Zekos Help

[russ8825]

I was seeing if I could get some help with this Zekos trojan. It seems to have infected my rpcss.dll 

I will post the FRST logs

- Thanks in advance,

Russ

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014

Ran by Russ (administrator) on RUSS-LAPTOP on 04-06-2014 14:59:01

Running from C:\Users\Russ\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-06-30] (Conexant Systems, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)

HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3921432 2012-07-04] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1466760 2012-06-04] (Garmin)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [Google Update] => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-16] (Google Inc.)

HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3289088 2007-11-20] (Google)

HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-05] (Google Inc.)

HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)

HKU\S-1-5-21-3839790208-1372697595-3395560650-1000\...\MountPoints2: {b3f8f560-4c52-11e2-9292-047d7b6e82dc} - F:\LaunchU3.exe -a

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/?ilc=10&fr=ydwnld-home

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com

URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

URLSearchHook: HKCU - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

SearchScopes: HKLM - {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

SearchScopes: HKLM-x32 - DefaultScope {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

SearchScopes: HKLM-x32 - {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

SearchScopes: HKCU - DefaultScope {E317FEAA-FD66-4DB5-AF80-725348F8682B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld

SearchScopes: HKCU - {62C308C1-C169-4C63-AD67-5553520DC940} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS483

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B1F1A686-3EDF-477B-95E7-A84208E11187}&mid=34af573eeb9e47d0b69fd5343d8a6b2f-4513861e75c52567bd3dbb5c1d1de160fab7c4c5〈=en&ds=AVG&pr=fr&d=2012-06-13 14:17:39&v=11.1.0.7&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {E317FEAA-FD66-4DB5-AF80-725348F8682B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld

SearchScopes: HKCU - {EE0351CA-DDE0-460B-A23A-E1916096F878} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File

BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File

BHO-x32: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Russ\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)

BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Cartwheel - {B50DF051-E1D4-439C-B94E-F4DE82B56542} - C:\Users\Russ\AppData\Roaming\Cartwheel\Cartwheel.dll (Cartwheel, Inc.)

BHO-x32: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

DPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.stetson.edu/other/webcams/media/AxisCamControl.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll (AVG Technologies)

FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Russ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Russ\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Russ\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Russ\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Users\Russ\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Russ\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\11.1.0.7\

FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\11.1.0.7\ []

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-04]

CHR Extension: (Google Drive) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-04]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]

CHR Extension: (YouTube) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-30]

CHR Extension: (Google Search) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-30]

CHR Extension: (Google Wallet) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]

CHR Extension: (Gmail) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-30]

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)

S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1188896 2012-07-04] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [838136 2012-05-10] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-03-22] (Safer-Networking Ltd.)

S4 vToolbarUpdater11.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-13] ()

 

==================== Drivers (Whitelisted) ====================

 

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)

S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 Tosrfcom; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-04 14:59 - 2014-06-04 14:59 - 00021551 _____ () C:\Users\Russ\Downloads\FRST.txt

2014-06-04 14:58 - 2014-06-04 14:59 - 00000000 ____D () C:\FRST

2014-06-04 14:58 - 2014-06-04 14:58 - 02068992 _____ (Farbar) C:\Users\Russ\Downloads\FRST64.exe

2014-06-04 14:36 - 2014-06-04 11:07 - 04686336 _____ () C:\Users\Russ\Desktop\RogueKiller.exe

2014-06-04 14:15 - 2014-06-04 14:16 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-06-04 12:03 - 2014-06-04 12:05 - 00000161 _____ () C:\windows\system32\avgrep.txt

2014-06-04 11:58 - 2014-06-04 11:58 - 00000442 _____ () C:\windows\wininit.ini

2014-06-04 11:29 - 2014-06-04 11:29 - 00003416 ____N () C:\bootsqm.dat

2014-06-04 11:07 - 2014-06-04 11:07 - 04686336 _____ () C:\Users\Russ\Downloads\RogueKiller.exe

2014-06-02 08:58 - 2014-06-02 19:06 - 00054009 _____ () C:\C0C1C0A2FF56.wpc

2014-06-01 19:01 - 2014-06-01 19:01 - 00000918 _____ () C:\Users\Russ\Desktop\HashCalc.lnk

2014-06-01 19:01 - 2014-06-01 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HashCalc

2014-06-01 19:01 - 2014-06-01 19:01 - 00000000 ____D () C:\Program Files (x86)\HashCalc

2014-06-01 19:00 - 2014-06-01 19:00 - 00475801 _____ () C:\Users\Russ\Desktop\hashcalc.zip

2014-06-01 18:56 - 2014-06-01 18:57 - 04831744 _____ (Geza Kovacs) C:\Users\Russ\Desktop\unetbootin-windows-603.exe

2014-05-31 23:53 - 2014-05-31 23:53 - 00006144 _____ () C:\Users\Russ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-05-30 00:04 - 2014-05-30 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-05-29 23:54 - 2014-06-04 14:49 - 00000083 _____ () C:\windows\system32\dcwg.exs

2014-05-29 23:44 - 2014-05-29 23:44 - 00000064 _____ () C:\windows\system32\pdqqb.vzf

2014-05-29 23:44 - 2014-05-29 23:44 - 00000000 _____ () C:\windows\system32\yqzih.elm

2014-05-29 23:28 - 2014-05-29 23:28 - 00310760 ____S () C:\windows\system32\tyzgak.pzd

2014-05-13 18:29 - 2014-05-13 18:29 - 00000220 _____ () C:\Users\Russ\Desktop\Sid Meier's Civilization V.url

2014-05-13 17:45 - 2014-06-04 14:39 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-05-13 17:45 - 2014-05-13 17:45 - 00000888 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-05-13 17:45 - 2014-05-13 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2014-05-13 16:08 - 2014-05-13 16:15 - 71402358 _____ () C:\Users\Russ\Downloads\Space Oddity(720p_H.264-AAC).mp4

2014-05-13 16:07 - 2014-05-13 16:10 - 26492609 _____ () C:\Users\Russ\Downloads\Space Oddity(360p_VP8-Vorbis).webm

2014-05-13 16:06 - 2014-05-13 16:08 - 20744367 _____ () C:\Users\Russ\Downloads\Space Oddity(360p_H.264-AAC).mp4

2014-05-13 16:06 - 2014-05-13 16:06 - 09344420 _____ () C:\Users\Russ\Downloads\Space Oddity(240p_H.264-AAC).3gp

2014-05-13 16:05 - 2014-05-13 16:06 - 14100319 _____ () C:\Users\Russ\Downloads\Space Oddity(240p_H.263-MP3).flv

2014-05-13 16:05 - 2014-05-13 16:06 - 03397664 _____ () C:\Users\Russ\Downloads\Space Oddity(144p_H.264-AAC).3gp

2014-05-13 16:05 - 2014-05-13 16:05 - 00002545 _____ () C:\Users\Russ\Downloads\Space Oddity subtitles (English).srt

 

==================== One Month Modified Files and Folders =======

 

2014-06-04 14:59 - 2014-06-04 14:59 - 00021551 _____ () C:\Users\Russ\Downloads\FRST.txt

2014-06-04 14:59 - 2014-06-04 14:58 - 00000000 ____D () C:\FRST

2014-06-04 14:59 - 2012-05-13 12:59 - 00000000 ____D () C:\Users\Russ\AppData\Local\Temp

2014-06-04 14:58 - 2014-06-04 14:58 - 02068992 _____ (Farbar) C:\Users\Russ\Downloads\FRST64.exe

2014-06-04 14:49 - 2014-05-29 23:54 - 00000083 _____ () C:\windows\system32\dcwg.exs

2014-06-04 14:46 - 2009-07-14 00:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-04 14:46 - 2009-07-14 00:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-04 14:45 - 2009-07-14 01:13 - 00005440 _____ () C:\windows\system32\PerfStringBackup.INI

2014-06-04 14:42 - 2012-03-05 22:14 - 01207111 _____ () C:\windows\WindowsUpdate.log

2014-06-04 14:39 - 2014-05-13 17:45 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-06-04 14:39 - 2012-06-24 22:38 - 00060472 _____ () C:\windows\setupact.log

2014-06-04 14:39 - 2012-03-05 23:16 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-04 14:39 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-06-04 14:37 - 2012-12-06 16:11 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000UA.job

2014-06-04 14:16 - 2014-06-04 14:15 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-06-04 14:15 - 2012-11-27 10:54 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-06-04 14:00 - 2012-03-05 23:16 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-04 12:07 - 2010-11-20 23:47 - 00649186 _____ () C:\windows\PFRO.log

2014-06-04 12:05 - 2014-06-04 12:03 - 00000161 _____ () C:\windows\system32\avgrep.txt

2014-06-04 12:03 - 2012-10-15 20:11 - 00000000 ____D () C:\Users\Russ\AppData\Local\Avg2013

2014-06-04 11:58 - 2014-06-04 11:58 - 00000442 _____ () C:\windows\wininit.ini

2014-06-04 11:29 - 2014-06-04 11:29 - 00003416 ____N () C:\bootsqm.dat

2014-06-04 11:16 - 2012-06-23 15:30 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery

2014-06-04 11:07 - 2014-06-04 14:36 - 04686336 _____ () C:\Users\Russ\Desktop\RogueKiller.exe

2014-06-04 11:07 - 2014-06-04 11:07 - 04686336 _____ () C:\Users\Russ\Downloads\RogueKiller.exe

2014-06-04 08:44 - 2012-12-06 16:11 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000Core.job

2014-06-04 08:38 - 2012-06-13 14:12 - 00000000 ____D () C:\ProgramData\MFAData

2014-06-02 19:06 - 2014-06-02 08:58 - 00054009 _____ () C:\C0C1C0A2FF56.wpc

2014-06-02 13:48 - 2012-05-18 20:08 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Azureus

2014-06-02 00:58 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-06-01 19:01 - 2014-06-01 19:01 - 00000918 _____ () C:\Users\Russ\Desktop\HashCalc.lnk

2014-06-01 19:01 - 2014-06-01 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HashCalc

2014-06-01 19:01 - 2014-06-01 19:01 - 00000000 ____D () C:\Program Files (x86)\HashCalc

2014-06-01 19:00 - 2014-06-01 19:00 - 00475801 _____ () C:\Users\Russ\Desktop\hashcalc.zip

2014-06-01 19:00 - 2012-05-13 12:58 - 00000000 ____D () C:\Users\Russ

2014-06-01 18:57 - 2014-06-01 18:56 - 04831744 _____ (Geza Kovacs) C:\Users\Russ\Desktop\unetbootin-windows-603.exe

2014-06-01 18:31 - 2012-05-26 15:30 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\SoftGrid Client

2014-06-01 18:08 - 2012-06-13 15:27 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Nero

2014-05-31 23:53 - 2014-05-31 23:53 - 00006144 _____ () C:\Users\Russ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-05-30 00:04 - 2014-05-30 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-05-30 00:04 - 2012-10-15 20:15 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2013.lnk

2014-05-29 23:44 - 2014-05-29 23:44 - 00000064 _____ () C:\windows\system32\pdqqb.vzf

2014-05-29 23:44 - 2014-05-29 23:44 - 00000000 _____ () C:\windows\system32\yqzih.elm

2014-05-29 23:28 - 2014-05-29 23:28 - 00310760 ____S () C:\windows\system32\tyzgak.pzd

2014-05-22 11:22 - 2014-05-22 11:22 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Mozilla

2014-05-21 10:01 - 2012-11-27 10:54 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-05-21 10:01 - 2012-11-27 10:54 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-05-21 10:01 - 2011-11-01 23:40 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-13 22:54 - 2012-08-04 18:45 - 00000000 ____D () C:\Users\Russ\AppData\Local\My Games

2014-05-13 22:54 - 2012-08-04 16:46 - 00000000 ____D () C:\Users\Russ\Documents\My Games

2014-05-13 18:29 - 2014-05-13 18:29 - 00000220 _____ () C:\Users\Russ\Desktop\Sid Meier's Civilization V.url

2014-05-13 18:10 - 2012-08-04 16:45 - 00073702 _____ () C:\windows\DirectX.log

2014-05-13 17:45 - 2014-05-13 17:45 - 00000888 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-05-13 17:45 - 2014-05-13 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2014-05-13 16:15 - 2014-05-13 16:08 - 71402358 _____ () C:\Users\Russ\Downloads\Space Oddity(720p_H.264-AAC).mp4

2014-05-13 16:10 - 2014-05-13 16:07 - 26492609 _____ () C:\Users\Russ\Downloads\Space Oddity(360p_VP8-Vorbis).webm

2014-05-13 16:08 - 2014-05-13 16:06 - 20744367 _____ () C:\Users\Russ\Downloads\Space Oddity(360p_H.264-AAC).mp4

2014-05-13 16:06 - 2014-05-13 16:06 - 09344420 _____ () C:\Users\Russ\Downloads\Space Oddity(240p_H.264-AAC).3gp

2014-05-13 16:06 - 2014-05-13 16:05 - 14100319 _____ () C:\Users\Russ\Downloads\Space Oddity(240p_H.263-MP3).flv

2014-05-13 16:06 - 2014-05-13 16:05 - 03397664 _____ () C:\Users\Russ\Downloads\Space Oddity(144p_H.264-AAC).3gp

2014-05-13 16:05 - 2014-05-13 16:05 - 00002545 _____ () C:\Users\Russ\Downloads\Space Oddity subtitles (English).srt

2014-05-11 16:23 - 2014-04-02 13:01 - 00000000 ____D () C:\Users\Russ\AppData\Local\Battle.net

2014-05-08 15:55 - 2012-03-05 23:16 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-08 15:55 - 2012-03-05 23:16 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-08 10:04 - 2014-04-02 13:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-05-08 05:32 - 2012-12-06 16:11 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000UA

2014-05-08 05:32 - 2012-12-06 16:11 - 00003476 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000Core

 

Files to move or delete:

====================

C:\Users\Russ\13-1_vista_win7_win8_64_dd_ccc_whql.exe

C:\Users\Russ\catalyst_mobility_64-bit_util.exe

C:\Users\Russ\Media_Player_Classic.exe

C:\Users\Russ\StarCraft-II-Setup-enUS.exe

C:\Users\Russ\tc70101900b.exe

C:\Users\Russ\tc70107500k.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2010-11-20 23:24] - [2010-11-20 23:24] - 0520192 ____A (Microsoft Corporation) 88DA7B86EC478F58C0ECEC7ABFBDAA05

 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-05-29 00:49

 

==================== End Of Log ============================

[russ8825]

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014

Ran by Russ at 2014-06-04 14:59:55

Running from C:\Users\Russ\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Spybot - Search and Destroy (Disabled - Out of date) {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}

 

==================== Installed Programs ======================

 

 Leawo MP4 Converter version  5.1.0.0 (HKLM-x32\...\{14021E77-2FC1-4972-8C51-08808CD62838}_is1) (Version:  - )

abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)

Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)

AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Fuel (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden

AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden

AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)

AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3480 - AVG Technologies)

AVG 2013 (Version: 13.0.3480 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden

AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 11.1.0.7 - AVG Technologies)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.07(T) - TOSHIBA CORPORATION)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )

Cartwheel Shopping (HKLM-x32\...\{63E29D1A-D6B5-4295-BFAC-967606232411}_is1) (Version: 1.2.0.1667 - Cartwheel, Inc.)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

GameFly (HKLM-x32\...\GameFly) (Version: 1.1.911 - GameFly, Inc.)

GameFly (x32 Version: 1.1.911 - GameFly, Inc.) Hidden

Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)

Garmin Lifetime Updater (HKLM-x32\...\{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}) (Version: 2.1.11 - Garmin)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )

Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version:  - SlavaSoft Inc.)

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)

iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)

Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden

Java 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)

JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

K-Lite Codec Pack 6.3.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 6.3.0 - )

K-Lite Codec Pack 7.9.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - )

Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)

League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Media Player Classic - Home Cinema 1.6.1.4235 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.1.4235 - MPC-HC Team) <==== ATTENTION

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MPC-HC 1.6.5.6366 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.5.6366 - MPC-HC Team)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)

Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)

Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100 - Nero AG) Hidden

Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)

Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden

Nero Control Center 10 (x32 Version: 10.2.10600.0.6 - Nero AG) Hidden

Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden

Nero Core Components 10 (x32 Version: 2.0.17400.8.2 - Nero AG) Hidden

Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)

Netwaiting (HKLM-x32\...\{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}) (Version: 1.0.1 - Conexant Systems, Inc)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Qwiklinx (HKLM-x32\...\{2E497885-E60B-420A-832D-0148B392E058}_is1) (Version: 1.4.0.1560 - Qwiklinx, Inc.)

Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)

RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden

Sid Meiers Civilization 4 - Warlords (HKLM-x32\...\Sid Meiers Civilization 4 - Warlords) (Version: 1.74 - 2K Games)

Sid Meiers Civilization 4 (HKLM-x32\...\Sid Meiers Civilization 4) (Version: 1.74 - 2K Games)

Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)

Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)

Skype™ 5.9 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.9.115 - Skype Technologies S.A.)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.8 - Safer-Networking Ltd.)

StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)

Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)

TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)

Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)

TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)

TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)

TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden

TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.03.00 - TOSHIBA)

TOSHIBA Hardware Setup (Version: 4.09.03.00 - TOSHIBA) Hidden

TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)

Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)

TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)

Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.8.64 - TOSHIBA Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)

TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.20.64 - TOSHIBA Corporation)

TOSHIBA ReelTime (Version: 1.7.20.64 - TOSHIBA Corporation) Hidden

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)

TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)

TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.09.03.00 - TOSHIBA)

TOSHIBA Supervisor Password (Version: 4.09.03.00 - TOSHIBA) Hidden

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)

TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden

TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden

TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)

Vuze Remote Toolbar (HKLM-x32\...\Vuze_Remote Toolbar) (Version: 6.8.9.0 - Vuze Remote) <==== ATTENTION

WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)

WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)

WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

 

==================== Restore Points  =========================

 

07-05-2014 06:27:52 Scheduled Checkpoint

13-05-2014 21:42:12 Installed DirectX

13-05-2014 21:45:29 Installed Steam

13-05-2014 22:09:29 Installed DirectX

21-05-2014 13:59:21 Scheduled Checkpoint

29-05-2014 04:56:52 Scheduled Checkpoint

04-06-2014 18:13:03 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 22:34 - 2014-06-04 11:34 - 00450770 ____R C:\windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 www.123fporn.info

127.0.0.1 123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com

 

There are 1000 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {13687002-E4FC-46F1-BE33-817376513EF1} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {2BA43300-2636-4A2E-8C52-CFC015084AF1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000Core => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16] (Google Inc.)

Task: {4CEAF9FB-2E93-43FE-B85B-296A052D14E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {5CEAF6F3-1890-4EE3-B2D8-02C8EA236787} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()

Task: {9B14AC66-363E-4443-9AA8-C690211C5832} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {9E501D8E-7B0E-4CE3-B42A-1770C9FC384A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000UA => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16] (Google Inc.)

Task: {ABECF2F3-144B-408E-A5D2-1E07C51ACE91} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B16B333E-18C7-4FA2-A644-A70F4BD944C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)

Task: {B282089B-987E-4226-A20B-62E738BD9DC6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {C0D3C92E-951C-4863-ACFA-5F04E22B7589} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-21] (Adobe Systems Incorporated)

Task: {C460214F-459F-4EB1-8347-9512049E1558} - System32\Tasks\4610 => Wscript.exe C:\Users\Russ\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {ED422A16-A464-4783-ACD3-1596E920B240} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000Core.job => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839790208-1372697595-3395560650-1000UA.job => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-12-19 16:32 - 2012-12-19 16:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2012-10-17 19:39 - 2012-10-17 19:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2012-10-17 19:39 - 2012-10-17 19:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2012-12-19 16:32 - 2012-12-19 16:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2010-11-18 21:18 - 2010-11-18 21:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll

2010-12-15 19:19 - 2010-12-15 19:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll

2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2011-06-10 01:09 - 2011-06-10 01:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-06-23 16:34 - 2012-05-10 16:28 - 00410112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2012-06-23 16:34 - 2012-05-10 16:28 - 00046592 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-05-29 23:45 - 2014-04-29 20:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll

2014-04-21 14:55 - 2014-04-29 20:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll

2014-05-29 23:45 - 2014-04-29 20:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll

2014-04-21 14:55 - 2014-04-29 20:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll

2014-03-31 14:09 - 2014-05-16 21:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-06-03 07:03 - 2014-05-29 13:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll

2014-05-29 23:45 - 2014-04-28 20:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll

2014-04-23 14:01 - 2014-05-29 13:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-03-03 11:15 - 2014-05-01 19:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2013-06-14 15:49 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2013-06-14 15:49 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2013-06-14 15:49 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2014-05-27 18:02 - 2014-05-13 19:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-27 18:02 - 2014-05-13 19:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-27 18:02 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-27 18:02 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-27 18:02 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

2014-05-27 18:02 - 2014-05-13 19:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\Services: GamesAppService => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: IDriverT => 3

MSCONFIG\Services: Norton PC Checkup Application Launcher => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: vToolbarUpdater11.1.0 => 2

MSCONFIG\startupreg: ATI => C:\Users\Russ\AppData\Roaming\2AA1FF.exe

MSCONFIG\startupreg: HDFDEdWnhRJWy.exe => C:\ProgramData\HDFDEdWnhRJWy.exe

MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/04/2014 02:45:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (06/04/2014 02:45:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (06/04/2014 02:40:19 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.1 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5672.  Message ID: [0x2509].

 

Error: (06/04/2014 02:39:14 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/04/2014 02:39:07 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start

 

Error: (06/04/2014 02:36:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (06/04/2014 02:36:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (06/04/2014 02:32:14 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/04/2014 02:32:02 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start

 

Error: (06/04/2014 02:22:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

System errors:

=============

Error: (06/04/2014 02:40:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (06/04/2014 02:39:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

Error: (06/04/2014 02:39:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (06/04/2014 02:39:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Avgldx64

 

Error: (06/04/2014 02:39:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 

%%1053

 

Error: (06/04/2014 02:39:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

 

Error: (06/04/2014 02:39:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The AVGIDSAgent service terminated with service-specific error %%-536805256.

 

Error: (06/04/2014 02:37:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: 

%%1190

 

Error: (06/04/2014 02:37:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

 

Error: (06/04/2014 02:37:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

 

 

Microsoft Office Sessions:

=========================

Error: (06/04/2014 02:45:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: WmiApRplWmiApRpl8F20300004D070000

 

Error: (06/04/2014 02:45:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: Performance1637070000000000000000000009030000

 

Error: (06/04/2014 02:40:19 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.1 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5672.  Message ID: [0x2509].

 

Error: (06/04/2014 02:39:14 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/04/2014 02:39:07 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: 

 

Error: (06/04/2014 02:36:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: WmiApRplWmiApRpl8F20300004D070000

 

Error: (06/04/2014 02:36:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: Performance1637070000000000000000000009030000

 

Error: (06/04/2014 02:32:14 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/04/2014 02:32:02 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: 

 

Error: (06/04/2014 02:22:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: WmiApRplWmiApRpl8F20300004D070000

 

 

CodeIntegrity Errors:

===================================

  Date: 2012-10-14 11:47:08.908

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-10-14 11:45:18.684

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-10-14 11:42:37.659

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-08-01 18:23:21.680

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Russ\AppData\Local\Temp\PIOAC85.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-08-01 18:23:21.664

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Russ\AppData\Local\Temp\PIOAC85.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 50%

Total physical RAM: 5606.87 MB

Available physical RAM: 2753.47 MB

Total Pagefile: 11211.93 MB

Available Pagefile: 8025.33 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (TI106304W0E) (Fixed) (Total:580.04 GB) (Free:71.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 52A8BCE0)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=580 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

 

==================== End Of Log ============================

[Maniac]

Hello russ8825 and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Do you still need help?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!