Jump to content

Recommended Posts

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

i will just put it in this format(this is FRST.txt):

 

 

 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by test (administrator) on JUSTIIN-PC on 02-01-2014 19:29:52
Running from C:\Users\test\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe
() C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdobeLineup.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Curse) C:\Users\test\AppData\Local\Apps\2.0\NL1ZH9OW.D58\4ADQG66Y.C3K\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\test\AppData\Local\Temp\RarSFX24\Zie.exe
(Simon Tatham) C:\Users\test\AppData\Roaming\data\Wm_load.exe
(Simon Tatham) C:\Users\test\AppData\Roaming\data\Wm_Scan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Users\test\AppData\Roaming\data\calculator.exe
(Microsoft Corporation) C:\Users\test\AppData\Roaming\data\mstsc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [sRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223180 2012-02-17] ()
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] - C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [598448 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TRUUpdater] - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.)
HKLM-x32\...\Run: [WatcherHelper] - C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [blueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [606024 2013-09-19] (BlueStack Systems, Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-15] (Google Inc.)
HKCU\...\Run: [MediaFire Tray] - C:\Users\test\AppData\Local\MediaFire Express\mf_systray.exe [2349640 2013-04-04] (MediaFire LLC)
HKCU\...\Run: [File] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\test\AppData\Local\Temp\File4582020600662385831.jar" <===== ATTENTION
MountPoints2: {2515bff7-c082-11e2-9d61-00266c136637} - E:\WIN\setup.exe -ap
HKU\Justiin\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-15] (Google Inc.)
HKU\Justiin\...\Run: [AdobeBridge] - [x]
HKU\Justiin\...\Run: [] - [x]
HKU\Justiin\...\Run: [spybot-S&D Cleaning] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.lnk
ShortcutTarget: Adobe.lnk -> C:\Users\test\AppData\Roaming\data\Adobe.vbs ()
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdobeLineup.exe ()
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Graphic.exe.lnk
ShortcutTarget: Graphic.exe.lnk -> C:\Users\test\AppData\Local\Temp\RarSFX27\Graphic.exe (No File)
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minecraft.jar.lnk
ShortcutTarget: Minecraft.jar.lnk -> C:\Users\test\AppData\Local\Temp\RarSFX1\Minecraft.jar (No File)
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbport.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome/?w=20
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E}: [NameServer]64.71.255.205 64.71.255.253
 
FireFox:
========
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Minecraft 2D) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmbhgomhppajmfjpllklachcikbflfk\1.1_0
CHR Extension: (Angry Birds) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Google Docs) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Minecraft Tower Defense) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\djankeomhapijmcecgohnhhfppehfbkc\4.0_0
CHR Extension: (Powered by Redstone) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaafagdemifnmjbmblhleneomcfdmofm\5.0_0
CHR Extension: (Gmail Offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0
CHR Extension: (AdBlock) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Cut the Rope) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (Cut the Rope) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\habdpkhpblcjnaceicglhhnbaikmicoo\1.0_0
CHR Extension: (Angry Birds Space HD) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\headjcpkijafflpiedpeefofgjfcbkkb\0.0.0.1_0
CHR Extension: (Angry Birds Rio) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbmidndnnlgjoedckgkmdhgaphfbkaf\1.0_0
CHR Extension: (Ultimate Flash Sonic) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp\1.0_0
CHR Extension: (Mine Clone) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimhmcpjdmonneljpfolgacbkdoocmpd\1.0_0
CHR Extension: (Google Forms) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg\0.5_0
CHR Extension: (MP3 Player) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadoojjbafjcfdjcafflfnoimccbnlfd\2.0.1_0
CHR Extension: (Quick Earth) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh\3.6_0
CHR Extension: (Gmail Print All for Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfcbaaedcknfcojckihmfmolepkpihp\1_0
CHR Extension: (Games) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdiijhhdoaefbcpgngkfeckicgphcof\1.0.5_0
CHR Extension: (Minecraft Enderdragon and Steve Theme) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncjfhcbnjfholecfmdgegnflipmknmlg\1_0
CHR Extension: (Google Wallet) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [321392 2011-11-03] (Sierra Wireless, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.)
S3 SWUMX20; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-02 19:29 - 2014-01-02 19:31 - 00026011 _____ C:\Users\test\Downloads\FRST.txt
2014-01-02 19:29 - 2014-01-02 19:29 - 00000000 ____D C:\FRST
2014-01-02 19:28 - 2014-01-02 19:29 - 01931498 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2013-12-26 17:26 - 2013-12-26 17:26 - 02269863 _____ C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2013-12-26 17:19 - 2013-12-26 17:22 - 129144315 _____ C:\Users\test\Downloads\Pixelmon 2.5.7.zip
2013-12-24 14:55 - 2013-12-26 22:03 - 00000000 ____D C:\Users\test\AppData\Roaming\TS3Client
2013-12-24 14:46 - 2013-12-24 14:46 - 00000978 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-12-24 14:46 - 2013-12-24 14:46 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-12-24 14:43 - 2013-12-24 14:44 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\test\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2013-12-17 20:46 - 2013-12-17 20:46 - 00010659 _____ C:\Users\test\Downloads\TurboBlock Anti Virus.zip
2013-12-14 13:24 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-14 13:24 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-14 13:24 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-14 13:24 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-14 13:22 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-14 13:22 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-14 13:22 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-14 13:22 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-14 13:22 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-14 13:22 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-14 13:22 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-14 13:22 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-14 13:22 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-14 13:22 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-14 13:22 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-14 13:22 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-14 13:22 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-14 13:22 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-14 13:22 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-14 13:22 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-14 13:22 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-14 13:22 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-14 13:22 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-14 13:22 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-14 13:22 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-14 13:22 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-14 13:22 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-14 13:22 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-14 13:22 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-14 13:22 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-14 13:22 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-14 13:22 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-14 13:22 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-14 13:22 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-14 13:22 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-14 13:17 - 2013-12-14 13:17 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-13 20:43 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-13 20:43 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-13 20:43 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-13 20:43 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-13 20:40 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-13 20:40 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-13 20:40 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-13 20:39 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-13 20:39 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-13 20:39 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-13 20:39 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-13 20:39 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-13 20:39 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-13 20:39 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-13 20:39 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-13 20:39 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-13 20:39 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-13 20:39 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-13 20:39 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-10 19:15 - 2013-12-10 20:15 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-02 19:31 - 2014-01-02 19:29 - 00026011 _____ C:\Users\test\Downloads\FRST.txt
2014-01-02 19:30 - 2009-07-13 23:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 19:30 - 2009-07-13 23:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 19:29 - 2014-01-02 19:29 - 00000000 ____D C:\FRST
2014-01-02 19:29 - 2014-01-02 19:28 - 01931498 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2014-01-02 19:26 - 2012-05-30 12:43 - 02053631 _____ C:\windows\WindowsUpdate.log
2014-01-02 19:25 - 2013-05-04 11:06 - 00000000 ____D C:\Users\test\AppData\Roaming\uTorrent
2014-01-02 19:24 - 2012-03-15 20:32 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 19:24 - 2012-03-15 20:32 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 19:23 - 2013-06-08 16:00 - 00000000 ____D C:\Users\test\AppData\Roaming\Dropbox
2014-01-02 19:23 - 2013-05-13 19:06 - 00000000 ____D C:\Users\test\AppData\Local\Deployment
2014-01-02 19:21 - 2013-07-15 14:17 - 00000000 ____D C:\Users\test\AppData\Roaming\data
2014-01-02 19:21 - 2013-01-26 19:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-02 19:19 - 2013-07-14 07:38 - 00008437 _____ C:\windows\setupact.log
2014-01-02 19:19 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-02 16:15 - 2012-03-15 20:14 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 15:33 - 2013-07-10 18:11 - 00000000 ____D C:\Users\test\AppData\Roaming\.minecraft
2013-12-26 22:03 - 2013-12-24 14:55 - 00000000 ____D C:\Users\test\AppData\Roaming\TS3Client
2013-12-26 17:26 - 2013-12-26 17:26 - 02269863 _____ C:\Users\test\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2013-12-26 17:22 - 2013-12-26 17:19 - 129144315 _____ C:\Users\test\Downloads\Pixelmon 2.5.7.zip
2013-12-24 20:13 - 2013-02-03 17:03 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-24 20:12 - 2013-06-08 16:07 - 00001028 _____ C:\Users\test\Desktop\Dropbox.lnk
2013-12-24 20:12 - 2013-06-08 16:02 - 00000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-24 14:46 - 2013-12-24 14:46 - 00000978 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-12-24 14:46 - 2013-12-24 14:46 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-12-24 14:44 - 2013-12-24 14:43 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\test\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2013-12-17 20:46 - 2013-12-17 20:46 - 00010659 _____ C:\Users\test\Downloads\TurboBlock Anti Virus.zip
2013-12-15 13:14 - 2009-07-14 00:13 - 00779724 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-14 15:50 - 2009-07-14 00:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-14 15:49 - 2013-07-14 07:37 - 04953760 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-14 13:21 - 2013-08-19 14:55 - 00000000 ____D C:\windows\system32\MRT
2013-12-14 13:17 - 2013-12-14 13:17 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-14 13:17 - 2012-03-15 20:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 13:15 - 2012-08-12 14:28 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-13 20:35 - 2013-02-05 13:33 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-10 20:57 - 2013-06-03 11:55 - 00000000 ____D C:\Users\test\AppData\Local\Paint.NET
2013-12-10 20:16 - 2012-03-15 20:14 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 20:16 - 2012-03-15 20:14 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 20:16 - 2012-03-15 20:14 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 20:15 - 2013-12-10 19:15 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-07 19:19 - 2012-03-15 20:32 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 19:19 - 2012-03-15 20:32 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Files to move or delete:
====================
C:\Users\test\AppData\Roaming\CamLayout.ini
C:\Users\test\AppData\Roaming\CamShapes.ini
 
 
Some content of TEMP:
====================
C:\Users\test\AppData\Local\Temp\adhknqux.exe
C:\Users\test\AppData\Local\Temp\jqtxadgk.exe
C:\Users\test\AppData\Local\Temp\koruxbeh.exe
C:\Users\test\AppData\Local\Temp\nnvppqqr.exe
C:\Users\test\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\test\AppData\Local\Temp\xmlUpdater.exe
C:\Users\test\AppData\Local\Temp\{35BDD2C3-A411-40C8-9257-5916EB6D4813}-GoogleToolbarInstaller_updater_signed.exe
C:\Users\test\AppData\Local\Temp\{8D68D845-8515-4FC1-BDCD-3DB137CDF2CA}-GoogleEarth-Win-Bundle-7.1.1.1888.exe
C:\Users\test\AppData\Local\Temp\{A1CA480B-261C-4C86-9EE0-80021BF0612C}-29.0.1547.66_chrome_installer.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-22 18:55
 
==================== End Of Log ============================
Link to post
Share on other sites

and here is additon.txt:

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2014
Ran by test at 2014-01-02 19:31:51
Running from C:\Users\test\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (x32 Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Amazon Kindle (x32 Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.870.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70213.1643 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden
Android SDK Tools (x32 Version: 1.16 - Google Inc.)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Arduino (x32 Version: 1.0.5 - Arduino LLC)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.12.13 - Atheros Communications Inc.)
Auslogics Disk Defrag (x32 Version: 3.6 - Auslogics Software Pty Ltd)
BlueStacks App Player (x32 Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (x32 Version: 0.7.18.921 - BlueStack Systems, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 3.27 - Piriform)
Clash Of Clans ULTIMATE Android Hack 2.3 (x32 Version: 2.3 - Clash Of Clans ULTIMATE)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Curse Client (HKCU Version: 5.1.1.792 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
Free Screen Recorder v2.9 (x32 Version: 2.9 - Nbxsoft Software Development)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
Hollywood FX Volumes 1-3 (x32 Version: 2.0.1 - Corel Corporation)
iExplorer 3.2.2.6 (x32 Version:  - Macroplant LLC)
iFunbox (v2.7.2386.747), iFunbox DevTeam (x32 Version: v2.7.2386.747 - )
iTunes (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 15 (64-bit) (Version: 7.0.150 - Oracle)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 15 (64-bit) (Version: 1.7.0.150 - Oracle)
Java SE Development Kit 7 Update 15 (x32 Version: 1.7.0.150 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MediaFire Express (x32 Version: 0.15.4.4888 - MediaFire)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Minecraft PC Gamer Demo version 1.5 (x32 Version: 1.5 - Mojang)
Mono for Windows 2.10.9 (x32 Version: 2.10.9 - Mono)
Mozilla Firefox 19.0.2 (x86 en-GB) (x32 Version: 19.0.2 - Mozilla)
Mozilla Maintenance Service (x32 Version: 19.0.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 7.2 (x32 Version: 7.2 - NetBeans.org)
Notepad++ (x32 Version: 6.5.1 - Notepad++ Team)
Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)
Pinnacle Studio 16 - Install Manager (x32 Version: 16.1.98 - Corel Corporation)
Pinnacle Studio 16 - Standard Content Pack (x32 Version: 16.0.1 - Corel Corporation)
Pinnacle Studio 16 (x32 Version: 16.0.1.98 - Corel Corporation)
Pinnacle Video Driver (Version: 12.1.0.030 - Pinnacle Systems)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Premium Sound HD (Version: 1.12.0700 - SRS Labs, Inc.)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
RAR Password Unlocker (x32 Version:  - RAR Password Unlocker, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Rogers Connection Manager (x32 Version: 6.0.3321.5603 - Sierra Wireless Inc.)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Sony Ericsson Wireless Manager 5 (x32 Version: 5.3.2076.12 - Sony Ericsson)
Splashtop Remote Client (x32 Version: 1.1.5.0 - Splashtop Inc.) Hidden
Synaptics Pointing Device Driver (Version: 15.3.39.0 - Synaptics Incorporated)
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
Techne (HKCU Version: 1.3.0.15 - ZeuX and r4wk)
TheSkyX First Light Edition (x32 Version: 10.0.2 - Software Bisque, Inc.)
Title Extreme (x32 Version: 2.0.1 - Corel Corporation)
TOSHIBA Assist (x32 Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (Version: 2.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (x32 Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.3.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (x32 Version: 2.1.0.8 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.12 - TOSHIBA Corporation)
TOSHIBA Media Controller (x32 Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (Version: 3.00.07.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (x32 Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32 Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32 Version:  - )
TOSHIBA Supervisor Password (x32 Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.0023.640204 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.0023.640204 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.6.0023.640204 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.5 - TOSHIBA CORPORATION)
Ubuntu (x32 Version: 12.04-rev269 - Ubuntu)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0 - Microsoft Corporation)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 8 (64-bit) (Version: 5.00.8 - win.rar GmbH)
 
==================== Restore Points  =========================
 
13-11-2013 00:15:09 Windows Update
15-11-2013 13:36:52 Windows Update
17-11-2013 00:21:09 Windows Update
17-11-2013 02:06:08 Windows Update
20-11-2013 00:10:52 Windows Update
07-12-2013 21:57:09 Windows Update
14-12-2013 01:43:01 Windows Update
14-12-2013 18:13:37 Windows Update
18-12-2013 00:15:27 Windows Update
24-12-2013 19:28:12 Windows Update
01-01-2014 02:07:44 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2013-02-04 15:55 - 00445034 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0343508F-E556-44F9-9DD5-5284FA51A296} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15A5D327-5550-4463-95A9-4B8164E17EEE} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-24] (TOSHIBA CORPORATION)
Task: {334D9DD1-CFCE-4757-9667-276DC0FD6607} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15] (Google Inc.)
Task: {83EF0D36-FF67-44FB-AAE8-817679A1C20D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {AD4987D0-E67D-4D96-9665-8FD6F433C030} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {FC2FE17A-05B0-4E4C-BC18-7254327AB129} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-22 17:19 - 2011-08-22 17:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-01-19 18:00 - 2011-01-19 18:00 - 00118784 _____ () C:\Program Files\TOSHIBA\PeakShift\MUIHelp.dll
2013-05-20 12:13 - 2013-05-20 12:13 - 00014848 ____N () C:\Users\test\AppData\Local\Apps\2.0\NL1ZH9OW.D58\4ADQG66Y.C3K\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.WowDb.dll
2013-05-20 12:13 - 2013-05-20 12:13 - 00035840 ____N () C:\Users\test\AppData\Local\Apps\2.0\NL1ZH9OW.D58\4ADQG66Y.C3K\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.Advertising.dll
2012-02-24 16:35 - 2012-02-24 16:35 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-03 16:39 - 2011-11-03 16:39 - 00251248 _____ () C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\test\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-13 20:34 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-13 20:34 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-13 20:34 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-13 20:35 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-13 20:34 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2014 07:21:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2014 04:19:59 PM) (Source: BstHdAndroidSvc) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.CleanupHelperProcess(Process proc, String name)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/02/2014 02:54:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2014 10:42:58 AM) (Source: BstHdAndroidSvc) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.CleanupHelperProcess(Process proc, String name)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/01/2014 10:30:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2014 00:46:09 AM) (Source: BstHdAndroidSvc) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.CleanupHelperProcess(Process proc, String name)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (12/31/2013 09:51:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24118
 
Error: (12/31/2013 09:51:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24118
 
Error: (12/31/2013 09:51:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/31/2013 09:51:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23119
 
 
System errors:
=============
Error: (01/02/2014 07:22:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
 
Error: (01/02/2014 07:22:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (01/02/2014 02:56:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
 
Error: (01/02/2014 02:56:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (01/02/2014 02:54:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (01/02/2014 02:54:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (4000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (01/01/2014 10:32:28 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
 
Error: (01/01/2014 10:32:23 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (12/31/2013 10:46:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout (4000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (12/31/2013 10:46:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout (4000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/02/2014 07:21:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2014 04:19:59 PM) (Source: BstHdAndroidSvc)(User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.CleanupHelperProcess(Process proc, String name)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/02/2014 02:54:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2014 10:42:58 AM) (Source: BstHdAndroidSvc)(User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.CleanupHelperProcess(Process proc, String name)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/01/2014 10:30:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2014 00:46:09 AM) (Source: BstHdAndroidSvc)(User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.CleanupHelperProcess(Process proc, String name)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (12/31/2013 09:51:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24118
 
Error: (12/31/2013 09:51:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24118
 
Error: (12/31/2013 09:51:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/31/2013 09:51:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23119
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-19 08:52:44.038
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-19 08:52:43.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 7649.33 MB
Available physical RAM: 4335.72 MB
Total Pagefile: 15296.84 MB
Available Pagefile: 11552.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (S3A5009D002) (Fixed) (Total:685.15 GB) (Free:586.68 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: AD6440E5)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=685 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from the following link and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Post those logs, give update on any remaining issues/concerns..

 

Kevin

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Here is the mbam log:

 

 

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.02.04.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
test :: JUSTIIN-PC [administrator]
 
Protection: Enabled
 
04/02/2013 4:16:02 PM
mbam-log-2013-02-04 (16-16-02).txt
 
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 198850
Time elapsed: 25 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

here is the fixlog.txt:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by test at 2014-01-03 13:21:30 Run:1
Running from C:\Users\test\Downloads\FRST-OlderVersion
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Users\test\AppData\Roaming\CamLayout.ini
C:\Users\test\AppData\Roaming\CamShapes.ini
C:\Users\test\AppData\Local\Temp\adhknqux.exe
C:\Users\test\AppData\Local\Temp\jqtxadgk.exe
C:\Users\test\AppData\Local\Temp\koruxbeh.exe
C:\Users\test\AppData\Local\Temp\nnvppqqr.exe
C:\Users\test\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\test\AppData\Local\Temp\xmlUpdater.exe
C:\Users\test\AppData\Local\Temp\{35BDD2C3-A411-40C8-9257-5916EB6D4813}-GoogleToolbarInstaller_updater_signed.exe
C:\Users\test\AppData\Local\Temp\{8D68D845-8515-4FC1-BDCD-3DB137CDF2CA}-GoogleEarth-Win-Bundle-7.1.1.1888.exe
C:\Users\test\AppData\Local\Temp\{A1CA480B-261C-4C86-9EE0-80021BF0612C}-29.0.1547.66_chrome_installer.exe
C:\Users\test\AppData\Local\Temp\RarSFX24\Zie.exe
End
 
 
 
*****************
 
C:\Users\test\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\test\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\test\AppData\Local\Temp\adhknqux.exe => Moved successfully.
C:\Users\test\AppData\Local\Temp\jqtxadgk.exe => Moved successfully.
C:\Users\test\AppData\Local\Temp\koruxbeh.exe => Moved successfully.
C:\Users\test\AppData\Local\Temp\nnvppqqr.exe => Moved successfully.
C:\Users\test\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\test\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
C:\Users\test\AppData\Local\Temp\{35BDD2C3-A411-40C8-9257-5916EB6D4813}-GoogleToolbarInstaller_updater_signed.exe => Moved successfully.
C:\Users\test\AppData\Local\Temp\{8D68D845-8515-4FC1-BDCD-3DB137CDF2CA}-GoogleEarth-Win-Bundle-7.1.1.1888.exe => Moved successfully.
C:\Users\test\AppData\Local\Temp\{A1CA480B-261C-4C86-9EE0-80021BF0612C}-29.0.1547.66_chrome_installer.exe => Moved successfully.
"C:\Users\test\AppData\Local\Temp\RarSFX24\Zie.exe" => File/Directory not found.
 
==== End of Fixlog ====
Link to post
Share on other sites

and here is the adwcleaner[s0].txt:

 

 

 

# AdwCleaner v3.016 - Report created 03/01/2014 at 14:41:54
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : test - JUSTIIN-PC
# Running from : C:\Users\test\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Justiin\AppData\LocalLow\koyotesofttoolbarnew
Folder Deleted : C:\Users\test\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Justiin\AppData\Roaming\Mozilla\Firefox\Profiles\wte3dp79.default\koyotesofttoolbarnew
File Deleted : C:\Users\Justiin\AppData\Roaming\Mozilla\Firefox\Profiles\wte3dp79.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\searchplugins\safesearch.xml
File Deleted : C:\Users\Justiin\AppData\Roaming\Mozilla\Firefox\Profiles\wte3dp79.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v19.0.2 (en-GB)
 
[ File : C:\Users\Justiin\AppData\Roaming\Mozilla\Firefox\Profiles\uedsova8.default\prefs.js ]
 
 
[ File : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Justiin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
 
[ File : C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2476 octets] - [03/01/2014 14:37:40]
AdwCleaner[s0].txt - [2443 octets] - [03/01/2014 14:41:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2503 octets] ##########
Link to post
Share on other sites

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 
:filefindzie.exe
 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

here is the SystemLook report:

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:40 on 03/01/2014 by test
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "zie.exe"
C:\Users\test\AppData\Local\Temp\RarSFX1\Zie.exe --a---- 1549332 bytes [20:12 14/08/2013] [22:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\Users\test\AppData\Local\Temp\RarSFX24\Zie.exe --a---- 1549332 bytes [19:30 03/01/2014] [23:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\Users\test\AppData\Local\Temp\RarSFX28\Zie.exe --a---- 1549332 bytes [19:46 03/01/2014] [23:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\Users\test\AppData\Local\Temp\RarSFX8\Zie.exe --a---- 1549332 bytes [20:14 01/09/2013] [22:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\Users\test\AppData\Local\Temp\RarSFX9\Zie.exe --a---- 1549332 bytes [23:07 15/10/2013] [22:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\Users\test\AppData\Roaming\data\Zie.exe --a---- 1549332 bytes [19:30 03/01/2014] [23:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
 
-= EOF =-
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Users\test\AppData\Local\Temp\RarSFX1\Zie.exeC:\Users\test\AppData\Local\Temp\RarSFX24\Zie.exeC:\Users\test\AppData\Local\Temp\RarSFX28\Zie.exeC:\Users\test\AppData\Local\Temp\RarSFX8\Zie.exeC:\Users\test\AppData\Local\Temp\RarSFX9\Zie.exeC:\Users\test\AppData\Roaming\data\Zie.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post that log...

 

Let me know if any change/improvement...

Link to post
Share on other sites

I just did. zie.exe is up and running:( but JRAT seems to be gone. here is the OTM report:

 

 

All processes killed
========== FILES ==========
C:\Users\test\AppData\Local\Temp\RarSFX1\Zie.exe moved successfully.
C:\Users\test\AppData\Local\Temp\RarSFX24\Zie.exe moved successfully.
File/Folder C:\Users\test\AppData\Local\Temp\RarSFX28\Zie.exe not found.
C:\Users\test\AppData\Local\Temp\RarSFX8\Zie.exe moved successfully.
C:\Users\test\AppData\Local\Temp\RarSFX9\Zie.exe moved successfully.
C:\Users\test\AppData\Roaming\data\Zie.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 363950 bytes
->Temporary Internet Files folder emptied: 56645 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 979996 bytes
->Google Chrome cache emptied: 68558252 bytes
->Flash cache emptied: 58264 bytes
 
User: Justiin
->Temp folder emptied: 188418 bytes
->Temporary Internet Files folder emptied: 598 bytes
->Java cache emptied: 517 bytes
->FireFox cache emptied: 400475421 bytes
->Google Chrome cache emptied: 29558475 bytes
->Flash cache emptied: 57271 bytes
 
User: Public
 
User: test
->Temp folder emptied: 180982890 bytes
->Temporary Internet Files folder emptied: 10201662 bytes
->Java cache emptied: 208754 bytes
->FireFox cache emptied: 6164467 bytes
->Google Chrome cache emptied: 363322955 bytes
->Flash cache emptied: 57215 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 881330313 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2866772 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 58229023 bytes
RecycleBin emptied: 1087892237 bytes
 
Total Files Cleaned = 2,948.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01032014_191248
 
Files moved on Reboot...
C:\Users\test\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX2ATH50\addons-tracker-v4[3].htm moved successfully.
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Here is the SystemLook log:

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:30 on 03/01/2014 by test
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "zie.exe"
C:\Users\test\AppData\Local\Temp\RarSFX0\Zie.exe --a---- 1549332 bytes [00:17 04/01/2014] [23:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\Users\test\AppData\Roaming\data\Zie.exe --a---- 1549332 bytes [00:17 04/01/2014] [23:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\_OTM\MovedFiles\01032014_191248\C_Users\test\AppData\Local\Temp\RarSFX1\Zie.exe --a---- 1549332 bytes [20:12 14/08/2013] [22:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\_OTM\MovedFiles\01032014_191248\C_Users\test\AppData\Local\Temp\RarSFX24\Zie.exe --a---- 1549332 bytes [19:30 03/01/2014] [23:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\_OTM\MovedFiles\01032014_191248\C_Users\test\AppData\Local\Temp\RarSFX8\Zie.exe --a---- 1549332 bytes [20:14 01/09/2013] [22:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\_OTM\MovedFiles\01032014_191248\C_Users\test\AppData\Local\Temp\RarSFX9\Zie.exe --a---- 1549332 bytes [23:07 15/10/2013] [22:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
C:\_OTM\MovedFiles\01032014_191248\C_Users\test\AppData\Roaming\data\Zie.exe --a---- 1549332 bytes [19:30 03/01/2014] [23:47 10/07/2013] 19377D8D54C3F87DA80CCFA60A554A3A
 
-= EOF =-
Link to post
Share on other sites

The problem file that causes you concern appears to be created in this folder RarSFX0 via temp, then in the data folder. RarSFX0 is created by a program named WinRar, I see from the programs list that you have a Beta version of Winrar installed...

 

Best to get Zie.exe checked first to make sure it is actually malicious, if so we then will probably need to uninstall WinRar and then remove Zie.exe to ensure is finally gone..

 

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Users\test\AppData\Roaming\data\Zie.exe or just copy/paste it in.
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
  • Repeat the above steps for the following files

 

You will probably have to "show" hidden files/folders to see the appdata entry. Go to the following link for instructions if needed...

 

http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html

 

Let me see results from VT

Link to post
Share on other sites

here's the results. The analysis says:

 

 

SHA256: c271f7051b7abf3db8a0e8ea90cb8b844686d1c8a019239f77fdd8204ace1cee File name: Zie.exe Detection ratio: 24 / 48 Analysis date: 2014-01-04 14:39:26 UTC ( 0 minutes ago )
 
AVG Generic8_c.BRFX 20140104 Agnitum Riskware.BitCoinMiner!KQanENAh848 20140103 AntiVir TR/Rogue.1102600 20140104 Avast Unix:Malware-gen 20140104 Baidu-International Trojan.VBS.Runner.AlN 20131213 Comodo UnclassifiedMalware 20140104 DrWeb Trojan.DownLoader8.28591 20140104 ESET-NOD32 Win32/CoinMiner.GE 20140104 Fortinet W32/BitCoinMiner.P 20140104 Ikarus Trojan.VBS.Runner 20140104 Kaspersky Trojan.VBS.Runner.eg 20140104 Kingsoft Win32.TrojDownloader.Genome.dj.(kcloud) 20130829 McAfee Artemis!19377D8D54C3 20140104 McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.S 20140104 NANO-Antivirus Trojan.Win32.BitCoinMiner.bxgofr 20140104 Norman BitCoin.L 20140104 Panda Suspicious file 20140104 Sophos Mal/Generic-S 20140104 Symantec WS.Reputation.1 20140104 TheHacker Trojan/Autoit.nki 20140102 TrendMicro HKTL_BITMINE.SML 20140104 TrendMicro-HouseCall TROJ_GEN.F47V0715 20140104 VBA32 Trojan.Autoit.Wirus 20140104 VIPRE Trojan.Win32.Generic!BT 20140104 Ad-Aware   20140104 AhnLab-V3   20140104 Antiy-AVL   20140104 BitDefender   20140104 Bkav   20140104 ByteHero   20131226 CAT-QuickHeal   20140104 ClamAV   20140102 Commtouch   20140104 Emsisoft   20140104 F-Prot   20140104 F-Secure   20140104 GData   20140104 Jiangmin   20140104 K7AntiVirus   20140103 K7GW   20140103 Malwarebytes   20140104 MicroWorld-eScan   20140104 Microsoft   20140104 Rising   20140104 SUPERAntiSpyware   20140104 TotalDefense   20140104 ViRobot   20140104 nProtect   20140103
 
Link to post
Share on other sites

the file detail says:

 

 

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
 PE signature block
File version 3, 3, 8, 0
 ExifTool file metadata
UninitializedDataSize
483328
LinkerVersion
10.0
ImageVersion
0.0
FileVersionNumber
3.3.8.0
LanguageCode
English (British)
FileFlagsMask
0x0017
CharacterSet
Unicode
InitializedDataSize
32768
MIMEType
application/octet-stream
FileVersion
3, 3, 8, 0
TimeStamp
2011:12:23 11:59:31+01:00
FileType
Win32 EXE
PEType
PE32
SubsystemVersion
5.0
OSVersion
5.0
FileOS
Win32
Subsystem
Windows GUI
CompiledScript
AutoIt v3 Script: 3, 3, 8, 0
MachineType
Intel 386 or later, and compatibles
CodeSize
274432
FileSubtype
0
ProductVersionNumber
3.3.8.0
EntryPoint
0xb8e70
ObjectFileType
Unknown
 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.