Jump to content

gonzoman1991

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. gonzoman1991
    Okay guys here is my issue. I had some memory issues sp trying to get to the bottom of it I find this svchost.exe in a process analyzer that is using crazy amounts of it. There are no processes listed like a normal svchost.exe does. I ran a malwarebytes scan and it didn't take care of it. I can also not open windows defender. It instantly closes out when I try and open it. I also get notifications every minute or so saying that malwarebytes has blocked an outbound malicious website. Please help me counter this spynet crap. Thanks in advance. FRST is below Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014Ran by Gonzo (administrator) on OZNOG on 29-05-2014 17:52:34Running from C:\Users\Gonzo\DesktopPlatform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.6\ScriptHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Malwarebytes Corporation ) C:\Users\Gonzo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COS1MHMT\mbam-setup-2.0.2.1012.exe() C:\Users\Gonzo\AppData\Local\Temp\is-08VTC.tmp\mbam-setup-2.0.2.1012.tmp(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\realplay.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2557976 2014-05-26] ()HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296008 2014-02-05] (RealNetworks, Inc.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [{c63d87c3-328c-d33e-c792-e20a6296a660}] => C:\ProgramData\Microsoft\{c63d87c3-328c-d33e-c792-e20a6296a660}\{c63d87c3-328c-d33e-c792-e20a6296a660}.exe [216109 2014-05-28] ()Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKLM\...\Policies\Explorer\Run: [{c63d87c3-328c-d33e-c792-e20a6296a660}] => C:\ProgramData\Microsoft\{c63d87c3-328c-d33e-c792-e20a6296a660}\{c63d87c3-328c-d33e-c792-e20a6296a660}.exe [216109 2014-05-28] ( ())HKU\S-1-5-21-1221897127-376674755-709361087-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-09] ()HKU\S-1-5-21-1221897127-376674755-709361087-1001\...\Run: [skype] => C:\Users\Gonzo\Desktop\Skype.exe [17877168 2012-11-09] (Skype Technologies S.A.)HKU\S-1-5-21-1221897127-376674755-709361087-1001\...\Run: [Google Update] => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-21] (Google Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnkShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)Startup: C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnkShortcutTarget: Curse.lnk -> C:\Users\Gonzo\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEDF2482AB5D5CD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={AAF30B4F-6978-46EA-80C5-9016A97B8956}&mid=8450fd0180e647d29575d16f5ea2d27b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=df011&coid=avgtbdisdf&cmpid=&pr=sa&d=2014-02-05 21:04:41&v=18.1.6.542&pid=safeguard&sg=&sap=dsp&q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.6.542\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.6.542\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.6\ViProtocol.dll (AVG Secure Search)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 208.180.42.100 FireFox:========FF ProfilePath: C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\zttvqbvq.defaultFF DefaultSearchEngine: AVG Secure SearchFF SelectedSearchEngine: AVG Secure SearchFF Homepage: hxxp://mysearch.avg.com?cid={AAF30B4F-6978-46EA-80C5-9016A97B8956}&mid=8450fd0180e647d29575d16f5ea2d27b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=df011&coid=avgtbdisdf&cmpid=&pr=sa&d=&v=18.0.5.292&pid=safeguard&sg=&sap=hpFF Keyword.URL: user_pref("keyword.URL", "");FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.6\\npsitesafety.dll No FileFF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @real.com/nppl3260;version=17.0.4.61 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.7.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.7.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.7.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=17.0.4.61 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gonzo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gonzo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF user.js: detected! => C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\zttvqbvq.default\user.jsFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xmlFF Extension: Yahoo! Toolbar - C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\zttvqbvq.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-06-18]FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.6.542FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.6.542 [2014-05-26]FF HKLM-x32\...\Firefox\Extensions: [{10E4285F-D79B-4147-9447-81DFF109A394}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-05] Chrome: =======CHR HomePage: hxxp://mysearch.avg.com?cid={AAF30B4F-6978-46EA-80C5-9016A97B8956}&mid=8450fd0180e647d29575d16f5ea2d27b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=df011&coid=avgtbdisdf&cmpid=&pr=sa&d=2014-02-05 21:04:41&v=17.3.1.91&pid=safeguard&sg=&sap=hpCHR StartupUrls: "hxxp://mysearch.avg.com?cid={AAF30B4F-6978-46EA-80C5-9016A97B8956}&mid=8450fd0180e647d29575d16f5ea2d27b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=df011&coid=avgtbdisdf&cmpid=&pr=sa&d=2014-02-05 21:04:41&v=17.3.1.91&pid=safeguard&sg=&sap=hp"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No FileCHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)CHR Extension: (Google Drive) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (YouTube) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]CHR Extension: (Google Search) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]CHR Extension: (RealPlayer Downloader) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-25]CHR Extension: (AVG SafeGuard) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-05-13]CHR Extension: (Google Wallet) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]CHR Extension: (Gmail) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-12-14] ==================== Services (Whitelisted) ================= R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-12-14] ()S4 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-02-05] (RealNetworks, Inc.)S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2013-12-16] ()S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S4 vToolbarUpdater18.1.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.6\ToolbarUpdater.exe [1801240 2014-05-26] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.)S1 bvvpaaka; \??\C:\Windows\system32\drivers\bvvpaaka.sys [X]S1 fiwcyxql; \??\C:\Windows\system32\drivers\fiwcyxql.sys [X]S1 iozychlf; \??\C:\Windows\system32\drivers\iozychlf.sys [X]S1 qgkyvcsm; \??\C:\Windows\system32\drivers\qgkyvcsm.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]S1 wtxftbwl; \??\C:\Windows\system32\drivers\wtxftbwl.sys [X]S1 xkfkouky; \??\C:\Windows\system32\drivers\xkfkouky.sys [X]S1 zbiakiri; \??\C:\Windows\system32\drivers\zbiakiri.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-29 17:52 - 2014-05-29 17:52 - 02066944 _____ (Farbar) C:\Users\Gonzo\Desktop\FRST64.exe2014-05-29 17:52 - 2014-05-29 17:52 - 00017510 _____ () C:\Users\Gonzo\Desktop\FRST.txt2014-05-29 17:52 - 2014-05-29 17:52 - 00000000 ____D () C:\FRST2014-05-29 17:51 - 2014-05-29 17:51 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-29 17:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-29 17:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-29 17:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-29 17:41 - 2014-05-29 17:41 - 01402880 _____ () C:\Users\Gonzo\Downloads\HiJackThis.msi2014-05-29 17:41 - 2014-05-29 17:41 - 00002975 _____ () C:\Users\Gonzo\Desktop\HiJackThis.lnk2014-05-29 17:41 - 2014-05-29 17:41 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2014-05-29 17:41 - 2014-05-29 17:41 - 00000000 ____D () C:\Program Files (x86)\Trend Micro2014-05-28 21:02 - 2014-05-28 21:02 - 13829304 _____ (Microsoft Corporation) C:\Users\Gonzo\Downloads\mseinstall (1).exe2014-05-28 21:02 - 2014-05-28 21:02 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client2014-05-28 20:22 - 2014-05-28 20:22 - 01243655 _____ () C:\Users\Gonzo\Downloads\ProcessExplorer.zip2014-05-28 20:20 - 2014-05-28 20:20 - 13829304 _____ (Microsoft Corporation) C:\Users\Gonzo\Downloads\mseinstall.exe2014-05-28 20:05 - 2014-05-28 20:05 - 00276267 _____ () C:\Users\Gonzo\Downloads\RAMMap.zip2014-05-26 19:34 - 2014-05-26 19:35 - 00047734 _____ () C:\Windows\wininit.ini2014-05-26 19:02 - 2014-05-26 19:02 - 00000000 ____D () C:\ProgramData\AVG Secure Search2014-05-26 11:34 - 2014-05-26 11:34 - 00000000 ____D () C:\ProgramData\Avg_Update_0414c2014-05-15 18:01 - 2014-05-25 00:34 - 00003442 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task2014-05-15 18:01 - 2014-05-24 23:45 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\2ED02014-05-13 21:19 - 2014-05-13 21:19 - 00244000 _____ (Premium Installer ) C:\Users\Gonzo\Downloads\Setup.exe2014-05-13 21:14 - 2014-05-28 20:27 - 00007600 _____ () C:\Users\Gonzo\AppData\Local\Resmon.ResmonCfg2014-05-13 19:50 - 2014-05-13 19:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-05-13 19:49 - 2014-05-26 19:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-13 19:49 - 2014-05-26 19:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-13 19:49 - 2014-05-13 19:49 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-13 19:49 - 2014-05-13 19:49 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-13 19:49 - 2014-05-13 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-13 19:49 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-05-13 19:47 - 2014-05-13 19:48 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Gonzo\Downloads\spybot-2.3.exe2014-05-07 17:44 - 2014-05-28 19:04 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Curse Client2014-05-07 17:44 - 2014-05-07 17:44 - 00001029 _____ () C:\Users\Gonzo\Desktop\Curse.lnk2014-05-07 17:44 - 2014-05-07 17:44 - 00001015 _____ () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk2014-05-07 17:44 - 2014-05-07 17:44 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin2014-05-07 17:43 - 2014-05-07 17:43 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Curse2014-05-07 17:41 - 2014-05-07 17:41 - 37746736 _____ (Curse) C:\Users\Gonzo\Downloads\CurseClientSetup.exe2014-05-04 09:32 - 2014-05-04 09:32 - 01069776 _____ (Solid State Networks) C:\Users\Gonzo\Downloads\install_flashplayer13x32_mssd_aaa_aih.exe2014-04-29 21:08 - 2014-04-29 21:12 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Ventrilo2014-04-29 21:08 - 2014-04-29 21:08 - 00000913 _____ () C:\Users\Gonzo\Desktop\Ventrilo.lnk2014-04-29 21:08 - 2014-04-29 21:08 - 00000262 _____ () C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini2014-04-29 21:08 - 2014-04-29 21:08 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo2014-04-29 21:08 - 2014-04-29 21:08 - 00000000 ____D () C:\Program Files\Ventrilo2014-04-29 21:07 - 2014-04-29 21:07 - 04135696 _____ () C:\Users\Gonzo\Downloads\ventrilo-3.0.8-Windows-x64.exe ==================== One Month Modified Files and Folders ======= 2014-05-29 17:52 - 2014-05-29 17:52 - 02066944 _____ (Farbar) C:\Users\Gonzo\Desktop\FRST64.exe2014-05-29 17:52 - 2014-05-29 17:52 - 00017510 _____ () C:\Users\Gonzo\Desktop\FRST.txt2014-05-29 17:52 - 2014-05-29 17:52 - 00000000 ____D () C:\FRST2014-05-29 17:52 - 2012-12-09 09:45 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\PMB Files2014-05-29 17:52 - 2012-12-08 21:04 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\Temp2014-05-29 17:51 - 2014-05-29 17:51 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-29 17:50 - 2012-12-08 21:01 - 01875087 _____ () C:\Windows\WindowsUpdate.log2014-05-29 17:47 - 2012-12-09 15:09 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-29 17:41 - 2014-05-29 17:41 - 01402880 _____ () C:\Users\Gonzo\Downloads\HiJackThis.msi2014-05-29 17:41 - 2014-05-29 17:41 - 00002975 _____ () C:\Users\Gonzo\Desktop\HiJackThis.lnk2014-05-29 17:41 - 2014-05-29 17:41 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2014-05-29 17:41 - 2014-05-29 17:41 - 00000000 ____D () C:\Program Files (x86)\Trend Micro2014-05-29 17:40 - 2013-12-21 22:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001UA.job2014-05-29 17:39 - 2012-12-09 15:09 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-28 21:14 - 2009-07-13 23:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-28 21:14 - 2009-07-13 23:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-28 21:13 - 2009-07-14 00:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-28 21:10 - 2012-12-16 17:24 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Skype2014-05-28 21:09 - 2014-02-12 22:36 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1221897127-376674755-709361087-10012014-05-28 21:09 - 2014-02-05 22:33 - 00003334 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1221897127-376674755-709361087-10012014-05-28 21:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-28 21:09 - 2009-07-13 23:51 - 00118922 _____ () C:\Windows\setupact.log2014-05-28 21:02 - 2014-05-28 21:02 - 13829304 _____ (Microsoft Corporation) C:\Users\Gonzo\Downloads\mseinstall (1).exe2014-05-28 21:02 - 2014-05-28 21:02 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client2014-05-28 21:02 - 2012-12-08 22:29 - 00001945 _____ () C:\Windows\epplauncher.mif2014-05-28 20:52 - 2012-12-08 22:09 - 00134416 _____ () C:\Windows\PFRO.log2014-05-28 20:27 - 2014-05-13 21:14 - 00007600 _____ () C:\Users\Gonzo\AppData\Local\Resmon.ResmonCfg2014-05-28 20:22 - 2014-05-28 20:22 - 01243655 _____ () C:\Users\Gonzo\Downloads\ProcessExplorer.zip2014-05-28 20:20 - 2014-05-28 20:20 - 13829304 _____ (Microsoft Corporation) C:\Users\Gonzo\Downloads\mseinstall.exe2014-05-28 20:12 - 2012-12-09 09:45 - 00000000 ____D () C:\ProgramData\PMB Files2014-05-28 20:05 - 2014-05-28 20:05 - 00276267 _____ () C:\Users\Gonzo\Downloads\RAMMap.zip2014-05-28 19:04 - 2014-05-07 17:44 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Curse Client2014-05-27 18:21 - 2013-12-21 22:51 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001Core.job2014-05-26 19:53 - 2014-05-13 19:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-26 19:35 - 2014-05-26 19:34 - 00047734 _____ () C:\Windows\wininit.ini2014-05-26 19:09 - 2014-05-13 19:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-26 19:05 - 2014-02-05 22:04 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar2014-05-26 19:02 - 2014-05-26 19:02 - 00000000 ____D () C:\ProgramData\AVG Secure Search2014-05-26 11:34 - 2014-05-26 11:34 - 00000000 ____D () C:\ProgramData\Avg_Update_0414c2014-05-25 00:34 - 2014-05-15 18:01 - 00003442 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task2014-05-24 23:45 - 2014-05-15 18:01 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\2ED02014-05-13 21:19 - 2014-05-13 21:19 - 00244000 _____ (Premium Installer ) C:\Users\Gonzo\Downloads\Setup.exe2014-05-13 19:50 - 2014-05-13 19:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-05-13 19:49 - 2014-05-13 19:49 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-13 19:49 - 2014-05-13 19:49 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-13 19:49 - 2014-05-13 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-13 19:48 - 2014-05-13 19:47 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Gonzo\Downloads\spybot-2.3.exe2014-05-13 19:46 - 2014-02-05 22:04 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\AVG SafeGuard toolbar2014-05-12 07:26 - 2014-05-29 17:51 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-05-29 17:51 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2014-05-29 17:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-09 01:45 - 2014-02-05 22:04 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys2014-05-08 15:42 - 2012-12-09 15:09 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-08 15:42 - 2012-12-09 15:09 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-07 17:44 - 2014-05-07 17:44 - 00001029 _____ () C:\Users\Gonzo\Desktop\Curse.lnk2014-05-07 17:44 - 2014-05-07 17:44 - 00001015 _____ () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk2014-05-07 17:44 - 2014-05-07 17:44 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin2014-05-07 17:44 - 2012-12-08 21:04 - 00000000 ___RD () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-07 17:43 - 2014-05-07 17:43 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Curse2014-05-07 17:41 - 2014-05-07 17:41 - 37746736 _____ (Curse) C:\Users\Gonzo\Downloads\CurseClientSetup.exe2014-05-06 18:16 - 2013-12-21 22:51 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001UA2014-05-06 18:16 - 2013-12-21 22:51 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001Core2014-05-04 09:32 - 2014-05-04 09:32 - 01069776 _____ (Solid State Networks) C:\Users\Gonzo\Downloads\install_flashplayer13x32_mssd_aaa_aih.exe2014-04-29 21:12 - 2014-04-29 21:08 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Ventrilo2014-04-29 21:08 - 2014-04-29 21:08 - 00000913 _____ () C:\Users\Gonzo\Desktop\Ventrilo.lnk2014-04-29 21:08 - 2014-04-29 21:08 - 00000262 _____ () C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini2014-04-29 21:08 - 2014-04-29 21:08 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo2014-04-29 21:08 - 2014-04-29 21:08 - 00000000 ____D () C:\Program Files\Ventrilo2014-04-29 21:07 - 2014-04-29 21:07 - 04135696 _____ () C:\Users\Gonzo\Downloads\ventrilo-3.0.8-Windows-x64.exe Files to move or delete:====================C:\ProgramData\828z00a.feeC:\ProgramData\828z00a.zvvC:\ProgramData\8j6bnbe3.feeC:\ProgramData\8j6bnbe3.zvvC:\ProgramData\oxt8zwl3.feeC:\ProgramData\oxt8zwl3.zvv Some content of TEMP:====================C:\Users\Gonzo\AppData\Local\Temp\mpam-afb6a844.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 00:35 ==================== End Of Log ============================ Addition is below Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014Ran by Gonzo at 2014-05-29 17:52:49Running from C:\Users\Gonzo\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Out of date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}AS: Microsoft Security Essentials (Enabled - Out of date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.149 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.168 - Adobe Systems Incorporated)AMD Accelerated Video Transcoding (Version: 12.5.100.20928 - Advanced Micro Devices, Inc.) HiddenAMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) HiddenAMD Media Foundation Decoders (Version: 1.0.70928.1539 - Advanced Micro Devices, Inc.) HiddenApple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.6.542 - AVG Technologies)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) HiddenChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)Dota 2 (HKLM-x32\...\Steam App 570) (Version: - )FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenHiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Mozilla Firefox 18.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.1 (x86 en-US)) (Version: 18.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 18.0.1 - Mozilla)Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version: - )RealDownloader (x32 Version: 1.7.0 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.4 - RealNetworks)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenSketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1682.0 - Hi-Rez Studios)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) HiddenVentrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) ==================== Restore Points ========================= 05-09-2012 17:14:44 Scheduled Checkpoint06-09-2012 00:03:36 Installed MediaImpression06-09-2012 00:05:19 Installed Connect Service09-09-2012 21:34:26 Installed Connect Service17-09-2012 00:09:03 Scheduled Checkpoint18-05-2014 06:33:54 Windows Update22-05-2014 04:44:38 Windows Update26-05-2014 04:44:40 Windows Update29-05-2014 22:41:22 Installed HiJackThis ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2FCF1136-B4E8-4F51-9CAB-887906587093} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1221897127-376674755-709361087-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)Task: {34D2A38A-A4E7-442B-8B40-37D6AEDD7718} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: {4D12B805-682A-419F-B0A4-E5F2F29D91E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {55C71623-BCF9-4EB1-86C5-00AC1E53AFDD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {89D12B49-CF67-4CDF-AF2E-FCE515A6CBA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09] (Google Inc.)Task: {A43C7F0C-724C-4A6E-97AE-A7444966271F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001Core => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-21] (Google Inc.)Task: {A453198C-500E-455B-831D-860A05C46632} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\Gonzo\AppData\Local\Temp\swfywcs.dll",DllRegisterServerTask: {ABCEA388-D4B1-4D23-AFD8-E5F447B58AD3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001UA => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-21] (Google Inc.)Task: {B0B9B5BA-BC5E-4DDF-BA34-E95B66D57775} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1221897127-376674755-709361087-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)Task: {C612F048-B62C-4130-B323-1057E880D6CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09] (Google Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001Core.job => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001UA.job => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-09 09:45 - 2012-12-09 09:45 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe2014-02-05 22:04 - 2014-05-26 19:05 - 02557976 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe2014-05-29 17:51 - 2014-05-29 17:51 - 00706560 _____ () C:\Users\Gonzo\AppData\Local\Temp\is-08VTC.tmp\mbam-setup-2.0.2.1012.tmp2014-05-26 19:02 - 2014-05-26 19:01 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.6\log4cplusU.dll2014-05-22 11:54 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-22 11:54 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-22 11:54 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-22 11:54 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-22 11:54 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll2014-05-22 11:54 - 2014-05-13 18:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AMD External Events Utility => 2MSCONFIG\Services: Apple Mobile Device => 2MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: HiPatchService => 2MSCONFIG\Services: iPod Service => 3MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2MSCONFIG\Services: RealPlayer Cloud Service => 2MSCONFIG\Services: RealPlayerUpdateSvc => 2MSCONFIG\Services: SDScannerService => 2MSCONFIG\Services: SDUpdateService => 2MSCONFIG\Services: SDWSCService => 2MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\Services: vToolbarUpdater18.1.6 => 2MSCONFIG\Services: YahooAUService => 2 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/28/2014 07:04:05 PM) (Source: BugSplat) (EventID: 1) (User: )Description: This event has been logged by the BugSplat crash reporting library (http://www.bugsplatsoftware.com) in partnership with your vendor lol_beta_riotgames_com.A crash report from the application 'LOL_Public' has been successfully logged into the BugSplat database with id=114913704.Please contact your vendor for more information. Error: (05/28/2014 07:03:36 PM) (Source: BugSplat) (EventID: 1) (User: )Description: This event has been logged by the BugSplat crash reporting library (http://www.bugsplatsoftware.com) in partnership with your vendor lol_beta_riotgames_com.A crash report from the application 'LOL_Public' has been successfully logged into the BugSplat database with id=114913692.Please contact your vendor for more information. Error: (05/28/2014 06:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: LoLLauncher.exe, version: 2.10.0.175, time stamp: 0x537a91f4Faulting module name: LoLLauncher.exe, version: 2.10.0.175, time stamp: 0x537a91f4Exception code: 0xc0000005Fault offset: 0x00049038Faulting process id: 0x1be0Faulting application start time: 0xLoLLauncher.exe0Faulting application path: LoLLauncher.exe1Faulting module path: LoLLauncher.exe2Report Id: LoLLauncher.exe3 Error: (05/28/2014 06:47:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: chrome.exe, version: 35.0.1916.114, time stamp: 0x53726019Faulting module name: chrome.dll, version: 35.0.1916.114, time stamp: 0x53725d18Exception code: 0x80000003Fault offset: 0x004761ebFaulting process id: 0x76cFaulting application start time: 0xchrome.exe0Faulting application path: chrome.exe1Faulting module path: chrome.exe2Report Id: chrome.exe3 Error: (05/28/2014 06:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: CoherentUI_Host.exe, version: 1.8.0.0, time stamp: 0x52ea6518Faulting module name: CoherentUI_Host.exe, version: 1.8.0.0, time stamp: 0x52ea6518Exception code: 0xc0000005Fault offset: 0x0005b914Faulting process id: 0x2198Faulting application start time: 0xCoherentUI_Host.exe0Faulting application path: CoherentUI_Host.exe1Faulting module path: CoherentUI_Host.exe2Report Id: CoherentUI_Host.exe3 Error: (05/28/2014 07:23:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: MOM.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.OutOfMemoryExceptionStack: at System.Threading.RegisteredWaitHandle..ctor() at System.Threading.ThreadPool.RegisterWaitForSingleObject(System.Threading.WaitHandle, System.Threading.WaitOrTimerCallback, System.Object, UInt32, Boolean, System.Threading.StackCrawlMark ByRef, Boolean) at System.Threading.ThreadPool.UnsafeRegisterWaitForSingleObject(System.Threading.WaitHandle, System.Threading.WaitOrTimerCallback, System.Object, System.TimeSpan, Boolean) at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.TimeoutConnections(System.Object, Boolean) at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean) Error: (05/28/2014 01:48:00 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (05/26/2014 09:01:17 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (05/19/2014 00:30:39 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (05/18/2014 00:30:42 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (05/29/2014 05:39:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: 1.175.768.0 Previous Signature Version: Update Source: %NT AUTHORITY15 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: 1.175.768.0 Previous Signature Version: Update Source: %NT AUTHORITY15 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update the engine. New Engine Version: 1.1.10600.0 Previous Engine Version: Engine Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Error Code: %NT AUTHORITY601 Error description: %NT AUTHORITY602 Error: (05/28/2014 09:47:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.175.755.0). Error: (05/28/2014 09:46:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/28/2014 09:46:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: 1.175.755.0 Previous Signature Version: Update Source: %NT AUTHORITY15 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Microsoft Office Sessions:=========================Error: (05/28/2014 07:04:05 PM) (Source: BugSplat) (EventID: 1) (User: )Description: lol_beta_riotgames_comLOL_Public114913704 Error: (05/28/2014 07:03:36 PM) (Source: BugSplat) (EventID: 1) (User: )Description: lol_beta_riotgames_comLOL_Public114913692 Error: (05/28/2014 06:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )Description: LoLLauncher.exe2.10.0.175537a91f4LoLLauncher.exe2.10.0.175537a91f4c0000005000490381be001cf7acf2cb9d309C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.208\deploy\LoLLauncher.exeC:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.208\deploy\LoLLauncher.exe7a96306f-e6c2-11e3-b8fd-002618463b88 Error: (05/28/2014 06:47:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe35.0.1916.11453726019chrome.dll35.0.1916.11453725d1880000003004761eb76c01cf7acf35c29427C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll7468ad87-e6c2-11e3-b8fd-002618463b88 Error: (05/28/2014 06:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: CoherentUI_Host.exe1.8.0.052ea6518CoherentUI_Host.exe1.8.0.052ea6518c00000050005b914219801cf79435488d0dbC:\Users\Gonzo\AppData\Roaming\Curse Client\Bin\CoherentUI_Host.exeC:\Users\Gonzo\AppData\Roaming\Curse Client\Bin\CoherentUI_Host.exe5bdb602f-e6c2-11e3-b8fd-002618463b88 Error: (05/28/2014 07:23:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: MOM.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.OutOfMemoryExceptionStack: at System.Threading.RegisteredWaitHandle..ctor() at System.Threading.ThreadPool.RegisterWaitForSingleObject(System.Threading.WaitHandle, System.Threading.WaitOrTimerCallback, System.Object, UInt32, Boolean, System.Threading.StackCrawlMark ByRef, Boolean) at System.Threading.ThreadPool.UnsafeRegisterWaitForSingleObject(System.Threading.WaitHandle, System.Threading.WaitOrTimerCallback, System.Object, System.TimeSpan, Boolean) at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.TimeoutConnections(System.Object, Boolean) at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean) Error: (05/28/2014 01:48:00 AM) (Source: SideBySide) (EventID: 33) (User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe Error: (05/26/2014 09:01:17 PM) (Source: SideBySide) (EventID: 33) (User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe Error: (05/19/2014 00:30:39 AM) (Source: SideBySide) (EventID: 33) (User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe Error: (05/18/2014 00:30:42 AM) (Source: SideBySide) (EventID: 33) (User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe CodeIntegrity Errors:=================================== Date: 2014-02-06 20:36:40.765 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-06 20:35:54.108 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 46%Total physical RAM: 6135.11 MBAvailable physical RAM: 3290.72 MBTotal Pagefile: 12268.41 MBAvailable Pagefile: 8444.52 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:223.47 GB) (Free:128.08 GB) NTFSDrive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (WinOld) (Fixed) (Total:288.38 GB) (Free:102.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: () (Fixed) (Total:299.9 GB) (Free:148.07 GB) NTFSDrive g: (Recorded TV) (Fixed) (Total:350 GB) (Free:109.63 GB) NTFSDrive h: (Music) (Fixed) (Total:281.5 GB) (Free:281.37 GB) NTFSDrive i: (Backup) (Fixed) (Total:9.71 GB) (Free:9.39 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F32644C2)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=300 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=350 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=282 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: FF7CFDA7)Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 7E52301D)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.