Jump to content

russ8825

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral
  1. russ8825
    Addition log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014Ran by Russ at 2014-06-04 14:59:55Running from C:\Users\Russ\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Spybot - Search and Destroy (Disabled - Out of date) {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== Leawo MP4 Converter version 5.1.0.0 (HKLM-x32\...\{14021E77-2FC1-4972-8C51-08808CD62838}_is1) (Version: - )abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version: - )Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) HiddenAdobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) HiddenAMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) HiddenAMD Fuel (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) HiddenAMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) HiddenAMD Steady Video Plug-In (Version: 2.06.0000 - AMD) HiddenAMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) HiddenApple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3480 - AVG Technologies)AVG 2013 (Version: 13.0.3480 - AVG Technologies) HiddenAVG 2013 (Version: 13.0.3722 - AVG Technologies) HiddenAVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 11.1.0.7 - AVG Technologies)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenBluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.07(T) - TOSHIBA CORPORATION)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - )Cartwheel Shopping (HKLM-x32\...\{63E29D1A-D6B5-4295-BFAC-967606232411}_is1) (Version: 1.2.0.1667 - Cartwheel, Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) HiddenConexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDiablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) HiddenGameFly (HKLM-x32\...\GameFly) (Version: 1.1.911 - GameFly, Inc.)GameFly (x32 Version: 1.1.911 - GameFly, Inc.) HiddenGarmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)Garmin Lifetime Updater (HKLM-x32\...\{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}) (Version: 2.1.11 - Garmin)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenHashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version: - SlavaSoft Inc.)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) HiddenJava 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenK-Lite Codec Pack 6.3.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 6.3.0 - )K-Lite Codec Pack 7.9.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - )Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) HiddenMedia Player Classic - Home Cinema 1.6.1.4235 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.1.4235 - MPC-HC Team) <==== ATTENTIONMesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MPC-HC 1.6.5.6366 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.5.6366 - MPC-HC Team)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenNero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100 - Nero AG) HiddenNero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) HiddenNero Control Center 10 (x32 Version: 10.2.10600.0.6 - Nero AG) HiddenNero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) HiddenNero Core Components 10 (x32 Version: 2.0.17400.8.2 - Nero AG) HiddenNero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)Netwaiting (HKLM-x32\...\{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}) (Version: 1.0.1 - Conexant Systems, Inc)Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)Penguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenQwiklinx (HKLM-x32\...\{2E497885-E60B-420A-832D-0148B392E058}_is1) (Version: 1.4.0.1560 - Qwiklinx, Inc.)Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) HiddenSid Meiers Civilization 4 - Warlords (HKLM-x32\...\Sid Meiers Civilization 4 - Warlords) (Version: 1.74 - 2K Games)Sid Meiers Civilization 4 (HKLM-x32\...\Sid Meiers Civilization 4) (Version: 1.74 - 2K Games)Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)Skype™ 5.9 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.9.115 - Skype Technologies S.A.)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.8 - Safer-Networking Ltd.)StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) HiddenToshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) HiddenTOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) HiddenTOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.03.00 - TOSHIBA)TOSHIBA Hardware Setup (Version: 4.09.03.00 - TOSHIBA) HiddenTOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.8.64 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.20.64 - TOSHIBA Corporation)TOSHIBA ReelTime (Version: 1.7.20.64 - TOSHIBA Corporation) HiddenTOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.09.03.00 - TOSHIBA)TOSHIBA Supervisor Password (Version: 4.09.03.00 - TOSHIBA) HiddenTOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) HiddenTOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) HiddenTOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) HiddenTOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVisual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)Vuze Remote Toolbar (HKLM-x32\...\Vuze_Remote Toolbar) (Version: 6.8.9.0 - Vuze Remote) <==== ATTENTIONWBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) HiddenWinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) HiddenZune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)Zune (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 07-05-2014 06:27:52 Scheduled Checkpoint13-05-2014 21:42:12 Installed DirectX13-05-2014 21:45:29 Installed Steam13-05-2014 22:09:29 Installed DirectX21-05-2014 13:59:21 Scheduled Checkpoint29-05-2014 04:56:52 Scheduled Checkpoint04-06-2014 18:13:03 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2014-06-04 11:34 - 00450770 ____R C:\windows\system32\Drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 www.10sek.com127.0.0.1 10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 www.123fporn.info127.0.0.1 123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {13687002-E4FC-46F1-BE33-817376513EF1} - System32\Tasks\0 => Iexplore.exe <==== ATTENTIONTask: {2BA43300-2636-4A2E-8C52-CFC015084AF1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000Core => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16] (Google Inc.)Task: {4CEAF9FB-2E93-43FE-B85B-296A052D14E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {5CEAF6F3-1890-4EE3-B2D8-02C8EA236787} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()Task: {9B14AC66-363E-4443-9AA8-C690211C5832} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: {9E501D8E-7B0E-4CE3-B42A-1770C9FC384A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000UA => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16] (Google Inc.)Task: {ABECF2F3-144B-408E-A5D2-1E07C51ACE91} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {B16B333E-18C7-4FA2-A644-A70F4BD944C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)Task: {B282089B-987E-4226-A20B-62E738BD9DC6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {C0D3C92E-951C-4863-ACFA-5F04E22B7589} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-21] (Adobe Systems Incorporated)Task: {C460214F-459F-4EB1-8347-9512049E1558} - System32\Tasks\4610 => Wscript.exe C:\Users\Russ\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONTask: {ED422A16-A464-4783-ACD3-1596E920B240} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000Core.job => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000UA.job => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-19 16:32 - 2012-12-19 16:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2012-10-17 19:39 - 2012-10-17 19:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll2012-10-17 19:39 - 2012-10-17 19:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll2012-12-19 16:32 - 2012-12-19 16:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2010-11-18 21:18 - 2010-11-18 21:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll2010-12-15 19:19 - 2010-12-15 19:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2011-06-10 01:09 - 2011-06-10 01:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2012-06-23 16:34 - 2012-05-10 16:28 - 00410112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2012-06-23 16:34 - 2012-05-10 16:28 - 00046592 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-05-29 23:45 - 2014-04-29 20:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll2014-04-21 14:55 - 2014-04-29 20:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll2014-05-29 23:45 - 2014-04-29 20:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll2014-04-21 14:55 - 2014-04-29 20:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll2014-03-31 14:09 - 2014-05-16 21:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll2014-06-03 07:03 - 2014-05-29 13:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll2014-05-29 23:45 - 2014-04-28 20:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll2014-04-23 14:01 - 2014-05-29 13:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2014-03-03 11:15 - 2014-05-01 19:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2013-06-14 15:49 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll2013-06-14 15:49 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll2013-06-14 15:49 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll2014-05-27 18:02 - 2014-05-13 19:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-27 18:02 - 2014-05-13 19:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-27 18:02 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-27 18:02 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-27 18:02 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll2014-05-27 18:02 - 2014-05-13 19:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: GamesAppService => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: gusvc => 3MSCONFIG\Services: IDriverT => 3MSCONFIG\Services: Norton PC Checkup Application Launcher => 2MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\Services: vToolbarUpdater11.1.0 => 2MSCONFIG\startupreg: ATI => C:\Users\Russ\AppData\Roaming\2AA1FF.exeMSCONFIG\startupreg: HDFDEdWnhRJWy.exe => C:\ProgramData\HDFDEdWnhRJWy.exeMSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTMSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDMSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exeMSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exeMSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exeMSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exeMSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/04/2014 02:45:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (06/04/2014 02:45:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (06/04/2014 02:40:19 PM) (Source: .NET Runtime) (EventID: 1022) (User: )Description: .NET Runtime version 4.0.30319.1 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5672. Message ID: [0x2509]. Error: (06/04/2014 02:39:14 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 02:39:07 PM) (Source: ATIeRecord) (EventID: 16386) (User: )Description: ATI EEU Client has failed to start Error: (06/04/2014 02:36:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (06/04/2014 02:36:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (06/04/2014 02:32:14 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 02:32:02 PM) (Source: ATIeRecord) (EventID: 16386) (User: )Description: ATI EEU Client has failed to start Error: (06/04/2014 02:22:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. System errors:=============Error: (06/04/2014 02:40:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/04/2014 02:39:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (06/04/2014 02:39:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (06/04/2014 02:39:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: Avgldx64 Error: (06/04/2014 02:39:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (06/04/2014 02:39:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (06/04/2014 02:39:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The AVGIDSAgent service terminated with service-specific error %%-536805256. Error: (06/04/2014 02:37:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: %%1190 Error: (06/04/2014 02:37:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. Error: (06/04/2014 02:37:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. Microsoft Office Sessions:=========================Error: (06/04/2014 02:45:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (06/04/2014 02:45:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (06/04/2014 02:40:19 PM) (Source: .NET Runtime) (EventID: 1022) (User: )Description: .NET Runtime version 4.0.30319.1 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5672. Message ID: [0x2509]. Error: (06/04/2014 02:39:14 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 02:39:07 PM) (Source: ATIeRecord) (EventID: 16386) (User: )Description: Error: (06/04/2014 02:36:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (06/04/2014 02:36:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (06/04/2014 02:32:14 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 02:32:02 PM) (Source: ATIeRecord) (EventID: 16386) (User: )Description: Error: (06/04/2014 02:22:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 CodeIntegrity Errors:=================================== Date: 2012-10-14 11:47:08.908 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system. Date: 2012-10-14 11:45:18.684 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system. Date: 2012-10-14 11:42:37.659 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system. Date: 2012-08-01 18:23:21.680 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Russ\AppData\Local\Temp\PIOAC85.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-08-01 18:23:21.664 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Russ\AppData\Local\Temp\PIOAC85.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 50%Total physical RAM: 5606.87 MBAvailable physical RAM: 2753.47 MBTotal Pagefile: 11211.93 MBAvailable Pagefile: 8025.33 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (TI106304W0E) (Fixed) (Total:580.04 GB) (Free:71.05 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 52A8BCE0)Partition 1: (Active) - (Size=1 GB) - (Type=27)Partition 2: (Not Active) - (Size=580 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=15 GB) - (Type=17) ==================== End Of Log ============================
  2. russ8825
    I was seeing if I could get some help with this Zekos trojan. It seems to have infected my rpcss.dll I will post the FRST logs - Thanks in advance, Russ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014Ran by Russ (administrator) on RUSS-LAPTOP on 04-06-2014 14:59:01Running from C:\Users\Russ\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] => [X]HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-06-30] (Conexant Systems, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3921432 2012-07-04] (Safer-Networking Ltd.)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)HKLM-x32\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1466760 2012-06-04] (Garmin)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [Google Update] => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-16] (Google Inc.)HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3289088 2007-11-20] (Google)HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-05] (Google Inc.)HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\MountPoints2: {b3f8f560-4c52-11e2-9292-047d7b6e82dc} - F:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/?ilc=10&fr=ydwnld-homeHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.comURLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)URLSearchHook: HKCU - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKLM - {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKLM-x32 - DefaultScope {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKLM-x32 - {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKCU - DefaultScope {E317FEAA-FD66-4DB5-AF80-725348F8682B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnldSearchScopes: HKCU - {62C308C1-C169-4C63-AD67-5553520DC940} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS483SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B1F1A686-3EDF-477B-95E7-A84208E11187}&mid=34af573eeb9e47d0b69fd5343d8a6b2f-4513861e75c52567bd3dbb5c1d1de160fab7c4c5〈=en&ds=AVG&pr=fr&d=2012-06-13 14:17:39&v=11.1.0.7&sap=dsp&q={searchTerms} SearchScopes: HKCU - {E317FEAA-FD66-4DB5-AF80-725348F8682B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnldSearchScopes: HKCU - {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPBHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No FileBHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No FileBHO-x32: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Russ\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Cartwheel - {B50DF051-E1D4-439C-B94E-F4DE82B56542} - C:\Users\Russ\AppData\Roaming\Cartwheel\Cartwheel.dll (Cartwheel, Inc.)BHO-x32: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No FileToolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.stetson.edu/other/webcams/media/AxisCamControl.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No FileHandler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll (AVG Technologies)FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Russ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Russ\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Russ\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Russ\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin ProgramFiles/Appdata: C:\Users\Russ\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Russ\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\11.1.0.7\FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\11.1.0.7\ [] Chrome: =======CHR Extension: (Google Docs) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-04]CHR Extension: (Google Drive) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]CHR Extension: (YouTube) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-30]CHR Extension: (Google Search) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-30]CHR Extension: (Google Wallet) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]CHR Extension: (Gmail) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-30] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1188896 2012-07-04] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [838136 2012-05-10] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-03-22] (Safer-Networking Ltd.)S4 vToolbarUpdater11.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-13] () ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 Tosrfcom; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-04 14:59 - 2014-06-04 14:59 - 00021551 _____ () C:\Users\Russ\Downloads\FRST.txt2014-06-04 14:58 - 2014-06-04 14:59 - 00000000 ____D () C:\FRST2014-06-04 14:58 - 2014-06-04 14:58 - 02068992 _____ (Farbar) C:\Users\Russ\Downloads\FRST64.exe2014-06-04 14:36 - 2014-06-04 11:07 - 04686336 _____ () C:\Users\Russ\Desktop\RogueKiller.exe2014-06-04 14:15 - 2014-06-04 14:16 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-04 12:03 - 2014-06-04 12:05 - 00000161 _____ () C:\windows\system32\avgrep.txt2014-06-04 11:58 - 2014-06-04 11:58 - 00000442 _____ () C:\windows\wininit.ini2014-06-04 11:29 - 2014-06-04 11:29 - 00003416 ____N () C:\bootsqm.dat2014-06-04 11:07 - 2014-06-04 11:07 - 04686336 _____ () C:\Users\Russ\Downloads\RogueKiller.exe2014-06-02 08:58 - 2014-06-02 19:06 - 00054009 _____ () C:\C0C1C0A2FF56.wpc2014-06-01 19:01 - 2014-06-01 19:01 - 00000918 _____ () C:\Users\Russ\Desktop\HashCalc.lnk2014-06-01 19:01 - 2014-06-01 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HashCalc2014-06-01 19:01 - 2014-06-01 19:01 - 00000000 ____D () C:\Program Files (x86)\HashCalc2014-06-01 19:00 - 2014-06-01 19:00 - 00475801 _____ () C:\Users\Russ\Desktop\hashcalc.zip2014-06-01 18:56 - 2014-06-01 18:57 - 04831744 _____ (Geza Kovacs) C:\Users\Russ\Desktop\unetbootin-windows-603.exe2014-05-31 23:53 - 2014-05-31 23:53 - 00006144 _____ () C:\Users\Russ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-05-30 00:04 - 2014-05-30 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-05-29 23:54 - 2014-06-04 14:49 - 00000083 _____ () C:\windows\system32\dcwg.exs2014-05-29 23:44 - 2014-05-29 23:44 - 00000064 _____ () C:\windows\system32\pdqqb.vzf2014-05-29 23:44 - 2014-05-29 23:44 - 00000000 _____ () C:\windows\system32\yqzih.elm2014-05-29 23:28 - 2014-05-29 23:28 - 00310760 ____S () C:\windows\system32\tyzgak.pzd2014-05-13 18:29 - 2014-05-13 18:29 - 00000220 _____ () C:\Users\Russ\Desktop\Sid Meier's Civilization V.url2014-05-13 17:45 - 2014-06-04 14:39 - 00000000 ____D () C:\Program Files (x86)\Steam2014-05-13 17:45 - 2014-05-13 17:45 - 00000888 _____ () C:\Users\Public\Desktop\Steam.lnk2014-05-13 17:45 - 2014-05-13 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam2014-05-13 16:08 - 2014-05-13 16:15 - 71402358 _____ () C:\Users\Russ\Downloads\Space Oddity(720p_H.264-AAC).mp42014-05-13 16:07 - 2014-05-13 16:10 - 26492609 _____ () C:\Users\Russ\Downloads\Space Oddity(360p_VP8-Vorbis).webm2014-05-13 16:06 - 2014-05-13 16:08 - 20744367 _____ () C:\Users\Russ\Downloads\Space Oddity(360p_H.264-AAC).mp42014-05-13 16:06 - 2014-05-13 16:06 - 09344420 _____ () C:\Users\Russ\Downloads\Space Oddity(240p_H.264-AAC).3gp2014-05-13 16:05 - 2014-05-13 16:06 - 14100319 _____ () C:\Users\Russ\Downloads\Space Oddity(240p_H.263-MP3).flv2014-05-13 16:05 - 2014-05-13 16:06 - 03397664 _____ () C:\Users\Russ\Downloads\Space Oddity(144p_H.264-AAC).3gp2014-05-13 16:05 - 2014-05-13 16:05 - 00002545 _____ () C:\Users\Russ\Downloads\Space Oddity subtitles (English).srt ==================== One Month Modified Files and Folders ======= 2014-06-04 14:59 - 2014-06-04 14:59 - 00021551 _____ () C:\Users\Russ\Downloads\FRST.txt2014-06-04 14:59 - 2014-06-04 14:58 - 00000000 ____D () C:\FRST2014-06-04 14:59 - 2012-05-13 12:59 - 00000000 ____D () C:\Users\Russ\AppData\Local\Temp2014-06-04 14:58 - 2014-06-04 14:58 - 02068992 _____ (Farbar) C:\Users\Russ\Downloads\FRST64.exe2014-06-04 14:49 - 2014-05-29 23:54 - 00000083 _____ () C:\windows\system32\dcwg.exs2014-06-04 14:46 - 2009-07-14 00:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-04 14:46 - 2009-07-14 00:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-04 14:45 - 2009-07-14 01:13 - 00005440 _____ () C:\windows\system32\PerfStringBackup.INI2014-06-04 14:42 - 2012-03-05 22:14 - 01207111 _____ () C:\windows\WindowsUpdate.log2014-06-04 14:39 - 2014-05-13 17:45 - 00000000 ____D () C:\Program Files (x86)\Steam2014-06-04 14:39 - 2012-06-24 22:38 - 00060472 _____ () C:\windows\setupact.log2014-06-04 14:39 - 2012-03-05 23:16 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-04 14:39 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-06-04 14:37 - 2012-12-06 16:11 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000UA.job2014-06-04 14:16 - 2014-06-04 14:15 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-04 14:15 - 2012-11-27 10:54 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-06-04 14:00 - 2012-03-05 23:16 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-04 12:07 - 2010-11-20 23:47 - 00649186 _____ () C:\windows\PFRO.log2014-06-04 12:05 - 2014-06-04 12:03 - 00000161 _____ () C:\windows\system32\avgrep.txt2014-06-04 12:03 - 2012-10-15 20:11 - 00000000 ____D () C:\Users\Russ\AppData\Local\Avg20132014-06-04 11:58 - 2014-06-04 11:58 - 00000442 _____ () C:\windows\wininit.ini2014-06-04 11:29 - 2014-06-04 11:29 - 00003416 ____N () C:\bootsqm.dat2014-06-04 11:16 - 2012-06-23 15:30 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery2014-06-04 11:07 - 2014-06-04 14:36 - 04686336 _____ () C:\Users\Russ\Desktop\RogueKiller.exe2014-06-04 11:07 - 2014-06-04 11:07 - 04686336 _____ () C:\Users\Russ\Downloads\RogueKiller.exe2014-06-04 08:44 - 2012-12-06 16:11 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000Core.job2014-06-04 08:38 - 2012-06-13 14:12 - 00000000 ____D () C:\ProgramData\MFAData2014-06-02 19:06 - 2014-06-02 08:58 - 00054009 _____ () C:\C0C1C0A2FF56.wpc2014-06-02 13:48 - 2012-05-18 20:08 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Azureus2014-06-02 00:58 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-06-01 19:01 - 2014-06-01 19:01 - 00000918 _____ () C:\Users\Russ\Desktop\HashCalc.lnk2014-06-01 19:01 - 2014-06-01 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HashCalc2014-06-01 19:01 - 2014-06-01 19:01 - 00000000 ____D () C:\Program Files (x86)\HashCalc2014-06-01 19:00 - 2014-06-01 19:00 - 00475801 _____ () C:\Users\Russ\Desktop\hashcalc.zip2014-06-01 19:00 - 2012-05-13 12:58 - 00000000 ____D () C:\Users\Russ2014-06-01 18:57 - 2014-06-01 18:56 - 04831744 _____ (Geza Kovacs) C:\Users\Russ\Desktop\unetbootin-windows-603.exe2014-06-01 18:31 - 2012-05-26 15:30 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\SoftGrid Client2014-06-01 18:08 - 2012-06-13 15:27 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Nero2014-05-31 23:53 - 2014-05-31 23:53 - 00006144 _____ () C:\Users\Russ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-05-30 00:04 - 2014-05-30 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-05-30 00:04 - 2012-10-15 20:15 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2013.lnk2014-05-29 23:44 - 2014-05-29 23:44 - 00000064 _____ () C:\windows\system32\pdqqb.vzf2014-05-29 23:44 - 2014-05-29 23:44 - 00000000 _____ () C:\windows\system32\yqzih.elm2014-05-29 23:28 - 2014-05-29 23:28 - 00310760 ____S () C:\windows\system32\tyzgak.pzd2014-05-22 11:22 - 2014-05-22 11:22 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Mozilla2014-05-21 10:01 - 2012-11-27 10:54 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-05-21 10:01 - 2012-11-27 10:54 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-05-21 10:01 - 2011-11-01 23:40 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-13 22:54 - 2012-08-04 18:45 - 00000000 ____D () C:\Users\Russ\AppData\Local\My Games2014-05-13 22:54 - 2012-08-04 16:46 - 00000000 ____D () C:\Users\Russ\Documents\My Games2014-05-13 18:29 - 2014-05-13 18:29 - 00000220 _____ () C:\Users\Russ\Desktop\Sid Meier's Civilization V.url2014-05-13 18:10 - 2012-08-04 16:45 - 00073702 _____ () C:\windows\DirectX.log2014-05-13 17:45 - 2014-05-13 17:45 - 00000888 _____ () C:\Users\Public\Desktop\Steam.lnk2014-05-13 17:45 - 2014-05-13 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam2014-05-13 16:15 - 2014-05-13 16:08 - 71402358 _____ () C:\Users\Russ\Downloads\Space Oddity(720p_H.264-AAC).mp42014-05-13 16:10 - 2014-05-13 16:07 - 26492609 _____ () C:\Users\Russ\Downloads\Space Oddity(360p_VP8-Vorbis).webm2014-05-13 16:08 - 2014-05-13 16:06 - 20744367 _____ () C:\Users\Russ\Downloads\Space Oddity(360p_H.264-AAC).mp42014-05-13 16:06 - 2014-05-13 16:06 - 09344420 _____ () C:\Users\Russ\Downloads\Space Oddity(240p_H.264-AAC).3gp2014-05-13 16:06 - 2014-05-13 16:05 - 14100319 _____ () C:\Users\Russ\Downloads\Space Oddity(240p_H.263-MP3).flv2014-05-13 16:06 - 2014-05-13 16:05 - 03397664 _____ () C:\Users\Russ\Downloads\Space Oddity(144p_H.264-AAC).3gp2014-05-13 16:05 - 2014-05-13 16:05 - 00002545 _____ () C:\Users\Russ\Downloads\Space Oddity subtitles (English).srt2014-05-11 16:23 - 2014-04-02 13:01 - 00000000 ____D () C:\Users\Russ\AppData\Local\Battle.net2014-05-08 15:55 - 2012-03-05 23:16 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-08 15:55 - 2012-03-05 23:16 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-08 10:04 - 2014-04-02 13:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-05-08 05:32 - 2012-12-06 16:11 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000UA2014-05-08 05:32 - 2012-12-06 16:11 - 00003476 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000Core Files to move or delete:====================C:\Users\Russ\13-1_vista_win7_win8_64_dd_ccc_whql.exeC:\Users\Russ\catalyst_mobility_64-bit_util.exeC:\Users\Russ\Media_Player_Classic.exeC:\Users\Russ\StarCraft-II-Setup-enUS.exeC:\Users\Russ\tc70101900b.exeC:\Users\Russ\tc70107500k.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll[2010-11-20 23:24] - [2010-11-20 23:24] - 0520192 ____A (Microsoft Corporation) 88DA7B86EC478F58C0ECEC7ABFBDAA05 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 00:49 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.