svchost malware

[gonzoman1991]

Okay guys here is my issue. I had some memory issues sp trying to get to the bottom of it I find this svchost.exe in a process analyzer that is using crazy amounts of it. There are no processes listed like a normal svchost.exe does. I ran a malwarebytes scan and it didn't take care of it. I can also not open windows defender. It instantly closes out when I try and open it. I also get notifications every minute or so saying that malwarebytes has blocked an outbound malicious website. Please help me counter this spynet crap.

 

Thanks in advance.

 

FRST is below 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014

Ran by Gonzo (administrator) on OZNOG on 29-05-2014 17:52:34

Running from C:\Users\Gonzo\Desktop

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.6\ScriptHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Malwarebytes Corporation                                    ) C:\Users\Gonzo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COS1MHMT\mbam-setup-2.0.2.1012.exe

() C:\Users\Gonzo\AppData\Local\Temp\is-08VTC.tmp\mbam-setup-2.0.2.1012.tmp

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\realplay.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2557976 2014-05-26] ()

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296008 2014-02-05] (RealNetworks, Inc.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [{c63d87c3-328c-d33e-c792-e20a6296a660}] => C:\ProgramData\Microsoft\{c63d87c3-328c-d33e-c792-e20a6296a660}\{c63d87c3-328c-d33e-c792-e20a6296a660}.exe [216109 2014-05-28] ()

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer\Run: [{c63d87c3-328c-d33e-c792-e20a6296a660}] => C:\ProgramData\Microsoft\{c63d87c3-328c-d33e-c792-e20a6296a660}\{c63d87c3-328c-d33e-c792-e20a6296a660}.exe [216109 2014-05-28] ( ())

HKU\S-1-5-21-1221897127-376674755-709361087-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-09] ()

HKU\S-1-5-21-1221897127-376674755-709361087-1001\...\Run: [skype] => C:\Users\Gonzo\Desktop\Skype.exe [17877168 2012-11-09] (Skype Technologies S.A.)

HKU\S-1-5-21-1221897127-376674755-709361087-1001\...\Run: [Google Update] => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-21] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk

ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

Startup: C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk

ShortcutTarget: Curse.lnk -> C:\Users\Gonzo\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEDF2482AB5D5CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={AAF30B4F-6978-46EA-80C5-9016A97B8956}&mid=8450fd0180e647d29575d16f5ea2d27b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=df011&coid=avgtbdisdf&cmpid=&pr=sa&d=2014-02-05 21:04:41&v=18.1.6.542&pid=safeguard&sg=&sap=dsp&q={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)

BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.6.542\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.6.542\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.6\ViProtocol.dll (AVG Secure Search)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 208.180.42.100

 

FireFox:

========

FF ProfilePath: C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\zttvqbvq.default

FF DefaultSearchEngine: AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search

FF Homepage: hxxp://mysearch.avg.com?cid={AAF30B4F-6978-46EA-80C5-9016A97B8956}&mid=8450fd0180e647d29575d16f5ea2d27b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=df011&coid=avgtbdisdf&cmpid=&pr=sa&d=&v=18.0.5.292&pid=safeguard&sg=&sap=hp

FF Keyword.URL: user_pref("keyword.URL", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.6\\npsitesafety.dll No File

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @real.com/nppl3260;version=17.0.4.61 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.7.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.7.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.7.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=17.0.4.61 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gonzo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gonzo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF user.js: detected! => C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\zttvqbvq.default\user.js

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF Extension: Yahoo! Toolbar - C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\zttvqbvq.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-06-18]

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.6.542

FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.6.542 [2014-05-26]

FF HKLM-x32\...\Firefox\Extensions: [{10E4285F-D79B-4147-9447-81DFF109A394}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-05]

 

Chrome: 

=======

CHR HomePage: hxxp://mysearch.avg.com?cid={AAF30B4F-6978-46EA-80C5-9016A97B8956}&mid=8450fd0180e647d29575d16f5ea2d27b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=df011&coid=avgtbdisdf&cmpid=&pr=sa&d=2014-02-05 21:04:41&v=17.3.1.91&pid=safeguard&sg=&sap=hp

CHR StartupUrls: "hxxp://mysearch.avg.com?cid={AAF30B4F-6978-46EA-80C5-9016A97B8956}&mid=8450fd0180e647d29575d16f5ea2d27b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=df011&coid=avgtbdisdf&cmpid=&pr=sa&d=2014-02-05 21:04:41&v=17.3.1.91&pid=safeguard&sg=&sap=hp"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File

CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Extension: (Google Drive) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]

CHR Extension: (YouTube) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]

CHR Extension: (Google Search) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]

CHR Extension: (RealPlayer Downloader) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-25]

CHR Extension: (AVG SafeGuard) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-05-13]

CHR Extension: (Google Wallet) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

CHR Extension: (Gmail) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-12-14]

 

==================== Services (Whitelisted) =================

 

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-12-14] ()

S4 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-02-05] (RealNetworks, Inc.)

S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2013-12-16] ()

S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)

S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)

S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S4 vToolbarUpdater18.1.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.6\ToolbarUpdater.exe [1801240 2014-05-26] (AVG Secure Search)

 

==================== Drivers (Whitelisted) ====================

 

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.)

S1 bvvpaaka; \??\C:\Windows\system32\drivers\bvvpaaka.sys [X]

S1 fiwcyxql; \??\C:\Windows\system32\drivers\fiwcyxql.sys [X]

S1 iozychlf; \??\C:\Windows\system32\drivers\iozychlf.sys [X]

S1 qgkyvcsm; \??\C:\Windows\system32\drivers\qgkyvcsm.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S1 wtxftbwl; \??\C:\Windows\system32\drivers\wtxftbwl.sys [X]

S1 xkfkouky; \??\C:\Windows\system32\drivers\xkfkouky.sys [X]

S1 zbiakiri; \??\C:\Windows\system32\drivers\zbiakiri.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-05-29 17:52 - 2014-05-29 17:52 - 02066944 _____ (Farbar) C:\Users\Gonzo\Desktop\FRST64.exe

2014-05-29 17:52 - 2014-05-29 17:52 - 00017510 _____ () C:\Users\Gonzo\Desktop\FRST.txt

2014-05-29 17:52 - 2014-05-29 17:52 - 00000000 ____D () C:\FRST

2014-05-29 17:51 - 2014-05-29 17:51 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-29 17:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-29 17:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-29 17:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-29 17:41 - 2014-05-29 17:41 - 01402880 _____ () C:\Users\Gonzo\Downloads\HiJackThis.msi

2014-05-29 17:41 - 2014-05-29 17:41 - 00002975 _____ () C:\Users\Gonzo\Desktop\HiJackThis.lnk

2014-05-29 17:41 - 2014-05-29 17:41 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-05-29 17:41 - 2014-05-29 17:41 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-05-28 21:02 - 2014-05-28 21:02 - 13829304 _____ (Microsoft Corporation) C:\Users\Gonzo\Downloads\mseinstall (1).exe

2014-05-28 21:02 - 2014-05-28 21:02 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-05-28 20:22 - 2014-05-28 20:22 - 01243655 _____ () C:\Users\Gonzo\Downloads\ProcessExplorer.zip

2014-05-28 20:20 - 2014-05-28 20:20 - 13829304 _____ (Microsoft Corporation) C:\Users\Gonzo\Downloads\mseinstall.exe

2014-05-28 20:05 - 2014-05-28 20:05 - 00276267 _____ () C:\Users\Gonzo\Downloads\RAMMap.zip

2014-05-26 19:34 - 2014-05-26 19:35 - 00047734 _____ () C:\Windows\wininit.ini

2014-05-26 19:02 - 2014-05-26 19:02 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-05-26 11:34 - 2014-05-26 11:34 - 00000000 ____D () C:\ProgramData\Avg_Update_0414c

2014-05-15 18:01 - 2014-05-25 00:34 - 00003442 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task

2014-05-15 18:01 - 2014-05-24 23:45 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\2ED0

2014-05-13 21:19 - 2014-05-13 21:19 - 00244000 _____ (Premium Installer ) C:\Users\Gonzo\Downloads\Setup.exe

2014-05-13 21:14 - 2014-05-28 20:27 - 00007600 _____ () C:\Users\Gonzo\AppData\Local\Resmon.ResmonCfg

2014-05-13 19:50 - 2014-05-13 19:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-05-13 19:49 - 2014-05-26 19:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-05-13 19:49 - 2014-05-26 19:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-05-13 19:49 - 2014-05-13 19:49 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-05-13 19:49 - 2014-05-13 19:49 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-05-13 19:49 - 2014-05-13 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-05-13 19:49 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-05-13 19:47 - 2014-05-13 19:48 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Gonzo\Downloads\spybot-2.3.exe

2014-05-07 17:44 - 2014-05-28 19:04 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Curse Client

2014-05-07 17:44 - 2014-05-07 17:44 - 00001029 _____ () C:\Users\Gonzo\Desktop\Curse.lnk

2014-05-07 17:44 - 2014-05-07 17:44 - 00001015 _____ () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk

2014-05-07 17:44 - 2014-05-07 17:44 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2014-05-07 17:43 - 2014-05-07 17:43 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Curse

2014-05-07 17:41 - 2014-05-07 17:41 - 37746736 _____ (Curse) C:\Users\Gonzo\Downloads\CurseClientSetup.exe

2014-05-04 09:32 - 2014-05-04 09:32 - 01069776 _____ (Solid State Networks) C:\Users\Gonzo\Downloads\install_flashplayer13x32_mssd_aaa_aih.exe

2014-04-29 21:08 - 2014-04-29 21:12 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Ventrilo

2014-04-29 21:08 - 2014-04-29 21:08 - 00000913 _____ () C:\Users\Gonzo\Desktop\Ventrilo.lnk

2014-04-29 21:08 - 2014-04-29 21:08 - 00000262 _____ () C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

2014-04-29 21:08 - 2014-04-29 21:08 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo

2014-04-29 21:08 - 2014-04-29 21:08 - 00000000 ____D () C:\Program Files\Ventrilo

2014-04-29 21:07 - 2014-04-29 21:07 - 04135696 _____ () C:\Users\Gonzo\Downloads\ventrilo-3.0.8-Windows-x64.exe

 

==================== One Month Modified Files and Folders =======

 

2014-05-29 17:52 - 2014-05-29 17:52 - 02066944 _____ (Farbar) C:\Users\Gonzo\Desktop\FRST64.exe

2014-05-29 17:52 - 2014-05-29 17:52 - 00017510 _____ () C:\Users\Gonzo\Desktop\FRST.txt

2014-05-29 17:52 - 2014-05-29 17:52 - 00000000 ____D () C:\FRST

2014-05-29 17:52 - 2012-12-09 09:45 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\PMB Files

2014-05-29 17:52 - 2012-12-08 21:04 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\Temp

2014-05-29 17:51 - 2014-05-29 17:51 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-29 17:51 - 2014-05-29 17:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-29 17:50 - 2012-12-08 21:01 - 01875087 _____ () C:\Windows\WindowsUpdate.log

2014-05-29 17:47 - 2012-12-09 15:09 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-29 17:41 - 2014-05-29 17:41 - 01402880 _____ () C:\Users\Gonzo\Downloads\HiJackThis.msi

2014-05-29 17:41 - 2014-05-29 17:41 - 00002975 _____ () C:\Users\Gonzo\Desktop\HiJackThis.lnk

2014-05-29 17:41 - 2014-05-29 17:41 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-05-29 17:41 - 2014-05-29 17:41 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-05-29 17:40 - 2013-12-21 22:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001UA.job

2014-05-29 17:39 - 2012-12-09 15:09 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-28 21:14 - 2009-07-13 23:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-28 21:14 - 2009-07-13 23:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-28 21:13 - 2009-07-14 00:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-28 21:10 - 2012-12-16 17:24 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Skype

2014-05-28 21:09 - 2014-02-12 22:36 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1221897127-376674755-709361087-1001

2014-05-28 21:09 - 2014-02-05 22:33 - 00003334 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1221897127-376674755-709361087-1001

2014-05-28 21:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-28 21:09 - 2009-07-13 23:51 - 00118922 _____ () C:\Windows\setupact.log

2014-05-28 21:02 - 2014-05-28 21:02 - 13829304 _____ (Microsoft Corporation) C:\Users\Gonzo\Downloads\mseinstall (1).exe

2014-05-28 21:02 - 2014-05-28 21:02 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-05-28 21:02 - 2012-12-08 22:29 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-05-28 20:52 - 2012-12-08 22:09 - 00134416 _____ () C:\Windows\PFRO.log

2014-05-28 20:27 - 2014-05-13 21:14 - 00007600 _____ () C:\Users\Gonzo\AppData\Local\Resmon.ResmonCfg

2014-05-28 20:22 - 2014-05-28 20:22 - 01243655 _____ () C:\Users\Gonzo\Downloads\ProcessExplorer.zip

2014-05-28 20:20 - 2014-05-28 20:20 - 13829304 _____ (Microsoft Corporation) C:\Users\Gonzo\Downloads\mseinstall.exe

2014-05-28 20:12 - 2012-12-09 09:45 - 00000000 ____D () C:\ProgramData\PMB Files

2014-05-28 20:05 - 2014-05-28 20:05 - 00276267 _____ () C:\Users\Gonzo\Downloads\RAMMap.zip

2014-05-28 19:04 - 2014-05-07 17:44 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Curse Client

2014-05-27 18:21 - 2013-12-21 22:51 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001Core.job

2014-05-26 19:53 - 2014-05-13 19:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-05-26 19:35 - 2014-05-26 19:34 - 00047734 _____ () C:\Windows\wininit.ini

2014-05-26 19:09 - 2014-05-13 19:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-05-26 19:05 - 2014-02-05 22:04 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar

2014-05-26 19:02 - 2014-05-26 19:02 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-05-26 11:34 - 2014-05-26 11:34 - 00000000 ____D () C:\ProgramData\Avg_Update_0414c

2014-05-25 00:34 - 2014-05-15 18:01 - 00003442 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task

2014-05-24 23:45 - 2014-05-15 18:01 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\2ED0

2014-05-13 21:19 - 2014-05-13 21:19 - 00244000 _____ (Premium Installer ) C:\Users\Gonzo\Downloads\Setup.exe

2014-05-13 19:50 - 2014-05-13 19:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-05-13 19:49 - 2014-05-13 19:49 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-05-13 19:49 - 2014-05-13 19:49 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-05-13 19:49 - 2014-05-13 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-05-13 19:48 - 2014-05-13 19:47 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Gonzo\Downloads\spybot-2.3.exe

2014-05-13 19:46 - 2014-02-05 22:04 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\AVG SafeGuard toolbar

2014-05-12 07:26 - 2014-05-29 17:51 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:26 - 2014-05-29 17:51 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-05-29 17:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-09 01:45 - 2014-02-05 22:04 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2014-05-08 15:42 - 2012-12-09 15:09 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-08 15:42 - 2012-12-09 15:09 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-07 17:44 - 2014-05-07 17:44 - 00001029 _____ () C:\Users\Gonzo\Desktop\Curse.lnk

2014-05-07 17:44 - 2014-05-07 17:44 - 00001015 _____ () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk

2014-05-07 17:44 - 2014-05-07 17:44 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2014-05-07 17:44 - 2012-12-08 21:04 - 00000000 ___RD () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-07 17:43 - 2014-05-07 17:43 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Curse

2014-05-07 17:41 - 2014-05-07 17:41 - 37746736 _____ (Curse) C:\Users\Gonzo\Downloads\CurseClientSetup.exe

2014-05-06 18:16 - 2013-12-21 22:51 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001UA

2014-05-06 18:16 - 2013-12-21 22:51 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001Core

2014-05-04 09:32 - 2014-05-04 09:32 - 01069776 _____ (Solid State Networks) C:\Users\Gonzo\Downloads\install_flashplayer13x32_mssd_aaa_aih.exe

2014-04-29 21:12 - 2014-04-29 21:08 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Ventrilo

2014-04-29 21:08 - 2014-04-29 21:08 - 00000913 _____ () C:\Users\Gonzo\Desktop\Ventrilo.lnk

2014-04-29 21:08 - 2014-04-29 21:08 - 00000262 _____ () C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

2014-04-29 21:08 - 2014-04-29 21:08 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo

2014-04-29 21:08 - 2014-04-29 21:08 - 00000000 ____D () C:\Program Files\Ventrilo

2014-04-29 21:07 - 2014-04-29 21:07 - 04135696 _____ () C:\Users\Gonzo\Downloads\ventrilo-3.0.8-Windows-x64.exe

 

Files to move or delete:

====================

C:\ProgramData\828z00a.fee

C:\ProgramData\828z00a.zvv

C:\ProgramData\8j6bnbe3.fee

C:\ProgramData\8j6bnbe3.zvv

C:\ProgramData\oxt8zwl3.fee

C:\ProgramData\oxt8zwl3.zvv

 

 

Some content of TEMP:

====================

C:\Users\Gonzo\AppData\Local\Temp\mpam-afb6a844.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-05-19 00:35

 

==================== End Of Log ============================ 

 

 

Addition is below                                                                                                                                             

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014

Ran by Gonzo at 2014-05-29 17:52:49

Running from C:\Users\Gonzo\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Out of date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: Microsoft Security Essentials (Enabled - Out of date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.149 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.168 - Adobe Systems Incorporated)

AMD Accelerated Video Transcoding (Version: 12.5.100.20928 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.70928.1539 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.6.542 - AVG Technologies)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden

ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )

FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)

League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 18.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.1 (x86 en-US)) (Version: 18.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 18.0.1 - Mozilla)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)

Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)

Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)

Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )

RealDownloader (x32 Version: 1.7.0 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.4 - RealNetworks)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)

Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)

Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1682.0 - Hi-Rez Studios)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

 

==================== Restore Points  =========================

 

05-09-2012 17:14:44 Scheduled Checkpoint

06-09-2012 00:03:36 Installed MediaImpression

06-09-2012 00:05:19 Installed Connect Service

09-09-2012 21:34:26 Installed Connect Service

17-09-2012 00:09:03 Scheduled Checkpoint

18-05-2014 06:33:54 Windows Update

22-05-2014 04:44:38 Windows Update

26-05-2014 04:44:40 Windows Update

29-05-2014 22:41:22 Installed HiJackThis

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {2FCF1136-B4E8-4F51-9CAB-887906587093} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1221897127-376674755-709361087-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)

Task: {34D2A38A-A4E7-442B-8B40-37D6AEDD7718} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {4D12B805-682A-419F-B0A4-E5F2F29D91E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {55C71623-BCF9-4EB1-86C5-00AC1E53AFDD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {89D12B49-CF67-4CDF-AF2E-FCE515A6CBA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09] (Google Inc.)

Task: {A43C7F0C-724C-4A6E-97AE-A7444966271F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001Core => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-21] (Google Inc.)

Task: {A453198C-500E-455B-831D-860A05C46632} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\Gonzo\AppData\Local\Temp\swfywcs.dll",DllRegisterServer

Task: {ABCEA388-D4B1-4D23-AFD8-E5F447B58AD3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001UA => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-21] (Google Inc.)

Task: {B0B9B5BA-BC5E-4DDF-BA34-E95B66D57775} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1221897127-376674755-709361087-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)

Task: {C612F048-B62C-4130-B323-1057E880D6CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001Core.job => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221897127-376674755-709361087-1001UA.job => C:\Users\Gonzo\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-12-09 09:45 - 2012-12-09 09:45 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

2014-02-05 22:04 - 2014-05-26 19:05 - 02557976 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

2014-05-29 17:51 - 2014-05-29 17:51 - 00706560 _____ () C:\Users\Gonzo\AppData\Local\Temp\is-08VTC.tmp\mbam-setup-2.0.2.1012.tmp

2014-05-26 19:02 - 2014-05-26 19:01 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.6\log4cplusU.dll

2014-05-22 11:54 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-22 11:54 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-22 11:54 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-22 11:54 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-22 11:54 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

2014-05-22 11:54 - 2014-05-13 18:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\Services: AMD External Events Utility => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: HiPatchService => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2

MSCONFIG\Services: RealPlayer Cloud Service => 2

MSCONFIG\Services: RealPlayerUpdateSvc => 2

MSCONFIG\Services: SDScannerService => 2

MSCONFIG\Services: SDUpdateService => 2

MSCONFIG\Services: SDWSCService => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: vToolbarUpdater18.1.6 => 2

MSCONFIG\Services: YahooAUService => 2

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/28/2014 07:04:05 PM) (Source: BugSplat) (EventID: 1) (User: )

Description: This event has been logged by the BugSplat crash reporting library (http://www.bugsplatsoftware.com) 

in partnership with your vendor lol_beta_riotgames_com.

A crash report from the application 'LOL_Public' has been successfully logged into the BugSplat database with id=114913704.

Please contact your vendor for more information.

 

Error: (05/28/2014 07:03:36 PM) (Source: BugSplat) (EventID: 1) (User: )

Description: This event has been logged by the BugSplat crash reporting library (http://www.bugsplatsoftware.com) 

in partnership with your vendor lol_beta_riotgames_com.

A crash report from the application 'LOL_Public' has been successfully logged into the BugSplat database with id=114913692.

Please contact your vendor for more information.

 

Error: (05/28/2014 06:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LoLLauncher.exe, version: 2.10.0.175, time stamp: 0x537a91f4

Faulting module name: LoLLauncher.exe, version: 2.10.0.175, time stamp: 0x537a91f4

Exception code: 0xc0000005

Fault offset: 0x00049038

Faulting process id: 0x1be0

Faulting application start time: 0xLoLLauncher.exe0

Faulting application path: LoLLauncher.exe1

Faulting module path: LoLLauncher.exe2

Report Id: LoLLauncher.exe3

 

Error: (05/28/2014 06:47:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 35.0.1916.114, time stamp: 0x53726019

Faulting module name: chrome.dll, version: 35.0.1916.114, time stamp: 0x53725d18

Exception code: 0x80000003

Fault offset: 0x004761eb

Faulting process id: 0x76c

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (05/28/2014 06:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: CoherentUI_Host.exe, version: 1.8.0.0, time stamp: 0x52ea6518

Faulting module name: CoherentUI_Host.exe, version: 1.8.0.0, time stamp: 0x52ea6518

Exception code: 0xc0000005

Fault offset: 0x0005b914

Faulting process id: 0x2198

Faulting application start time: 0xCoherentUI_Host.exe0

Faulting application path: CoherentUI_Host.exe1

Faulting module path: CoherentUI_Host.exe2

Report Id: CoherentUI_Host.exe3

 

Error: (05/28/2014 07:23:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: MOM.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.OutOfMemoryException

Stack:

   at System.Threading.RegisteredWaitHandle..ctor()

   at System.Threading.ThreadPool.RegisterWaitForSingleObject(System.Threading.WaitHandle, System.Threading.WaitOrTimerCallback, System.Object, UInt32, Boolean, System.Threading.StackCrawlMark ByRef, Boolean)

   at System.Threading.ThreadPool.UnsafeRegisterWaitForSingleObject(System.Threading.WaitHandle, System.Threading.WaitOrTimerCallback, System.Object, System.TimeSpan, Boolean)

   at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.TimeoutConnections(System.Object, Boolean)

   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

 

Error: (05/28/2014 01:48:00 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (05/26/2014 09:01:17 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (05/19/2014 00:30:39 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (05/18/2014 00:30:42 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

 

System errors:

=============

Error: (05/29/2014 05:39:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: %NT AUTHORITY51

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: %NT AUTHORITY51

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: %NT AUTHORITY51

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 1.175.768.0

 

Previous Signature Version: 

 

Update Source: %NT AUTHORITY15

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 1.175.768.0

 

Previous Signature Version: 

 

Update Source: %NT AUTHORITY15

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (05/28/2014 10:14:38 PM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

 

New Engine Version: 1.1.10600.0

 

Previous Engine Version: 

 

Engine Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Error Code: %NT AUTHORITY601

 

Error description: %NT AUTHORITY602

 

Error: (05/28/2014 09:47:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.175.755.0).

 

Error: (05/28/2014 09:46:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (05/28/2014 09:46:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 1.175.755.0

 

Previous Signature Version: 

 

Update Source: %NT AUTHORITY15

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

 

Microsoft Office Sessions:

=========================

Error: (05/28/2014 07:04:05 PM) (Source: BugSplat) (EventID: 1) (User: )

Description: lol_beta_riotgames_comLOL_Public114913704

 

Error: (05/28/2014 07:03:36 PM) (Source: BugSplat) (EventID: 1) (User: )

Description: lol_beta_riotgames_comLOL_Public114913692

 

Error: (05/28/2014 06:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: LoLLauncher.exe2.10.0.175537a91f4LoLLauncher.exe2.10.0.175537a91f4c0000005000490381be001cf7acf2cb9d309C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.208\deploy\LoLLauncher.exeC:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.208\deploy\LoLLauncher.exe7a96306f-e6c2-11e3-b8fd-002618463b88

 

Error: (05/28/2014 06:47:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe35.0.1916.11453726019chrome.dll35.0.1916.11453725d1880000003004761eb76c01cf7acf35c29427C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll7468ad87-e6c2-11e3-b8fd-002618463b88

 

Error: (05/28/2014 06:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: CoherentUI_Host.exe1.8.0.052ea6518CoherentUI_Host.exe1.8.0.052ea6518c00000050005b914219801cf79435488d0dbC:\Users\Gonzo\AppData\Roaming\Curse Client\Bin\CoherentUI_Host.exeC:\Users\Gonzo\AppData\Roaming\Curse Client\Bin\CoherentUI_Host.exe5bdb602f-e6c2-11e3-b8fd-002618463b88

 

Error: (05/28/2014 07:23:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: MOM.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.OutOfMemoryException

Stack:

   at System.Threading.RegisteredWaitHandle..ctor()

   at System.Threading.ThreadPool.RegisterWaitForSingleObject(System.Threading.WaitHandle, System.Threading.WaitOrTimerCallback, System.Object, UInt32, Boolean, System.Threading.StackCrawlMark ByRef, Boolean)

   at System.Threading.ThreadPool.UnsafeRegisterWaitForSingleObject(System.Threading.WaitHandle, System.Threading.WaitOrTimerCallback, System.Object, System.TimeSpan, Boolean)

   at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.TimeoutConnections(System.Object, Boolean)

   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

 

Error: (05/28/2014 01:48:00 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe

 

Error: (05/26/2014 09:01:17 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe

 

Error: (05/19/2014 00:30:39 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe

 

Error: (05/18/2014 00:30:42 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-02-06 20:36:40.765

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-06 20:35:54.108

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 46%

Total physical RAM: 6135.11 MB

Available physical RAM: 3290.72 MB

Total Pagefile: 12268.41 MB

Available Pagefile: 8444.52 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:223.47 GB) (Free:128.08 GB) NTFS

Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (WinOld) (Fixed) (Total:288.38 GB) (Free:102.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: () (Fixed) (Total:299.9 GB) (Free:148.07 GB) NTFS

Drive g: (Recorded TV) (Fixed) (Total:350 GB) (Free:109.63 GB) NTFS

Drive h: (Music) (Fixed) (Total:281.5 GB) (Free:281.37 GB) NTFS

Drive i: (Backup) (Fixed) (Total:9.71 GB) (Free:9.39 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F32644C2)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=300 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=350 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=282 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: FF7CFDA7)

Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 7E52301D)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

[gringo_pr]

Hello

Very sorry for the delay, I would like to know if you still need help with this?

Gringo

[gringo_pr]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!