Help! How do I remove PUM.UserWLoad and Trojan.Ransom?

KrazyNub515 · August 4, 2013

I thought I removed them but they are still there! :angry2:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.02.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

alexander :: ALEXANDER-PC [administrator]

8/4/2013 10:44:09 AM

MBAM-log-2013-08-04 (11-22-46).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 237296

Time elapsed: 11 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\ALEXAN~1\LOCALS~1\Temp\msrfoi.cmd -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\ALEXAN~1\LOCALS~1\Temp\msrfoi.cmd -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Maniac · August 4, 2013

Hello KrazyNub515 and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.
If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.
Please read:
Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.
Please let us know how you would like to proceed.

KrazyNub515 · August 4, 2013

Is there any other way?

Maniac · August 4, 2013

Yes, but there is no 100% guarantee. If you want to proceed I would like to know that. Confirm that despite this guarantee you want to try and we will do it.

KrazyNub515 · August 4, 2013

I'll try it.

Maniac · August 4, 2013

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

KrazyNub515 · August 4, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013

Ran by alexander (administrator) on 04-08-2013 12:57:50

Running from C:\Users\alexander\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe

() C:\Windows\System32\GFNEXSrv.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(AMD) C:\windows\system32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\ccSvcHst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe

(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe

(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe

(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\ccSvcHst.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)

HKLM\...\Run: [sRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223180 2012-03-22] ()

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)

HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-13] (Microsoft Corporation)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1807272 2013-07-26] (Valve Corporation)

HKCU\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\oovoo.exe [35239488 2013-06-20] (ooVoo LLC)

HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)

HKCU\...\CurrentVersion\Windows: [Load] C:\Users\ALEXAN~1\LOCALS~1\Temp\msrfoi.cmd <===== ATTENTION!

MountPoints2: {06a69f5d-b378-11e1-9b87-806e6f6e6963} - D:\autorun.exe

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)

HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk

ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Tcpip\Parameters: [DhcpNameServer] 97.64.168.12 97.64.183.165

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File

CHR Plugin: (Norton Confidential) - C:\Users\alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File

CHR Extension: (Itachi Uchiha Theme) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adngiebhcihhngjjhjfchfibhemcabaf\1_0

CHR Extension: (Angry Birds) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0

CHR Extension: (YouTube) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Realm of the Mad God) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0

CHR Extension: (AdBlock) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0

CHR Extension: (Meme Generator) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcohkjejibbohjcejckhdnkfceagebc\1.0_0

CHR Extension: (Roblox Hat Notifier) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjepeiijmflchkjgfjpopeimafiognkc\2.1.0_0

CHR Extension: (Norton Identity Protection) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0

CHR Extension: (Plants vs Zombies) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0

CHR Extension: (ROBLOX Outfit Saver Extension) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaohnjlgfabcooefhihmafmdcbliakf\1.3.5_0

CHR Extension: (Gmail) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR Extension: (Canvas Rider) - C:\Users\ALEXAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx

CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [135608 2011-11-30] (Symantec Corporation)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\0108000.020\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-05-29] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)

R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130802.001\IDSvia64.sys [513184 2013-05-21] (Symantec Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130803.004\ENG64.SYS [126040 2013-05-29] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130803.004\EX64.SYS [2098776 2013-05-29] (Symantec Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)

R3 SymDS; C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R3 SymEFA; C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)

R3 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)

R3 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]

S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-04 12:57 - 2013-08-04 12:57 - 00000000 ____D C:\FRST

2013-08-04 10:14 - 2013-08-04 10:14 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\alexander\Downloads\rkill64.exe

2013-08-04 00:30 - 2013-08-04 00:30 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\alexander\Downloads\rkill.exe

2013-08-03 21:09 - 2013-08-03 21:10 - 00000941 _____ C:\AdwCleaner[R2].txt

2013-08-03 20:44 - 2013-08-03 20:45 - 00001667 _____ C:\AdwCleaner[s1].txt

2013-08-03 20:44 - 2013-08-03 20:44 - 00001887 _____ C:\AdwCleaner[R1].txt

2013-08-03 20:43 - 2013-08-03 20:43 - 00666633 _____ C:\Users\alexander\Downloads\AdwCleaner.exe

2013-08-03 20:42 - 2013-08-03 20:42 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\alexander\Downloads\tdsskiller.exe

2013-08-03 20:39 - 2013-08-04 10:37 - 00002590 _____ C:\Users\alexander\Desktop\Rkill.txt

2013-08-03 20:39 - 2013-08-04 00:29 - 00000000 ____D C:\Users\alexander\Desktop\rkill

2013-08-01 20:04 - 2013-08-01 20:04 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-01 20:04 - 2013-08-01 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-01 20:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2013-08-01 20:02 - 2013-08-01 20:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\alexander\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-08-01 11:21 - 2013-08-01 11:20 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2013-08-01 11:21 - 2013-08-01 11:20 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2013-08-01 11:21 - 2013-08-01 11:20 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2013-08-01 11:21 - 2013-08-01 11:20 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2013-07-31 21:06 - 2013-07-31 21:06 - 04838645 _____ C:\Users\alexander\Downloads\the_stylish_cloaks.rar

2013-07-31 20:55 - 2013-07-31 20:55 - 04570529 _____ C:\Users\alexander\Downloads\lever_rifle_updated.rar

2013-07-31 20:40 - 2013-07-31 20:40 - 00862743 _____ C:\Users\alexander\Downloads\potatosapper_2.rar

2013-07-31 20:34 - 2013-07-31 20:34 - 00896871 _____ C:\Users\alexander\Downloads\eternally_yours_3.zip

2013-07-31 20:33 - 2013-07-31 20:33 - 00179579 _____ C:\Users\alexander\Downloads\eternal_reward_team_colored (1).rar

2013-07-31 19:15 - 2013-07-31 19:16 - 11441155 _____ C:\Users\alexander\Downloads\badass_arctic (1).zip

2013-07-31 19:09 - 2013-07-31 19:09 - 12327000 _____ C:\Users\alexander\Downloads\90skscatter.zip

2013-07-31 18:56 - 2013-07-31 18:56 - 00179579 _____ C:\Users\alexander\Downloads\eternal_reward_team_colored.rar

2013-07-31 18:47 - 2013-07-31 18:47 - 01577440 _____ C:\Users\alexander\Downloads\konambassador.zip

2013-07-31 18:24 - 2013-07-31 18:24 - 41063037 _____ C:\Users\alexander\Downloads\- MayanCraft HD x64 v20 (1).zip

2013-07-26 23:36 - 2013-07-26 23:36 - 00000192 _____ C:\Users\Public\Desktop\MapleStory.url

2013-07-26 22:29 - 2013-07-26 22:30 - 02008064 _____ C:\Users\alexander\Downloads\MapleStoryDownloader (2).exe

2013-07-26 22:28 - 2013-07-26 22:28 - 02008064 _____ C:\Users\alexander\Downloads\MapleStoryDownloader (1).exe

2013-07-26 18:37 - 2013-07-26 18:37 - 07953309 _____ C:\Users\alexander\Downloads\MapleStory (1).themepack

2013-07-26 18:36 - 2013-07-26 18:36 - 07953309 _____ C:\Users\alexander\Downloads\MapleStory.themepack

2013-07-18 13:11 - 2013-07-18 13:11 - 07364025 _____ C:\Users\alexander\Downloads\64x-MC4Kids-Revival_5868338.zip

2013-07-18 08:58 - 2013-07-18 08:58 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-07-18 08:58 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\windows\system32\hamachi.sys

2013-07-10 11:33 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll

2013-07-10 11:33 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys

2013-07-10 11:33 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys

2013-07-10 11:33 - 2012-08-23 09:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys

2013-07-10 11:33 - 2012-08-23 08:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll

2013-07-10 11:33 - 2012-08-23 08:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll

2013-07-10 11:33 - 2012-08-23 08:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2013-07-10 11:33 - 2012-08-23 08:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2013-07-10 11:33 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll

2013-07-10 11:33 - 2012-08-23 08:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll

2013-07-10 11:33 - 2012-08-23 08:18 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll

2013-07-10 11:33 - 2012-08-23 08:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll

2013-07-10 11:33 - 2012-08-23 08:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll

2013-07-10 11:33 - 2012-08-23 07:52 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2013-07-10 11:33 - 2012-08-23 06:20 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2013-07-10 11:33 - 2012-08-23 06:15 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll

2013-07-10 11:33 - 2012-08-23 06:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe

2013-07-10 11:33 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll

2013-07-10 11:33 - 2012-08-23 05:54 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll

2013-07-10 11:33 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll

2013-07-10 11:33 - 2012-08-23 05:39 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe

2013-07-10 11:33 - 2012-08-23 05:22 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2013-07-10 11:33 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2013-07-10 11:33 - 2012-08-23 03:19 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll

2013-07-10 11:33 - 2012-08-23 03:13 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2013-07-10 11:29 - 2013-07-10 11:32 - 00000000 ____D C:\windows\system32\MRT

2013-07-10 11:28 - 2012-08-24 13:13 - 00154480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2013-07-10 11:28 - 2012-08-24 13:09 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

2013-07-10 11:28 - 2012-08-24 13:05 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2013-07-10 11:28 - 2012-08-24 13:03 - 01448448 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2013-07-10 11:28 - 2012-08-24 11:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2013-07-10 11:28 - 2012-08-24 11:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2013-07-10 11:28 - 2012-08-24 11:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2013-07-10 11:28 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll

2013-07-10 11:28 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll

2013-07-09 23:22 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2013-07-09 23:22 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2013-07-09 23:22 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2013-07-09 23:22 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2013-07-09 23:22 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2013-07-09 23:22 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2013-07-09 23:22 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2013-07-09 23:22 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2013-07-09 23:22 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2013-07-09 23:22 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2013-07-09 23:22 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2013-07-09 23:22 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2013-07-09 23:22 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2013-07-09 23:22 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2013-07-09 23:22 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2013-07-09 23:22 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2013-07-09 23:22 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2013-07-09 23:22 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2013-07-09 23:22 - 2013-06-11 17:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-09 23:22 - 2013-06-11 17:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2013-07-09 23:22 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2013-07-09 23:22 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2013-07-09 21:37 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2013-07-09 21:37 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll

2013-07-09 21:37 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll

2013-07-09 21:37 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL

2013-07-09 21:37 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL

2013-07-09 21:36 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll

2013-07-09 21:36 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

2013-07-08 22:07 - 2013-07-08 22:07 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk

2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin

2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 ____D C:\Riot Games

2013-07-08 22:02 - 2013-07-27 00:41 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\PMB Files

2013-07-08 22:02 - 2013-07-26 23:25 - 00000000 ____D C:\ProgramData\PMB Files

2013-07-08 21:57 - 2013-07-08 22:01 - 00000000 ____D C:\Users\alexander\AppData\Roaming\Riot Games

2013-07-08 21:55 - 2013-07-08 21:56 - 32229024 _____ (Riot Games) C:\Users\alexander\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe

2013-07-07 00:51 - 2013-07-10 11:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-07 00:51 - 2013-07-10 11:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-06 20:59 - 2013-07-10 11:53 - 00001945 _____ C:\windows\epplauncher.mif

2013-07-06 20:58 - 2013-07-10 11:53 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-07-06 20:58 - 2013-07-10 11:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-07-06 20:57 - 2013-07-06 20:57 - 13475464 _____ (Microsoft Corporation) C:\Users\alexander\Downloads\mseinstall.exe

2013-07-06 17:25 - 2013-07-06 17:50 - 00000000 ____D C:\Program Files\Paint.NET

2013-07-06 17:24 - 2013-07-06 17:29 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Paint.NET

2013-07-06 17:23 - 2013-07-06 17:23 - 03730109 _____ C:\Users\alexander\Downloads\Paint.NET.3.5.10.Install.zip

2013-07-05 18:29 - 2013-07-05 18:29 - 00059400 _____ C:\Users\alexander\Downloads\Extras.Txt

2013-07-05 18:27 - 2013-07-05 18:27 - 00097646 _____ C:\Users\alexander\Downloads\OTL.Txt

2013-07-05 18:00 - 2013-07-05 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\alexander\Downloads\OTL.exe

145

==================== One Month Modified Files and Folders =======

2013-08-04 12:57 - 2013-08-04 12:57 - 01781485 _____ (Farbar) C:\Users\alexander\Downloads\FRST64.exe

2013-08-04 12:57 - 2013-08-04 12:57 - 00000000 ____D C:\FRST

2013-08-04 12:53 - 2009-07-13 23:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-04 12:53 - 2009-07-13 23:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-04 12:49 - 2013-05-29 20:14 - 00000000 ____D C:\Users\alexander\AppData\Roaming\Skype

2013-08-04 12:49 - 2012-06-10 22:52 - 01217430 _____ C:\windows\WindowsUpdate.log

2013-08-04 12:45 - 2013-06-25 15:11 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\LogMeIn Hamachi

2013-08-04 12:45 - 2012-07-08 17:30 - 00000000 ____D C:\Program Files (x86)\Steam

2013-08-04 12:45 - 2012-06-10 23:28 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-04 12:44 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-08-04 12:44 - 2009-07-13 23:51 - 00098390 _____ C:\windows\setupact.log

2013-08-04 11:44 - 2012-06-10 23:28 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-04 11:20 - 2012-04-18 04:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2013-08-04 10:37 - 2013-08-03 20:39 - 00002590 _____ C:\Users\alexander\Desktop\Rkill.txt

2013-08-04 10:14 - 2013-08-04 10:14 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\alexander\Downloads\rkill64.exe

2013-08-04 00:30 - 2013-08-04 00:30 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\alexander\Downloads\rkill.exe

2013-08-04 00:29 - 2013-08-03 20:39 - 00000000 ____D C:\Users\alexander\Desktop\rkill

2013-08-03 21:10 - 2013-08-03 21:09 - 00000941 _____ C:\AdwCleaner[R2].txt

2013-08-03 20:45 - 2013-08-03 20:44 - 00001667 _____ C:\AdwCleaner[s1].txt

2013-08-03 20:44 - 2013-08-03 20:44 - 00001887 _____ C:\AdwCleaner[R1].txt

2013-08-03 20:43 - 2013-08-03 20:43 - 00666633 _____ C:\Users\alexander\Downloads\AdwCleaner.exe

2013-08-03 20:42 - 2013-08-03 20:42 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\alexander\Downloads\tdsskiller.exe

2013-08-01 22:48 - 2012-06-10 23:29 - 00000000 ____D C:\Program Files\Google

2013-08-01 22:48 - 2012-06-10 23:28 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-01 22:48 - 2010-11-20 22:47 - 00898392 _____ C:\windows\PFRO.log

2013-08-01 20:25 - 2012-07-08 20:15 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Facebook

2013-08-01 20:04 - 2013-08-01 20:04 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-01 20:04 - 2013-08-01 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-01 20:02 - 2013-08-01 20:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\alexander\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-08-01 18:25 - 2012-07-26 11:27 - 00001329 _____ C:\Users\alexander\Desktop\ROBLOX Player.lnk

2013-08-01 18:25 - 2012-07-08 17:05 - 00000000 ____D C:\Users\alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2013-08-01 18:24 - 2013-02-01 17:27 - 00001148 _____ C:\Users\alexander\Desktop\ROBLOX Studio 2013.lnk

2013-08-01 15:07 - 2012-07-08 16:04 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google

2013-08-01 11:20 - 2013-08-01 11:21 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2013-08-01 11:20 - 2013-08-01 11:21 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2013-08-01 11:20 - 2013-08-01 11:21 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2013-08-01 11:20 - 2013-08-01 11:21 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-01 11:20 - 2013-03-02 00:04 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll

2013-08-01 11:20 - 2012-04-18 04:09 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll

2013-08-01 11:20 - 2012-04-18 04:09 - 00000000 ____D C:\Program Files (x86)\Java

2013-07-31 21:06 - 2013-07-31 21:06 - 04838645 _____ C:\Users\alexander\Downloads\the_stylish_cloaks.rar

2013-07-31 20:55 - 2013-07-31 20:55 - 04570529 _____ C:\Users\alexander\Downloads\lever_rifle_updated.rar

2013-07-31 20:40 - 2013-07-31 20:40 - 00862743 _____ C:\Users\alexander\Downloads\potatosapper_2.rar

2013-07-31 20:34 - 2013-07-31 20:34 - 00896871 _____ C:\Users\alexander\Downloads\eternally_yours_3.zip

2013-07-31 20:33 - 2013-07-31 20:33 - 00179579 _____ C:\Users\alexander\Downloads\eternal_reward_team_colored (1).rar

2013-07-31 19:16 - 2013-07-31 19:15 - 11441155 _____ C:\Users\alexander\Downloads\badass_arctic (1).zip

2013-07-31 19:09 - 2013-07-31 19:09 - 12327000 _____ C:\Users\alexander\Downloads\90skscatter.zip

2013-07-31 18:56 - 2013-07-31 18:56 - 00179579 _____ C:\Users\alexander\Downloads\eternal_reward_team_colored.rar

2013-07-31 18:47 - 2013-07-31 18:47 - 01577440 _____ C:\Users\alexander\Downloads\konambassador.zip

2013-07-31 18:24 - 2013-07-31 18:24 - 41063037 _____ C:\Users\alexander\Downloads\- MayanCraft HD x64 v20 (1).zip

2013-07-31 17:58 - 2013-02-14 19:20 - 00000000 ____D C:\Users\alexander\AppData\Roaming\.minecraft

2013-07-30 11:23 - 2013-05-29 20:14 - 00000000 ____D C:\ProgramData\Skype

2013-07-30 11:22 - 2013-05-29 20:14 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-07-27 00:41 - 2013-07-08 22:02 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\PMB Files

2013-07-26 23:36 - 2013-07-26 23:36 - 00000192 _____ C:\Users\Public\Desktop\MapleStory.url

2013-07-26 23:28 - 2013-05-05 10:42 - 00000000 ____D C:\Nexon

2013-07-26 23:25 - 2013-07-08 22:02 - 00000000 ____D C:\ProgramData\PMB Files

2013-07-26 22:30 - 2013-07-26 22:29 - 02008064 _____ C:\Users\alexander\Downloads\MapleStoryDownloader (2).exe

2013-07-26 22:28 - 2013-07-26 22:28 - 02008064 _____ C:\Users\alexander\Downloads\MapleStoryDownloader (1).exe

2013-07-26 18:37 - 2013-07-26 18:37 - 07953309 _____ C:\Users\alexander\Downloads\MapleStory (1).themepack

2013-07-26 18:36 - 2013-07-26 18:36 - 07953309 _____ C:\Users\alexander\Downloads\MapleStory.themepack

2013-07-18 13:11 - 2013-07-18 13:11 - 07364025 _____ C:\Users\alexander\Downloads\64x-MC4Kids-Revival_5868338.zip

2013-07-18 08:58 - 2013-07-18 08:58 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-07-12 17:39 - 2012-06-10 23:28 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-07-12 17:39 - 2012-06-10 23:28 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-07-12 11:43 - 2013-01-23 20:54 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Adobe

2013-07-12 11:43 - 2012-04-18 04:08 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2013-07-12 11:43 - 2012-04-18 04:08 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-07-12 11:43 - 2012-04-18 04:08 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2013-07-12 11:35 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF

2013-07-10 11:55 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions

2013-07-10 11:53 - 2013-07-06 20:59 - 00001945 _____ C:\windows\epplauncher.mif

2013-07-10 11:53 - 2013-07-06 20:58 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-07-10 11:52 - 2013-07-06 20:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-07-10 11:32 - 2013-07-10 11:29 - 00000000 ____D C:\windows\system32\MRT

2013-07-10 11:12 - 2009-07-13 23:45 - 00275712 _____ C:\windows\system32\FNTCACHE.DAT

2013-07-10 11:11 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-10 11:11 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-07-10 11:10 - 2013-07-07 00:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-10 11:10 - 2013-07-07 00:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-10 11:10 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-09 23:35 - 2009-07-14 00:13 - 00793204 _____ C:\windows\system32\PerfStringBackup.INI

2013-07-08 22:07 - 2013-07-08 22:07 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk

2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin

2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 ____D C:\Riot Games

2013-07-08 22:01 - 2013-07-08 21:57 - 00000000 ____D C:\Users\alexander\AppData\Roaming\Riot Games

2013-07-08 22:01 - 2012-12-28 21:47 - 00000000 ____D C:\Program Files (x86)\Pando Networks

2013-07-08 21:56 - 2013-07-08 21:55 - 32229024 _____ (Riot Games) C:\Users\alexander\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe

2013-07-06 20:57 - 2013-07-06 20:57 - 13475464 _____ (Microsoft Corporation) C:\Users\alexander\Downloads\mseinstall.exe

2013-07-06 17:50 - 2013-07-06 17:25 - 00000000 ____D C:\Program Files\Paint.NET

2013-07-06 17:29 - 2013-07-06 17:24 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Paint.NET

2013-07-06 17:23 - 2013-07-06 17:23 - 03730109 _____ C:\Users\alexander\Downloads\Paint.NET.3.5.10.Install.zip

2013-07-06 00:02 - 2012-11-11 22:00 - 00000000 ____D C:\Users\alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2013-07-05 18:29 - 2013-07-05 18:29 - 00059400 _____ C:\Users\alexander\Downloads\Extras.Txt

2013-07-05 18:27 - 2013-07-05 18:27 - 00097646 _____ C:\Users\alexander\Downloads\OTL.Txt

2013-07-05 18:00 - 2013-07-05 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\alexander\Downloads\OTL.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2012-04-18 03:26

==================== End Of Log ============================

KrazyNub515 · August 4, 2013

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2013

Ran by alexander at 2013-08-04 12:59:26

Running from C:\Users\alexander\Downloads

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

7-Zip 9.20 (x32)

Adobe AIR (x32 Version: 3.1.0.4880)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)

Adobe Reader X MUI (x32 Version: 10.0.0)

AMD Accelerated Video Transcoding (Version: 2.00.0000)

AMD APP SDK Runtime (Version: 10.0.873.1)

AMD Catalyst Install Manager (Version: 3.0.870.0)

AMD Media Foundation Decoders (Version: 1.0.70213.1643)

AMD Steady Video Plug-In (Version: 2.03.0000)

AMD VISION Engine Control Center (x32 Version: 2012.0213.1644.29893)

Bejeweled 3 (x32 Version: 2.2.0.97)

Castle Crashers (x32)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0213.1644.29893)

Catalyst Control Center Localization All (x32 Version: 2012.0213.1644.29893)

CCC Help Chinese Standard (x32 Version: 2012.0213.1643.29893)

CCC Help Chinese Traditional (x32 Version: 2012.0213.1643.29893)

CCC Help Czech (x32 Version: 2012.0213.1643.29893)

CCC Help Danish (x32 Version: 2012.0213.1643.29893)

CCC Help Dutch (x32 Version: 2012.0213.1643.29893)

CCC Help English (x32 Version: 2012.0213.1643.29893)

CCC Help Finnish (x32 Version: 2012.0213.1643.29893)

CCC Help French (x32 Version: 2012.0213.1643.29893)

CCC Help German (x32 Version: 2012.0213.1643.29893)

CCC Help Greek (x32 Version: 2012.0213.1643.29893)

CCC Help Hungarian (x32 Version: 2012.0213.1643.29893)

CCC Help Italian (x32 Version: 2012.0213.1643.29893)

CCC Help Japanese (x32 Version: 2012.0213.1643.29893)

CCC Help Korean (x32 Version: 2012.0213.1643.29893)

CCC Help Norwegian (x32 Version: 2012.0213.1643.29893)

CCC Help Polish (x32 Version: 2012.0213.1643.29893)

CCC Help Portuguese (x32 Version: 2012.0213.1643.29893)

CCC Help Russian (x32 Version: 2012.0213.1643.29893)

CCC Help Spanish (x32 Version: 2012.0213.1643.29893)

CCC Help Swedish (x32 Version: 2012.0213.1643.29893)

CCC Help Thai (x32 Version: 2012.0213.1643.29893)

CCC Help Turkish (x32 Version: 2012.0213.1643.29893)

ccc-utility64 (Version: 2012.0213.1644.29893)

Content Manager Assistant for PlayStation® (x32 Version: 2.00.5976.25)

Counter-Strike: Source (x32)

Cry of Fear (x32)

D3DX10 (x32 Version: 15.4.2368.0902)

FATE (x32 Version: 2.2.0.97)

GameFly (x32 Version: 1.2.364)

Garry's Mod (x32)

Google Chrome (x32 Version: 28.0.1500.95)

Google Update Helper (x32 Version: 1.3.21.153)

Java 7 Update 15 (64-bit) (Version: 7.0.150)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

Java 6 Update 25 (x32 Version: 6.0.250)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

League of Legends (x32 Version: 3.0.0)

Letters from Nowhere 2 (x32 Version: 2.2.0.97)

LogMeIn Hamachi (x32 Version: 2.1.0.374)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MapleStory (x32)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Security Client (Version: 4.3.0215.0)

Microsoft Security Essentials (Version: 4.3.215.0)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

Nexon Game Manager (x32)

Norton 360 (x32 Version: 20.4.0.40)

Norton Anti-Theft (x32 Version: 1.8.0.32)

ooVoo (x32 Version: 3.5.9041)

Pando Media Booster (x32 Version: 2.6.0.7)

Penguins! (x32 Version: 2.2.0.98)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)

PlayReady PC Runtime amd64 (Version: 1.3.0)

PlayReady PC Runtime x86 (x32 Version: 1.3.0)

Polar Bowler (x32 Version: 2.2.0.97)

Premium Sound HD (Version: 1.12.1800)

Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6577)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30130)

Realtek WLAN Driver (x32 Version: 2.00.0016)

ROBLOX Player for alexander (HKCU)

ROBLOX Studio 2013 for alexander (HKCU)

Scribblenauts Unlimited (x32)

Skype™ 6.6 (x32 Version: 6.6.106)

SPORE™ (x32 Version: 1.00.0000)

Steam (x32 Version: 1.0.0.0)

Synaptics Pointing Device Driver (Version: 15.3.38.2)

Team Fortress 2 (x32)

Terraria (x32)

The Elder Scrolls V: Skyrim (x32)

TOSHIBA Application Installer (x32 Version: 9.0.1.2)

TOSHIBA Assist (x32 Version: 4.2.3.1)

Toshiba Book Place (x32 Version: 3.0.9490)

TOSHIBA Bulletin Board (Version: 1.6.11.64)

TOSHIBA Bulletin Board (x32 Version: 1.6.11.64)

TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)

TOSHIBA eco Utility (Version: 1.3.11.64)

TOSHIBA Face Recognition (Version: 3.1.18.64)

TOSHIBA Face Recognition (x32 Version: 3.1.18.64)

TOSHIBA Hardware Setup (x32 Version: 2.00.0020)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.12)

Toshiba Laptop Checkup (x32 Version: 2.0.17.38)

TOSHIBA Media Controller (x32 Version: 1.0.87.5)

TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.7)

Toshiba Online Backup (x32 Version: 2.0.0.31)

TOSHIBA PC Health Monitor (Version: 1.7.15.64)

TOSHIBA Quality Application (x32 Version: 1.0.4)

TOSHIBA Recovery Media Creator (x32 Version: 2.1.6.52020009)

TOSHIBA ReelTime (Version: 1.7.21.64)

TOSHIBA ReelTime (x32 Version: 1.7.21.64)

TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.3.03)

Toshiba Security Dashboard (x32 Version: 1.0.0.48)

TOSHIBA Service Station (x32 Version: 2.2.13)

TOSHIBA Sleep Utility (x32 Version: 1.4.0022.000104)

TOSHIBA Supervisor Password (x32 Version: 2.00.0009)

TOSHIBA User's Guide (x32 Version: 1.00.02)

TOSHIBA Value Added Package (Version: 1.6.0023.640204)

TOSHIBA Value Added Package (x32 Version: 1.6.0023.640204)

TOSHIBA Web Camera Application (x32 Version: 2.0.3.33)

TOSHIBARegistration (x32 Version: 1.0.9)

Unity Web Player (HKCU Version: )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update Installer for WildTangent Games App (x32)

us Mod Manager (Version: 0.34.0)

WildTangent Games (x32 Version: 1.0.3.0)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3538.0513)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

WinRAR 4.20 (64-bit) (Version: 4.20.0)

==================== Restore Points =========================

22-07-2013 16:03:07 Windows Update

25-07-2013 16:25:06 Windows Update

29-07-2013 17:27:59 Windows Update

01-08-2013 16:19:10 Installed Java 7 Update 25

01-08-2013 19:37:04 Windows Update

01-08-2013 23:47:59 Removed Facebook Video Calling 1.2.0.287

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {44AE5F25-C975-4FA6-9F96-364592A79AA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)

Task: {516DABA2-E55B-4993-8D06-529DCC7B19F6} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe [2013-05-29] (Symantec Corporation)

Task: {51B4F113-A9B4-436C-ACF8-F22D5F8597FC} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)

Task: {88177787-A54F-43D5-876C-3CDBC38E93A2} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {9DFBA836-74CE-470A-9445-591B2963E88D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)

Task: {A131FCC8-1460-4E17-AB90-B13669444857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)

Task: {A22AD8CC-699D-4F18-B1AB-9E5FEA6D5AD8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe [2013-05-29] (Symantec Corporation)

Task: {DA532CD7-0017-4E3B-B75A-AD4F9AA1F8B8} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {E3D60A0F-F8E9-40A5-A034-2304B6D9CAEE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)

Task: {E7BAEA7A-9D74-4B87-A537-8404E1B479E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated)

Task: {FFFC3481-735A-407A-A621-96CD62B44704} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (08/04/2013 00:45:08 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 10:40:41 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 10:24:57 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 10:22:29 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 10:12:51 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 00:03:11 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 09:11:18 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 09:05:03 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 08:54:04 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 08:46:25 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (08/04/2013 10:43:44 AM) (Source: Service Control Manager) (User: )

Description: The Software Protection service failed to start due to the following error:

%%1053

Error: (08/04/2013 10:43:44 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (08/04/2013 10:39:52 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (08/04/2013 10:39:52 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (08/04/2013 10:37:58 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (08/04/2013 10:37:58 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (08/04/2013 10:37:34 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (08/04/2013 10:37:34 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (08/04/2013 10:32:46 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (08/04/2013 10:32:46 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Microsoft Office Sessions:

=========================

Error: (08/04/2013 00:45:08 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 10:40:41 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 10:24:57 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 10:22:29 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 10:12:51 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 00:03:11 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 09:11:18 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 09:05:03 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 08:54:04 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 08:46:25 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 47%

Total physical RAM: 3558.37 MB

Available physical RAM: 1870.23 MB

Total Pagefile: 7114.92 MB

Available Pagefile: 4625.43 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106426W0A) (Fixed) (Total:581.16 GB) (Free:440.67 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive d: (SPORE) (CDROM) (Total:3.86 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 404E45E7)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

==================== End Of Log ============================

KrazyNub515 · August 4, 2013

That's all.

KrazyNub515 · August 4, 2013

Aww he's offline.

Maniac · August 4, 2013

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKCU\...\CurrentVersion\Windows: [Load] C:\Users\ALEXAN~1\LOCALS~1\Temp\msrfoi.cmd <===== ATTENTION!
MountPoints2: {06a69f5d-b378-11e1-9b87-806e6f6e6963} - D:\autorun.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

KrazyNub515 · August 4, 2013

Flashdrive?

AdvancedSetup · August 7, 2013

Are you still with us?

AdvancedSetup · August 12, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Help! How do I remove PUM.UserWLoad and Trojan.Ransom?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information