06-11 20:18 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-06-11 20:18 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-06-11 20:18 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-06-11 20:18 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-06-11 20:18 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-06-11 20:18 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-11 20:18 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-06-11 20:18 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-06-11 20:18 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-06-11 20:18 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-06-11 20:18 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-06-11 20:18 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-06-11 20:18 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-06-11 20:18 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-06-11 20:18 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-06-11 20:18 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-06-11 20:18 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-06-11 20:18 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-06-11 20:18 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-06-11 20:18 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-06-11 20:18 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-06-11 20:18 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll2014-06-11 20:18 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll2014-06-11 20:18 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2014-06-11 20:18 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS2014-06-11 20:18 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2014-06-11 20:18 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2014-06-11 20:18 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll2014-06-11 20:18 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll2014-06-11 20:18 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2014-06-11 20:18 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2014-06-11 20:18 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll2014-06-11 20:18 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll2014-06-11 20:16 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-06-11 20:16 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-06-11 20:14 - 2014-06-11 20:14 - 00013093 _____ () C:\Users\test\Downloads\modpack.zip.download2014-06-10 18:49 - 2014-06-10 18:49 - 01900295 _____ () C:\Users\test\Downloads\minecraftforge-universal-1.6.4-9.11.0.883.jar2014-06-10 18:31 - 2014-06-10 18:32 - 01020488 _____ () C:\Users\test\Downloads\Morph-Beta-0.7.1.zip2014-06-10 18:15 - 2014-06-10 19:09 - 00000000 ____D () C:\Users\test\Desktop\TheUltimateMobpack!2014-06-10 18:14 - 2014-06-10 18:14 - 00456541 _____ () C:\Users\test\Downloads\[1.6.4]MoreWolvesMod.zip2014-06-10 18:11 - 2014-06-10 18:11 - 04290345 _____ () C:\Users\test\Downloads\LotsOMobs_104.0.0.jar2014-06-10 18:07 - 2014-06-10 18:07 - 00108324 _____ () C:\Users\test\Downloads\Animals mod planetcraft (9).zip2014-06-10 17:37 - 2014-06-10 17:37 - 22012596 _____ () C:\Users\test\Downloads\DrZharks MoCreatures Mod v6.1.0.zip2014-06-09 19:45 - 2014-06-09 20:35 - 00000000 ____D () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion)2014-06-09 19:44 - 2012-12-08 07:42 - 68936437 _____ () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion).lib4d2014-06-09 19:42 - 2014-06-09 19:43 - 28568219 _____ () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion).rar2014-06-09 18:25 - 2014-06-09 18:25 - 02129030 _____ () C:\Users\test\Documents\testanimation.obj2014-06-09 18:25 - 2014-06-09 18:25 - 00006963 _____ () C:\Users\test\Documents\testanimation.mtl2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 ___HD () C:\CanoScan2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 ____D () C:\Users\test\Downloads\lide80vst7250a_xpen2014-06-09 17:48 - 2014-06-09 17:49 - 06341968 _____ () C:\Users\test\Downloads\lide80vst7250a_xpen.exe2014-06-08 21:30 - 2014-06-08 21:30 - 00574639 _____ () C:\Users\test\Documents\teamcrafted.c4d2014-06-08 21:22 - 2014-06-08 21:22 - 01966760 _____ () C:\Users\test\Downloads\winrar-x64-501.exe2014-06-08 21:22 - 2014-06-08 21:22 - 00000986 _____ () C:\Users\Public\Desktop\WinRAR.lnk2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\Program Files\WinRAR2014-06-08 21:14 - 2014-06-08 21:16 - 00000000 ____D () C:\Users\test\Downloads\Minecraft Steve Rig v1.2 (by WeedLion)2014-06-08 21:14 - 2014-06-08 21:14 - 05528688 _____ () C:\Users\test\Downloads\Minecraft Steve Rig v1.2 (by WeedLion).rar2014-06-08 20:59 - 2014-06-08 20:59 - 00032813 _____ () C:\Users\test\Documents\teamcrafted.obj2014-06-08 20:59 - 2014-06-08 20:59 - 00000228 _____ () C:\Users\test\Documents\teamcrafted.mtl2014-06-08 20:19 - 2014-06-08 20:19 - 05362369 _____ () C:\Users\test\Downloads\mineways.zip2014-06-08 20:19 - 2014-06-08 20:19 - 00000000 ____D () C:\Users\test\Downloads\mineways2014-06-08 18:46 - 2014-06-16 17:50 - 00000000 ____D () C:\Users\test\Desktop\c4d rigs2014-06-08 18:34 - 2014-06-08 18:34 - 00694267 _____ () C:\Users\test\Downloads\MC RIG 2013.rar2014-06-08 18:26 - 2014-06-08 18:26 - 04078448 _____ () C:\Users\test\Downloads\SkybriXs C4D Craft Pack.zip2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Users\test\AppData\Roaming\MAXON2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON2014-06-08 18:04 - 2014-06-08 18:04 - 00440812 _____ () C:\Users\test\Downloads\WM v1.1.1.2 (2).zip2014-06-08 18:04 - 2014-06-08 18:04 - 00440812 _____ () C:\Users\test\Downloads\WM v1.1.1.2 (1).zip2014-06-08 18:01 - 2014-06-08 18:01 - 00000000 ____D () C:\Program Files\MAXON2014-06-08 17:47 - 2014-06-08 17:47 - 00274248 _____ () C:\Users\test\Downloads\UNIQUE ANIMALS MOD 0.0.5 - 1.5.2.zip2014-06-08 17:46 - 2014-06-08 17:56 - 00000000 ____D () C:\Users\test\Downloads\installer_r15_demo2014-06-08 16:47 - 2014-06-08 16:48 - 03827245 _____ () C:\Users\test\Downloads\BTWMod4-99999A0CbMarsupial.zip2014-06-08 16:32 - 2014-06-08 16:32 - 00009600 _____ () C:\Users\test\Downloads\RoboticStoneMod.zip2014-06-08 15:46 - 2014-06-08 17:17 - 2958994837 _____ () C:\Users\test\Downloads\installer_r15_demo.zip ==================== One Month Modified Files and Folders ======= 2014-06-30 15:50 - 2014-06-25 20:45 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf90d7f57546e3.job2014-06-30 15:49 - 2014-01-02 20:29 - 00000000 ____D () C:\FRST2014-06-30 15:37 - 2014-06-30 15:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-30 15:36 - 2014-06-30 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-30 15:36 - 2014-01-03 14:24 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-30 15:36 - 2014-01-03 14:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-06-30 15:36 - 2013-02-04 17:13 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-30 15:22 - 2013-07-13 20:53 - 00000000 ____D () C:\Users\test\Downloads\powder-87.2-win322014-06-30 15:17 - 2013-06-08 17:00 - 00000000 ____D () C:\Users\test\AppData\Roaming\Dropbox2014-06-30 15:15 - 2012-03-15 21:14 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-06-30 13:52 - 2012-05-30 13:43 - 02020592 _____ () C:\windows\WindowsUpdate.log2014-06-30 13:38 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-30 13:38 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-30 13:34 - 2014-03-28 17:49 - 00000000 ____D () C:\Users\test\AppData\Roaming\DropboxMaster2014-06-30 13:33 - 2013-05-13 20:06 - 00000000 ____D () C:\Users\test\AppData\Local\Deployment2014-06-30 13:32 - 2014-06-25 20:45 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf90d7f37ec6b7.job2014-06-30 13:31 - 2013-07-14 08:38 - 00025586 _____ () C:\windows\setupact.log2014-06-30 13:31 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-06-29 21:52 - 2014-06-13 20:18 - 00000000 ____D () C:\VoidLauncher2014-06-29 15:45 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.electriciansjourney2014-06-29 15:45 - 2014-06-13 20:23 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft22014-06-29 15:45 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft2014-06-29 15:45 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.aethericcrusade2014-06-29 15:40 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.beta-jurassiccraft2014-06-29 15:37 - 2014-06-29 15:36 - 00000000 ____D () C:\Users\test\Desktop\test2014-06-29 15:13 - 2014-06-29 14:56 - 00000000 ____D () C:\Users\test\Desktop\Website2014-06-29 14:44 - 2014-06-29 14:44 - 13828035 _____ () C:\Users\test\Downloads\SGH-I317M.zip2014-06-29 14:35 - 2014-06-29 14:22 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\test\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe2014-06-29 14:31 - 2014-06-29 14:25 - 00000286 _____ () C:\Users\test\Desktop\index.html2014-06-29 14:24 - 2014-06-29 14:24 - 00204568 _____ () C:\Users\test\Downloads\bootstrap-3.2.0-dist.zip2014-06-29 14:02 - 2014-06-29 14:02 - 00006853 _____ () C:\Users\test\Downloads\download (18).jpeg2014-06-28 17:58 - 2013-07-10 19:11 - 00000000 ____D () C:\Users\test\AppData\Roaming\.minecraft2014-06-28 16:46 - 2014-06-28 16:46 - 00004094 _____ () C:\Users\test\Downloads\MAX TROOPS HACK.zip2014-06-28 16:46 - 2013-02-22 09:04 - 00000000 ____D () C:\Users\test\AppData\Roaming\SoftGrid Client2014-06-28 15:30 - 2014-06-28 15:30 - 00788580 _____ () C:\Users\test\Downloads\jd-gui-0.3.6.windows.zip2014-06-28 15:28 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2014-06-28 14:58 - 2014-06-28 14:58 - 00742594 _____ () C:\Users\test\Downloads\Clash of CLans v1.4.3.zip2014-06-28 13:43 - 2014-06-28 13:43 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk2014-06-28 13:43 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2014-06-28 13:43 - 2014-06-28 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit2014-06-28 13:42 - 2014-06-28 13:42 - 02650408 _____ (Malwarebytes ) C:\Users\test\Downloads\mbae-setup-1.03.1.1220.exe2014-06-26 21:13 - 2014-06-26 21:13 - 01680483 _____ () C:\Users\test\Downloads\dex2jar-0.0.9.15.zip2014-06-26 21:10 - 2013-11-16 21:33 - 00000000 ____D () C:\Users\test\Desktop\TABLETANDPHONE IMPORTANT2014-06-26 21:08 - 2014-06-26 21:07 - 52253462 _____ () C:\Users\test\Downloads\GBOD_1.4.1.apk2014-06-25 20:45 - 2014-06-25 20:45 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf90d7f57546e32014-06-25 20:45 - 2014-06-25 20:45 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf90d7f37ec6b72014-06-24 19:18 - 2014-06-24 19:18 - 00036830 _____ () C:\Users\test\Downloads\FromDarkness.zip2014-06-24 19:01 - 2014-06-24 19:01 - 32483740 _____ () C:\Users\test\Downloads\Boulder.zip2014-06-23 17:47 - 2009-07-14 01:08 - 00032534 _____ () C:\windows\Tasks\SCHEDLGU.TXT2014-06-21 17:52 - 2014-06-21 17:52 - 00000000 ____D () C:\Users\test\Downloads\minecraftpe2014-06-19 18:57 - 2013-03-03 21:00 - 00000000 ____D () C:\Users\test\Documents\Camtasia Studio2014-06-19 18:38 - 2014-06-19 18:38 - 00285344 _____ () C:\Users\test\Downloads\34005__jobro__eas-beep.wma2014-06-19 18:36 - 2014-06-19 18:36 - 00022525 _____ () C:\Users\test\Downloads\34005__jobro__eas-beep.ogg2014-06-18 21:00 - 2013-03-03 20:39 - 00006656 _____ () C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-06-17 20:17 - 2013-06-03 12:55 - 00000000 ____D () C:\Users\test\AppData\Local\Paint.NET2014-06-16 17:50 - 2014-06-08 18:46 - 00000000 ____D () C:\Users\test\Desktop\c4d rigs2014-06-16 16:35 - 2014-06-16 16:34 - 28820329 _____ () C:\Users\test\Downloads\modpack (3).zip2014-06-16 16:34 - 2014-06-16 16:33 - 28820329 _____ () C:\Users\test\Downloads\modpack (2).zip2014-06-16 16:32 - 2014-06-16 16:32 - 28820329 _____ () C:\Users\test\Downloads\modpack (1).zip2014-06-16 16:26 - 2014-06-16 16:26 - 07399578 _____ () C:\Users\test\Downloads\modpack (6).zip2014-06-14 13:00 - 2013-02-03 16:41 - 00000000 ____D () C:\Users\test\AppData\Local\Google2014-06-13 20:30 - 2014-06-13 20:30 - 02269863 _____ () C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-installer (2).jar2014-06-13 20:28 - 2014-06-13 20:28 - 00090835 _____ () C:\Users\test\Downloads\[1.7.2]BigItemsModInstaller.jar2014-06-13 20:21 - 2014-06-13 20:20 - 53514938 _____ () C:\Users\test\Downloads\MorphHideAndSeekServer.zip2014-06-13 20:18 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\VoidLauncher2014-06-13 20:18 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.VoidLauncher2014-06-13 20:18 - 2014-06-13 20:17 - 02534838 _____ () C:\Users\test\Downloads\VoidLauncher.zip2014-06-13 18:43 - 2014-06-13 18:43 - 00386383 _____ (http://magiclauncher.com) C:\Users\test\Downloads\MagicLauncher_1.2.5.exe 2014-06-13 17:49 - 2013-02-05 14:33 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-06-12 15:41 - 2013-08-19 15:55 - 00000000 ____D () C:\windows\system32\MRT2014-06-12 15:39 - 2012-08-12 15:28 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-06-12 15:34 - 2014-05-06 20:57 - 00000000 ___SD () C:\windows\system32\CompatTel2014-06-11 20:44 - 2014-06-11 20:44 - 01972443 _____ () C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-universal.jar2014-06-11 20:40 - 2014-06-11 20:39 - 08396743 _____ () C:\Users\test\Downloads\modpack.zip2014-06-11 20:14 - 2014-06-11 20:14 - 00013093 _____ () C:\Users\test\Downloads\modpack.zip.download2014-06-10 19:09 - 2014-06-10 18:15 - 00000000 ____D () C:\Users\test\Desktop\TheUltimateMobpack!2014-06-10 18:49 - 2014-06-10 18:49 - 01900295 _____ () C:\Users\test\Downloads\minecraftforge-universal-1.6.4-9.11.0.883.jar2014-06-10 18:32 - 2014-06-10 18:31 - 01020488 _____ () C:\Users\test\Downloads\Morph-Beta-0.7.1.zip2014-06-10 18:14 - 2014-06-10 18:14 - 00456541 _____ () C:\Users\test\Downloads\[1.6.4]MoreWolvesMod.zip2014-06-10 18:11 - 2014-06-10 18:11 - 04290345 _____ () C:\Users\test\Downloads\LotsOMobs_104.0.0.jar2014-06-10 18:07 - 2014-06-13 18:05 - 00108324 _____ () C:\Users\test\Desktop\Animals mod planetcraft (9).zip2014-06-10 18:07 - 2014-06-10 18:07 - 00108324 _____ () C:\Users\test\Downloads\Animals mod planetcraft (9).zip2014-06-10 17:37 - 2014-06-10 17:37 - 22012596 _____ () C:\Users\test\Downloads\DrZharks MoCreatures Mod v6.1.0.zip2014-06-09 20:35 - 2014-06-09 19:45 - 00000000 ____D () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion)2014-06-09 19:43 - 2014-06-09 19:42 - 28568219 _____ () C:\Users\test\Downloads\Minecraft Model Pack v1.5.306 (By WeedLion).rar2014-06-09 18:25 - 2014-06-09 18:25 - 02129030 _____ () C:\Users\test\Documents\testanimation.obj2014-06-09 18:25 - 2014-06-09 18:25 - 00006963 _____ () C:\Users\test\Documents\testanimation.mtl2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 ___HD () C:\CanoScan2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 ____D () C:\Users\test\Downloads\lide80vst7250a_xpen2014-06-09 17:49 - 2014-06-09 17:48 - 06341968 _____ () C:\Users\test\Downloads\lide80vst7250a_xpen.exe2014-06-08 21:30 - 2014-06-08 21:30 - 00574639 _____ () C:\Users\test\Documents\teamcrafted.c4d2014-06-08 21:22 - 2014-06-08 21:22 - 01966760 _____ () C:\Users\test\Downloads\winrar-x64-501.exe2014-06-08 21:22 - 2014-06-08 21:22 - 00000986 _____ () C:\Users\Public\Desktop\WinRAR.lnk2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2014-06-08 21:22 - 2014-06-08 21:22 - 00000000 ____D () C:\Program Files\WinRAR2014-06-08 21:16 - 2014-06-08 21:14 - 00000000 ____D () C:\Users\test\Downloads\Minecraft Steve Rig v1.2 (by WeedLion)2014-06-08 21:14 - 2014-06-08 21:14 - 05528688 _____ () C:\Users\test\Downloads\Minecraft Steve Rig v1.2 (by WeedLion).rar2014-06-08 20:59 - 2014-06-08 20:59 - 00032813 _____ () C:\Users\test\Documents\teamcrafted.obj2014-06-08 20:59 - 2014-06-08 20:59 - 00000228 _____ () C:\Users\test\Documents\teamcrafted.mtl2014-06-08 20:19 - 2014-06-08 20:19 - 05362369 _____ () C:\Users\test\Downloads\mineways.zip2014-06-08 20:19 - 2014-06-08 20:19 - 00000000 ____D () C:\Users\test\Downloads\mineways2014-06-08 20:08 - 2013-10-05 07:07 - 00247216 _____ () C:\windows\PFRO.log2014-06-08 18:34 - 2014-06-08 18:34 - 00694267 _____ () C:\Users\test\Downloads\MC RIG 2013.rar2014-06-08 18:26 - 2014-06-08 18:26 - 04078448 _____ () C:\Users\test\Downloads\SkybriXs C4D Craft Pack.zip2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Users\test\AppData\Roaming\MAXON2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON2014-06-08 18:04 - 2014-06-08 18:04 - 00440812 _____ () C:\Users\test\Downloads\WM v1.1.1.2 (2).zip2014-06-08 18:04 - 2014-06-08 18:04 - 00440812 _____ () C:\Users\test\Downloads\WM v1.1.1.2 (1).zip2014-06-08 18:03 - 2013-08-01 16:11 - 00000000 ____D () C:\ProgramData\Package Cache2014-06-08 18:01 - 2014-06-08 18:01 - 00000000 ____D () C:\Program Files\MAXON2014-06-08 17:56 - 2014-06-08 17:46 - 00000000 ____D () C:\Users\test\Downloads\installer_r15_demo2014-06-08 17:47 - 2014-06-08 17:47 - 00274248 _____ () C:\Users\test\Downloads\UNIQUE ANIMALS MOD 0.0.5 - 1.5.2.zip2014-06-08 17:17 - 2014-06-08 15:46 - 2958994837 _____ () C:\Users\test\Downloads\installer_r15_demo.zip2014-06-08 17:00 - 2013-11-02 17:25 - 00000000 ____D () C:\Program Files (x86)\RAR Password Unlocker2014-06-08 16:55 - 2013-06-13 16:21 - 00000000 ____D () C:\Program Files (x86)\iExplorer2014-06-08 16:49 - 2012-03-15 21:08 - 00000000 ____D () C:\Program Files\TOSHIBA2014-06-08 16:48 - 2014-06-08 16:47 - 03827245 _____ () C:\Users\test\Downloads\BTWMod4-99999A0CbMarsupial.zip2014-06-08 16:46 - 2012-03-15 21:08 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA2014-06-08 16:44 - 2012-03-15 21:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-06-08 16:39 - 2012-03-15 21:09 - 00000000 ____D () C:\ProgramData\Toshiba2014-06-08 16:32 - 2014-06-08 16:32 - 00009600 _____ () C:\Users\test\Downloads\RoboticStoneMod.zip2014-06-08 16:31 - 2013-02-03 18:04 - 00000000 ____D () C:\Users\test\AppData\Local\TOSHIBA2014-06-08 16:20 - 2013-06-14 19:02 - 00000000 ____D () C:\Program Files (x86)\Pinnacle2014-06-08 16:13 - 2013-06-14 19:02 - 00000000 ____D () C:\ProgramData\Pinnacle2014-06-08 16:07 - 2014-04-19 20:03 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared2014-06-08 16:05 - 2013-06-04 17:53 - 00000000 ____D () C:\Program Files (x86)\MediaFire Express2014-06-08 16:04 - 2014-01-20 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith2014-06-08 16:04 - 2014-01-20 21:20 - 00000000 ____D () C:\Program Files (x86)\TechSmith2014-06-08 16:04 - 2013-02-03 16:41 - 00000000 ____D () C:\Users\test2014-06-08 15:39 - 2014-04-19 19:57 - 00000000 ____D () C:\ProgramData\Autodesk2014-06-08 15:26 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries2014-06-08 15:15 - 2013-10-08 19:26 - 00000000 ____D () C:\Users\test\AppData\Local\Android2014-06-08 15:08 - 2012-03-15 21:16 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-06-08 14:57 - 2014-01-03 15:47 - 00000000 ____D () C:\ProgramData\boost_interprocess2014-06-08 05:13 - 2014-06-11 20:16 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-06-08 05:08 - 2014-06-11 20:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-06-05 21:27 - 2013-05-14 20:03 - 00000000 ____D () C:\Users\test\AppData\Roaming\.technic2014-06-04 20:54 - 2013-05-14 20:03 - 02346942 _____ () C:\Users\test\Desktop\TechnicLauncher.exe2014-06-03 20:10 - 2013-10-22 19:18 - 00000000 ____D () C:\Users\test\workspace2014-06-03 20:03 - 2009-07-14 01:13 - 00783360 _____ () C:\windows\system32\PerfStringBackup.INI Some content of TEMP:====================C:\Users\test\AppData\Local\Temp\7za.exeC:\Users\test\AppData\Local\Temp\AcDeltree.exeC:\Users\test\AppData\Local\Temp\DLMGuardian.exeC:\Users\test\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnhqqxm.dllC:\Users\test\AppData\Local\Temp\FNP_ACT_InstallerCA.dllC:\Users\test\AppData\Local\Temp\GLFC7E9.tmp.dllC:\Users\test\AppData\Local\Temp\GLFDA23.tmp.dllC:\Users\test\AppData\Local\Temp\hijackthis.exeC:\Users\test\AppData\Local\Temp\InstHelper.exeC:\Users\test\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\test\AppData\Local\Temp\NirCmd.exeC:\Users\test\AppData\Local\Temp\PEVZ.EXEC:\Users\test\AppData\Local\Temp\pylE7FD.tmp.exeC:\Users\test\AppData\Local\Temp\remove.exeC:\Users\test\AppData\Local\Temp\sed.exeC:\Users\test\AppData\Local\Temp\shortcut.exeC:\Users\test\AppData\Local\Temp\SkypeSetup.exeC:\Users\test\AppData\Local\Temp\swreg.exeC:\Users\test\AppData\Local\Temp\swxcacls.exeC:\Users\test\AppData\Local\Temp\wget.exeC:\Users\test\AppData\Local\Temp\zoek-delete.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-04-07 19:29 ==================== End Of Log ============================
-
OK, I'll wait .
