Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help with Residual Issues after Virus Removal?


  • This topic is locked This topic is locked
85 replies to this topic

#1 silversurfer0116

silversurfer0116

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 12 April 2014 - 05:54 PM

My laptop was recently infected by some viruses(Win64.Conedex.B trojan, Win64.Conedex.I trojan, Exploit.Agent.PZM trojan,
Kryptik.BNOA trojan, Kryptik.BNOS trojan, Kryptik.BNOR trojan, Kryptik.BNIO trojan).  My up to date anti-virus, ESET, recognized
but could not detect or get rid of these viruses nor did my up to date malware program, Malwarebytes.  I emailed ESET who had a
dedicated program (ESETSirefefCleaner.exe) to get rid of these viruses (If they had this why wasn't it incorporated in their anti-
virus which is automatically updated all the time?).  At any rate I downloaded this program, ran it, and it appears to have gotten
rid of the viruses but there are some residual issues that I could use some advise on.  I tried to do a restore but too much time
elapsed and the problems did not go away.  I think I did it right but I'll wait to hear from you guys before I proceed. 
I've attached the attach.txt and dds.txt file
 
Some Background
---------------
Toshiba P770D laptop
Windows 7 home premium with service pack 1
AMD processor (A6-3420M APU with Radion HD Graphics...1.50Ghz.
RAM: 8.0 GB
64 bit operating system
Hitachi sata hard drive 800GB
 
*  There seems to be a truckload of files with mostly the js extension in one of the temporary internet folders.  It now takes two
to three times as long to run my anti-virus as there are three times the amount of files to scan as before. I regularly run MS
Windows Disc Cleanup but it does not seem to clean these files out.  ESET and Malwarebytes do not seem to have any effect on these
files either.  Most of them are dated around the time I ran ESET's special virus removal program.  I have not manually cleaned
them out to date for fear of really screwing something up.
 
*  I noticed my administrative tools in the control panel is empty.  I tried the other folders in the control panel and they all
seem to be OK except for this one.  I'm pretty sure it is not supposed to be empty.
 
*  I noticed that my laptop does not recognize the built in CD/DVD drive as it used to.  It is not in the device manager in the
control panel either.  CD's and DVD's will not operate.  They spin but nothing is on the display.
 
*  I was lazy and did not create a recovery disc when I bought the laptop.  Toshiba did not send me any of the loaded software
that was on the laptop.  This is normal these days I suppose but not too helpful in a situation like this.  The original image may
be on the hard drive but I do not know.  I am just tech enough to be dangerous, which at least I recognize.
Any help that you can give me will be greatly appreciated.  Thanks....sjcombs

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Steven at 15:43:51 on 2014-04-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7657.3388 [GMT -7:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Users\Steven\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\notepad.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskeng.exe
c:\program files\windows defender\MpCmdRun.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Amazon Cloud Player] C:\Users\Steven\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [JLworks] regsvr32.exe C:\Users\Steven\AppData\Local\JLworks\vorbisfile_d.dll
uRun: [JLworks Update] regsvr32.exe C:\Users\Steven\AppData\Local\JLworks\AXVLC.DLL
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Steven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IO7TLF~1.LNK - C:\windows\System32\rundll32.exe
StartupFolder: C:\Users\Steven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{35EF4926-4C33-465C-AC8A-0FC12615E164} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{35EF4926-4C33-465C-AC8A-0FC12615E164}\2375942554231383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{35EF4926-4C33-465C-AC8A-0FC12615E164}\2756374716572716E6470266275656 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{35EF4926-4C33-465C-AC8A-0FC12615E164}\451697C6F627 : DHCPNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Shell = explorer.exe, C:\Users\Steven\AppData\Roaming\nzqwwnh_
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-4-16 79488]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-4-16 40064]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\System32\drivers\amdhub30.sys [2012-4-16 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\System32\drivers\amdxhc.sys [2012-4-16 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-4-16 115216]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2012-4-16 42096]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2012-4-16 20592]
.
=============== Created Last 30 ================
.
2014-04-11 12:53:55 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{720B639D-8FBD-4E21-958D-F85F1B523983}\offreg.dll
2014-04-11 12:52:39 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{720B639D-8FBD-4E21-958D-F85F1B523983}\mpengine.dll
2014-04-09 14:26:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-04-09 14:26:57 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-04-09 14:26:48 274880 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2014-04-09 14:26:48 190912 ----a-w- C:\windows\System32\drivers\storport.sys
2014-04-09 14:26:47 27584 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2014-04-09 14:26:47 2048 ----a-w- C:\windows\SysWow64\iologmsg.dll
2014-04-09 14:26:38 2048 ----a-w- C:\windows\System32\iologmsg.dll
2014-04-09 13:46:14 243712 ----a-w- C:\windows\System32\wow64.dll
2014-04-09 13:46:13 362496 ----a-w- C:\windows\System32\wow64win.dll
2014-04-09 13:46:13 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2014-04-09 13:46:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2014-04-09 13:46:12 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2014-04-09 13:46:12 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2014-04-09 13:46:08 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2014-04-09 13:46:07 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2014-04-09 13:46:07 2048 ----a-w- C:\windows\SysWow64\user.exe
2014-04-09 13:46:03 1684928 ----a-w- C:\windows\System32\drivers\ntfs.sys
2014-04-03 18:59:11 -------- d-----w- C:\ProgramData\REGSERVO64
2014-04-03 17:45:08 228864 ----a-w- C:\windows\System32\wwansvc.dll
2014-04-03 17:45:06 484864 ----a-w- C:\windows\System32\wer.dll
2014-04-03 17:45:06 381440 ----a-w- C:\windows\SysWow64\wer.dll
2014-04-03 17:45:03 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-03-27 02:46:33 -------- d-----w- C:\Users\Steven\AppData\Roaming\Samsung
2014-03-27 02:45:02 -------- d-----w- C:\Program Files (x86)\Samsung
.
==================== Find3M ====================
.
2014-03-12 12:40:12 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 12:40:12 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 09:17:05 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-04 02:32:22 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\windows\System32\qedit.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\windows\SysWow64\qedit.dll
.
============= FINISH: 15:44:50.32 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/28/2012 2:58:33 PM
System Uptime: 4/10/2014 9:52:25 PM (42 hours ago)
.
Motherboard: TOSHIBA | | QHRAE
Processor: AMD A6-3420M APU with Radeon™ HD Graphics | P0 | 795/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 683 GiB total, 583.845 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP132: 3/29/2014 6:02:06 AM - Windows Update
RP133: 4/1/2014 8:07:53 AM - Windows Update
RP134: 4/3/2014 10:12:04 AM - Restore Operation
RP135: 4/3/2014 10:42:28 AM - Windows Update
RP136: 4/4/2014 3:01:20 AM - Windows Update
RP137: 4/9/2014 6:40:00 AM - Windows Update
RP138: 4/10/2014 3:00:20 AM - Windows Update
.
==== Installed Programs ======================
.
3 Tor
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9) MUI
Amazon Cloud Player
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
Bejeweled 3
Bluetooth Stack for Windows by Toshiba
Business Contact Manager for Microsoft Outlook 2010
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ContentHD
Contents
Corel Digital Studio SE
Corel WinDVD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceIO
DFPro
ESET Smart Security
FATE - The Traitor Soul
Google Chrome
Google Update Helper
ICA
IPM_OEM
IrfanView (remove only)
ISCOM
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 25
JMicron Flash Media Controller Driver
Junk Mail filter update
Label@Once 1.0
Letters from Nowhere 2
Logitech Unifying Software 2.00
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
MLE
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
PureHD
Quicken 2012
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setup
Share
Share64
Skype Launcher
Sql Server Customer Experience Improvement Program
Synaptics Pointing Device Driver
Tales of Lagoona
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update Installer for WildTangent Games App
Utility Common Driver
VIO
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Resource Kit Tools - SubInAcl.exe
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
4/7/2014 4:09:28 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Steven-PC\Guest SID (S-1-5-21-4078917017-1294288483-172199226-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/12/2014 10:53:03 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
4/12/2014 10:53:03 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
4/12/2014 10:47:57 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/10/2014 3:23:17 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
4/10/2014 2:31:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
4/10/2014 2:12:04 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 30 April 2014 - 10:43 PM.
Logs posted


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 17 April 2014 - 05:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530858 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 22 April 2014 - 06:00 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 AM

Posted 30 April 2014 - 10:41 PM

Greetings silversurfer0116 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 AM

Posted 03 May 2014 - 11:24 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 silversurfer0116

silversurfer0116
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 04 May 2014 - 11:15 AM

Yes I still need help with this problem.  I have been very busy at work so I haven't had time to get to this.  I plan on trying this out tomorrow evening.  Today is Sunday 5/4.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 AM

Posted 04 May 2014 - 02:40 PM

OK thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 silversurfer0116

silversurfer0116
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 04 May 2014 - 05:25 PM

Attached File  summary.zip   326.13KB   1 downloadsHi Gary:  I had some time this afternoon so I got the ball rolling on my computer issue.  Below I've pasted the requested files.  Attached is the requested summary.  Thanks....Steve

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-05-2014
Ran by Steven (administrator) on STEVEN-PC on 04-05-2014 14:59:19
Running from C:\Users\Steven\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Users\Steven\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4081008 2012-03-07] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2011-03-10] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\Steven\AppData\Roaming\nzqwwnh_ [2871808 2011-02-24] (Microsoft Corporation)
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [Amazon Cloud Player] => C:\Users\Steven\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [JLworks] => regsvr32.exe C:\Users\Steven\AppData\Local\JLworks\vorbisfile_d.dll <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [JLworks Update] => regsvr32.exe C:\Users\Steven\AppData\Local\JLworks\AXVLC.DLL
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Steven\AppData\Local\Temp\scdlsws\scbbixq\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\io7tlfvlc.lnk
ShortcutTarget: io7tlfvlc.lnk -> C:\PROGRA~3\clvflt7oi.cpp (No File)
Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0.0.0.3/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://0.0.0.6/
SearchScopes: HKLM - DefaultScope {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - DefaultScope {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - DefaultScope {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS481
SearchScopes: HKCU - {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS481
SearchScopes: HKCU - {EE03AEA7-8DBD-4D1B-9C2A-F293B656DB73} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-29]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-29]

Chrome:
=======
CHR HomePage: hxxp://start.toshiba.com
CHR StartupUrls: "hxxp://start.toshiba.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-30]
CHR Extension: (Google Search) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-30]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
CHR Extension: (Gmail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-30]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [913144 2012-03-07] (ESET)
R3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 UDSS; c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [30064 2011-03-11] ()

==================== Drivers (Whitelisted) ====================

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2012-03-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2012-03-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2012-03-14] (ESET)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-04 14:59 - 2014-05-04 14:59 - 00019417 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-05-04 14:59 - 2014-05-04 14:59 - 00000000 ____D () C:\FRST
2014-05-04 14:57 - 2014-05-04 14:57 - 02062336 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-05-04 03:00 - 2014-04-29 07:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-04 03:00 - 2014-04-29 06:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-04 03:00 - 2014-04-29 05:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-04 03:00 - 2014-04-29 05:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-02 04:26 - 2014-05-02 04:26 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieUserList
2014-05-02 04:26 - 2014-05-02 04:26 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieSiteList
2014-05-02 04:18 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-02 04:18 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-02 04:18 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-02 04:18 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-02 04:18 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-02 04:18 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-02 04:18 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-02 04:18 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-02 04:18 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-02 04:18 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-02 04:18 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-02 04:18 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-02 04:18 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-02 04:18 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-02 04:18 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-02 04:18 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-02 04:18 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-02 04:18 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-02 04:18 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-02 04:18 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-02 04:18 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-02 04:18 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-02 04:17 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-02 04:17 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-02 04:17 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-02 04:17 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-02 04:17 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-02 04:17 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-02 04:17 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-02 04:17 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-02 04:17 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-02 04:17 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-02 04:17 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-02 04:17 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-02 04:17 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-02 04:17 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-02 04:17 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-02 04:17 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-02 04:17 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-02 04:17 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-02 04:17 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-02 04:17 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-02 04:17 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-02 04:17 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-01 18:08 - 2014-05-04 09:58 - 00001242 _____ () C:\Users\Steven\Desktop\Macgregor ad.txt
2014-04-25 20:27 - 2014-04-25 20:27 - 00373496 _____ () C:\windows\Minidump\042514-31668-01.dmp
2014-04-14 11:23 - 2014-04-14 11:23 - 00866195 _____ () C:\Users\Steven\Desktop\Hi.zip
2014-04-12 15:45 - 2014-04-12 15:47 - 00016759 _____ () C:\Users\Steven\Desktop\dds.txt
2014-04-12 15:45 - 2014-04-12 15:47 - 00010379 _____ () C:\Users\Steven\Desktop\attach.txt
2014-04-12 15:39 - 2014-04-12 15:39 - 00688992 ____R (Swearware) C:\Users\Steven\Desktop\dds.com
2014-04-12 13:45 - 2014-04-12 15:56 - 00002600 _____ () C:\Users\Steven\Documents\Computer Problem.txt
2014-04-09 19:50 - 2014-04-09 19:50 - 00000000 ____D () C:\Users\Steven\Documents\New folder
2014-04-09 07:26 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 07:26 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 07:26 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 07:26 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 07:26 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 06:46 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 06:46 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 06:46 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 06:46 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 06:46 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 06:46 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 06:46 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 06:46 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 06:46 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 06:46 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 06:46 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 06:46 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-05 09:12 - 2014-04-05 09:12 - 00069132 _____ () C:\Users\Steven\Documents\CT 008624 P1 0210

==================== One Month Modified Files and Folders =======

2014-05-04 14:59 - 2014-05-04 14:59 - 00019417 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-05-04 14:59 - 2014-05-04 14:59 - 00000000 ____D () C:\FRST
2014-05-04 14:57 - 2014-05-04 14:57 - 02062336 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-05-04 14:55 - 2012-04-16 17:51 - 01141233 _____ () C:\windows\WindowsUpdate.log
2014-05-04 14:54 - 2009-07-13 21:45 - 00025120 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-04 14:54 - 2009-07-13 21:45 - 00025120 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-04 14:50 - 2012-12-21 14:53 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{A0F2CFD9-EB86-4089-A6FB-7D70AB7DF542}
2014-05-04 14:48 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-05-04 14:46 - 2012-04-16 18:41 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-04 14:46 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-04 14:46 - 2009-07-13 21:51 - 00081506 _____ () C:\windows\setupact.log
2014-05-04 14:43 - 2012-04-16 18:41 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-04 14:40 - 2012-05-10 06:51 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 09:58 - 2014-05-01 18:08 - 00001242 _____ () C:\Users\Steven\Desktop\Macgregor ad.txt
2014-05-04 03:55 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-05-02 04:26 - 2014-05-02 04:26 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieUserList
2014-05-02 04:26 - 2014-05-02 04:26 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieSiteList
2014-05-02 04:22 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-30 18:21 - 2012-05-17 07:36 - 00096768 _____ () C:\Users\Steven\Desktop\current.xls
2014-04-29 07:01 - 2014-05-04 03:00 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-29 06:40 - 2014-05-04 03:00 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-29 05:48 - 2014-05-04 03:00 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-29 05:34 - 2014-05-04 03:00 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-28 18:40 - 2012-05-10 06:51 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 18:40 - 2012-05-10 06:51 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 18:40 - 2011-11-23 19:56 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-25 20:27 - 2014-04-25 20:27 - 00373496 _____ () C:\windows\Minidump\042514-31668-01.dmp
2014-04-25 20:27 - 2012-12-21 22:27 - 00000000 ____D () C:\windows\Minidump
2014-04-21 04:11 - 2013-10-16 15:34 - 00000000 ____D () C:\Users\Steven\AppData\Local\Amazon Cloud Player
2014-04-18 13:24 - 2012-11-05 15:56 - 00000000 ____D () C:\Users\Steven\Documents\Outlook Files
2014-04-15 18:40 - 2012-05-17 07:36 - 00000000 ____D () C:\Users\Steven\Documents\Legal
2014-04-14 21:20 - 2012-05-30 11:16 - 00000121 _____ () C:\Users\Public\LMDebug.log
2014-04-14 11:49 - 2012-05-17 07:36 - 00000000 ____D () C:\Users\Steven\Documents\TAX
2014-04-14 11:23 - 2014-04-14 11:23 - 00866195 _____ () C:\Users\Steven\Desktop\Hi.zip
2014-04-12 17:50 - 2013-10-02 01:03 - 00000000 ____D () C:\Users\Steven\Desktop\UFCU
2014-04-12 17:50 - 2012-05-17 07:34 - 00000000 ____D () C:\Users\Steven\Documents\Current
2014-04-12 15:56 - 2014-04-12 13:45 - 00002600 _____ () C:\Users\Steven\Documents\Computer Problem.txt
2014-04-12 15:47 - 2014-04-12 15:45 - 00016759 _____ () C:\Users\Steven\Desktop\dds.txt
2014-04-12 15:47 - 2014-04-12 15:45 - 00010379 _____ () C:\Users\Steven\Desktop\attach.txt
2014-04-12 15:39 - 2014-04-12 15:39 - 00688992 ____R (Swearware) C:\Users\Steven\Desktop\dds.com
2014-04-10 03:06 - 2012-05-19 08:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 03:05 - 2013-08-15 05:47 - 00000000 ____D () C:\windows\system32\MRT
2014-04-10 03:02 - 2012-05-06 09:03 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 19:50 - 2014-04-09 19:50 - 00000000 ____D () C:\Users\Steven\Documents\New folder
2014-04-06 18:17 - 2009-07-13 22:13 - 00873988 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-05 09:12 - 2014-04-05 09:12 - 00069132 _____ () C:\Users\Steven\Documents\CT 008624 P1 0210
2014-04-04 03:39 - 2013-03-18 19:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-04 03:39 - 2013-03-18 19:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-04 03:39 - 2009-07-13 21:45 - 00435352 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-04 03:07 - 2013-03-18 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
ZeroAccess:
C:\Users\Steven\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Guest\AppData\Roaming\skype.ini
C:\Users\Steven\AppData\Roaming\skype.ini
C:\ProgramData\dzjl1.pad
C:\ProgramData\dzjl1.reg
C:\ProgramData\go_0molg.pad
C:\ProgramData\io7tlfvlc.fee
C:\Users\Steven\5549982.exe
C:\Users\Steven\8145157.exe
C:\Users\Steven\8423790.exe
C:\Users\Steven\java.exe
C:\Users\Steven\vlcplayer.exe

Some content of TEMP:
====================
C:\Users\Steven\AppData\Local\Temp\InstallFlashPlayer.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-01 19:22

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-05-2014
Ran by Steven at 2014-05-04 15:00:24
Running from C:\Users\Steven\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ESET Smart Security 5.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

3 Tor (HKCU\...\3 Tor) (Version:  - Zubba)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{16EA5479-5CE2-F045-8D65-3F1FC41B90E5}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61110.2305 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.07(T) - TOSHIBA CORPORATION)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Corel Digital Studio SE (HKLM-x32\...\_{E185BD5C-0E10-479F-AF44-63D3A068446A}) (Version: 1.5.10.332 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.110 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
DFPro (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
ESET Smart Security (HKLM\...\{F7274D82-C857-4C20-AB1A-D701D64BFD90}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
ICA (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
IPM_OEM (x32 Version: 1.53 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
ISCOM (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.59.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (x32 Version: 1.0 - Corel) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Logitech Unifying Software 2.00 (HKLM\...\Logitech Unifying) (Version: 2.00.43 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (x32 Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
MLE (x32 Version: 1.0.0.60 - Corel Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PureHD (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share64 (Version: 1.5.10.332 - Corel Corporation) Hidden
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.3C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
VIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

09-04-2014 13:40:00 Windows Update
10-04-2014 10:00:20 Windows Update
15-04-2014 10:49:51 Windows Update
22-04-2014 13:33:27 Windows Update
25-04-2014 15:24:00 Windows Update
01-05-2014 05:36:17 Windows Update
02-05-2014 11:16:34 Windows Update
04-05-2014 10:00:15 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {07221D07-5F1C-41AE-ADB7-B7508C212D44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: {8C2EDD4F-2702-452B-8B40-9367C072EAF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: {B8BB50AF-C540-41DC-8221-9921F831D0D4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 10:44 - 2011-06-22 10:44 - 00034304 _____ () C:\windows\System32\sst2cl6.dll
2011-03-11 14:14 - 2011-03-11 14:14 - 00030064 _____ () c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 10:37 - 2010-11-30 10:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2011-02-22 19:22 - 2011-02-22 19:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2013-10-16 15:34 - 2014-03-07 13:39 - 03168576 _____ () C:\Users\Steven\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2011-11-10 23:24 - 2011-11-10 23:24 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-09 21:09 - 2011-06-09 21:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Steven^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^McAfee PC Security.lnk => C:\windows\pss\McAfee PC Security.lnk.Startup
MSCONFIG\startupreg: bgespi => "C:\Windows\System32\rundll32.exe" "C:\Users\Steven\AppData\Roaming\bgespi.dll",FromReadWriteObject
MSCONFIG\startupreg: MigWiz => rundll32.exe "C:\Users\Steven\AppData\Local\Opera\MigWiz\ewpgjd.dll",DllRegisterServer
MSCONFIG\startupreg: ronwi => "C:\Windows\System32\rundll32.exe" "C:\Users\Steven\AppData\Roaming\ronwi.dll",SetObject
MSCONFIG\startupreg: wscfe => rundll32.exe "C:\Users\Steven\AppData\Roaming\wscfe.dll",PSTGetData

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/04/2014 02:47:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/04/2014 02:47:06 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/04/2014 09:11:41 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/04/2014 03:18:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 01:52:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 01:51:45 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/02/2014 04:58:44 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/02/2014 04:55:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/02/2014 04:26:00 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/02/2014 04:25:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/04/2014 02:47:59 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/04/2014 02:47:58 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/04/2014 02:46:38 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/04/2014 02:46:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/04/2014 02:46:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/04/2014 02:46:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/04/2014 02:46:31 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/04/2014 02:46:22 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/04/2014 02:46:20 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/04/2014 02:46:16 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Microsoft Office Sessions:
=========================
Error: (05/04/2014 02:47:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/04/2014 02:47:06 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/04/2014 09:11:41 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/04/2014 03:18:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 01:52:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 01:51:45 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/02/2014 04:58:44 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/02/2014 04:55:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/02/2014 04:26:00 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/02/2014 04:25:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 7656.67 MB
Available physical RAM: 5733.81 MB
Total Pagefile: 15311.52 MB
Available Pagefile: 13016.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106338W0C) (Fixed) (Total:682.64 GB) (Free:583.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 7E17517C)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

==================== End Of Log ============================



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 AM

Posted 04 May 2014 - 11:51 PM

Hi Steve,

Thanks for taking the time to run the programs. Your computer is still quite ill. I have some steps for you to take but I must first advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [JLworks] => regsvr32.exe C:\Users\Steven\AppData\Local\JLworks\vorbisfile_d.dll <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Steven\AppData\Local\Temp\scdlsws\scbbixq\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\io7tlfvlc.lnk
ShortcutTarget: io7tlfvlc.lnk -> C:\PROGRA~3\clvflt7oi.cpp (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0.0.0.3/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://0.0.0.6/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S3 Tosrfcom; No ImagePath
ZeroAccess:
C:\Users\Steven\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Guest\AppData\Roaming\skype.ini
C:\Users\Steven\AppData\Roaming\skype.ini
C:\ProgramData\dzjl1.pad
C:\ProgramData\dzjl1.reg
C:\ProgramData\go_0molg.pad
C:\ProgramData\io7tlfvlc.fee
C:\Users\Steven\5549982.exe
C:\Users\Steven\8145157.exe
C:\Users\Steven\8423790.exe
C:\Users\Steven\java.exe
C:\Users\Steven\vlcplayer.exe
C:\Users\Steven\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Steven\AppData\Roaming\bgespi.dll
C:\Users\Steven\AppData\Local\Opera\MigWiz\ewpgjd.dll
C:\Users\Steven\AppData\Roaming\ronwi.dll
C:\Users\Steven\AppData\Roaming\wscfe.dll
Hosts: Hosts file not detected in the default directory
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Enabling Startups Using msconfig

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • Click on the Startup tab
  • Place a check mark next to entries which include the following information

bgespi
MigWiz
ronwi
wscfe

  • Click OK then click on Restart
  • Rerun Farbar Recovery Scan Tool making sure to place a check mark in Addition.txt
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Were you able to complete the checking of the Startup items?
  • Farbar logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 silversurfer0116

silversurfer0116
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 06 May 2014 - 11:36 PM

Gary:  I have already changed all of my passwords that pertain to any financial stuff that I do online.   I have not noticed any problems with my accounts and I have been looking.   I did do most of the password changing on the machine in question though.  Most of this password changing was done within the last two months although the original issue happened around six months ago.  ESET did have a special program to get rid of the viruses? that I listed in my original request.   I have been very busy and just haven't had time to deal with it the way we are about to deal with it.  Do you recommend changing my passwords again but from a clean machine?

 

I will follow through with fixing this machine but I may not be able to get to it until this weekend.  I would have taken it to someone but I have not heard very good things about anyone my friends have used for this type of work.

 

One thing I do is keep an updated list of my passwords on an MSWord file that is passworded with a password that is not used for any online activity and only for this file and a couple of others (my living trust and old will).   There is no account information on these documents.  I also keep a hard copy of the password list hidden in the house.  Please advise.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 AM

Posted 07 May 2014 - 11:13 AM

Greetings,
 

I have not noticed any problems with my accounts and I have been looking.
Do you recommend changing my passwords again but from a clean machine?

There is never a downside to changing passwords except for the inconvenience. The real issue is whether or not you have seen evidence someone is trying to take something from you and that has not been the case. Yes you can change passwords again but no, I don't think it is an urgent necessity.

Thanks for letting me know of the delay.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 silversurfer0116

silversurfer0116
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 11 May 2014 - 07:55 PM

Gary:  I was able to check the requested startup items.  Below are the other requested items.  Please let me know if I missed anything.  Thanks again....Steve

 

Fixlog.txt

FRST.txt

Addition.txt 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01
Ran by Steven at 2014-05-11 17:28:31 Run:1
Running from C:\Users\Steven\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [JLworks] => regsvr32.exe C:\Users\Steven\AppData\Local\JLworks\vorbisfile_d.dll <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Steven\AppData\Local\Temp\scdlsws\scbbixq\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\io7tlfvlc.lnk
ShortcutTarget: io7tlfvlc.lnk -> C:\PROGRA~3\clvflt7oi.cpp (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0.0.0.3/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://0.0.0.6/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S3 Tosrfcom; No ImagePath
ZeroAccess:
C:\Users\Steven\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Guest\AppData\Roaming\skype.ini
C:\Users\Steven\AppData\Roaming\skype.ini
C:\ProgramData\dzjl1.pad
C:\ProgramData\dzjl1.reg
C:\ProgramData\go_0molg.pad
C:\ProgramData\io7tlfvlc.fee
C:\Users\Steven\5549982.exe
C:\Users\Steven\8145157.exe
C:\Users\Steven\8423790.exe
C:\Users\Steven\java.exe
C:\Users\Steven\vlcplayer.exe
C:\Users\Steven\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Steven\AppData\Roaming\bgespi.dll
C:\Users\Steven\AppData\Local\Opera\MigWiz\ewpgjd.dll
C:\Users\Steven\AppData\Roaming\ronwi.dll
C:\Users\Steven\AppData\Roaming\wscfe.dll
Hosts: Hosts file not detected in the default directory
*****************

HKU\S-1-5-21-4078917017-1294288483-172199226-1000\Software\Microsoft\Windows\CurrentVersion\Run\\JLworks => Value deleted successfully.
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\io7tlfvlc.lnk => Moved successfully.
C:\PROGRA~3\clvflt7oi.cpp not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Tosrfcom => Service deleted successfully.
C:\Users\Steven\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\Users\Guest\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Steven\AppData\Roaming\skype.ini => Moved successfully.
C:\ProgramData\dzjl1.pad => Moved successfully.
C:\ProgramData\dzjl1.reg => Moved successfully.
C:\ProgramData\go_0molg.pad => Moved successfully.
C:\ProgramData\io7tlfvlc.fee => Moved successfully.
C:\Users\Steven\5549982.exe => Moved successfully.
C:\Users\Steven\8145157.exe => Moved successfully.
C:\Users\Steven\8423790.exe => Moved successfully.
C:\Users\Steven\java.exe => Moved successfully.
C:\Users\Steven\vlcplayer.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
"C:\Users\Steven\AppData\Roaming\bgespi.dll" => File/Directory not found.
"C:\Users\Steven\AppData\Local\Opera\MigWiz\ewpgjd.dll" => File/Directory not found.
"C:\Users\Steven\AppData\Roaming\ronwi.dll" => File/Directory not found.
"C:\Users\Steven\AppData\Roaming\wscfe.dll" => File/Directory not found.
Hosts was reset successfully.

==== End of Fixlog ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by Steven (administrator) on STEVEN-PC on 11-05-2014 17:38:16
Running from C:\Users\Steven\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Users\Steven\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4081008 2012-03-07] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2011-03-10] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\Steven\AppData\Roaming\nzqwwnh_ [2871808 2011-02-24] (Microsoft Corporation)
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [Amazon Cloud Player] => C:\Users\Steven\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [wscfe] => rundll32.exe "C:\Users\Steven\AppData\Roaming\wscfe.dll",PSTGetData <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [ronwi] => "C:\Windows\System32\rundll32.exe" "C:\Users\Steven\AppData\Roaming\ronwi.dll",SetObject <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [MigWiz] => rundll32.exe "C:\Users\Steven\AppData\Local\Opera\MigWiz\ewpgjd.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [bgespi] => "C:\Windows\System32\rundll32.exe" "C:\Users\Steven\AppData\Roaming\bgespi.dll",FromReadWriteObject <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM - {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - DefaultScope {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - DefaultScope {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS481
SearchScopes: HKCU - {0BE6214E-C172-4409-AD59-666288D7E2D9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS481
SearchScopes: HKCU - {EE03AEA7-8DBD-4D1B-9C2A-F293B656DB73} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-29]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-29]

Chrome:
=======
CHR HomePage: hxxp://start.toshiba.com
CHR StartupUrls: "hxxp://start.toshiba.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-30]
CHR Extension: (Google Search) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-30]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
CHR Extension: (Gmail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-30]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [913144 2012-03-07] (ESET)
R3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 UDSS; c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [30064 2011-03-11] ()

==================== Drivers (Whitelisted) ====================

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2012-03-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2012-03-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2012-03-14] (ESET)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-11 17:28 - 2014-05-11 17:28 - 00000000 ____D () C:\Users\Steven\Desktop\FRST-OlderVersion
2014-05-09 19:16 - 2014-05-09 19:16 - 01451744 _____ () C:\windows\Minidump\050914-36488-01.dmp
2014-05-08 22:12 - 2014-05-08 22:12 - 00375544 _____ () C:\windows\Minidump\050814-29936-01.dmp
2014-05-07 05:18 - 2014-05-07 05:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 20:57 - 2014-04-13 19:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-06 20:57 - 2014-04-13 19:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-06 20:38 - 2014-05-09 19:15 - 1152980697 _____ () C:\windows\MEMORY.DMP
2014-05-06 20:38 - 2014-05-06 20:39 - 00274728 _____ () C:\windows\Minidump\050614-27362-01.dmp
2014-05-04 15:18 - 2014-05-04 15:18 - 00333952 _____ () C:\Users\Steven\Desktop\summary.zip
2014-05-04 15:13 - 2014-05-04 15:14 - 09167862 _____ () C:\Users\Steven\Desktop\summary.nfo
2014-05-04 15:00 - 2014-05-04 15:01 - 00042811 _____ () C:\Users\Steven\Desktop\Addition.txt
2014-05-04 14:59 - 2014-05-11 17:38 - 00018414 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-05-04 14:59 - 2014-05-11 17:38 - 00000000 ____D () C:\FRST
2014-05-04 14:57 - 2014-05-11 17:28 - 02066944 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-05-04 03:00 - 2014-04-29 07:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-04 03:00 - 2014-04-29 06:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-04 03:00 - 2014-04-29 05:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-04 03:00 - 2014-04-29 05:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-02 04:26 - 2014-05-02 04:26 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieUserList
2014-05-02 04:26 - 2014-05-02 04:26 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieSiteList
2014-05-02 04:18 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-02 04:18 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-02 04:18 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-02 04:18 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-02 04:18 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-02 04:18 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-02 04:18 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-02 04:18 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-02 04:18 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-02 04:18 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-02 04:18 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-02 04:18 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-02 04:18 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-02 04:18 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-02 04:18 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-02 04:18 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-02 04:18 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-02 04:18 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-02 04:18 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-02 04:18 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-02 04:18 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-02 04:18 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-02 04:17 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-02 04:17 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-02 04:17 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-02 04:17 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-02 04:17 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-02 04:17 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-02 04:17 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-02 04:17 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-02 04:17 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-02 04:17 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-02 04:17 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-02 04:17 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-02 04:17 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-02 04:17 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-02 04:17 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-02 04:17 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-02 04:17 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-02 04:17 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-02 04:17 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-02 04:17 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-02 04:17 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-02 04:17 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-01 18:08 - 2014-05-04 09:58 - 00001242 _____ () C:\Users\Steven\Desktop\Macgregor ad.txt
2014-04-25 20:27 - 2014-04-25 20:27 - 00373496 _____ () C:\windows\Minidump\042514-31668-01.dmp
2014-04-14 11:23 - 2014-04-14 11:23 - 00866195 _____ () C:\Users\Steven\Desktop\Hi.zip
2014-04-12 15:45 - 2014-04-12 15:47 - 00016759 _____ () C:\Users\Steven\Desktop\dds.txt
2014-04-12 15:45 - 2014-04-12 15:47 - 00010379 _____ () C:\Users\Steven\Desktop\attach.txt
2014-04-12 15:39 - 2014-04-12 15:39 - 00688992 ____R (Swearware) C:\Users\Steven\Desktop\dds.com
2014-04-12 13:45 - 2014-04-12 15:56 - 00002600 _____ () C:\Users\Steven\Documents\Computer Problem.txt

==================== One Month Modified Files and Folders =======

2014-05-11 17:38 - 2014-05-04 14:59 - 00018414 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-05-11 17:38 - 2014-05-04 14:59 - 00000000 ____D () C:\FRST
2014-05-11 17:33 - 2012-04-16 18:41 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 17:31 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-11 17:31 - 2009-07-13 21:51 - 00082010 _____ () C:\windows\setupact.log
2014-05-11 17:30 - 2012-04-16 17:51 - 01383246 _____ () C:\windows\WindowsUpdate.log
2014-05-11 17:28 - 2014-05-11 17:28 - 00000000 ____D () C:\Users\Steven\Desktop\FRST-OlderVersion
2014-05-11 17:28 - 2014-05-04 14:57 - 02066944 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-05-11 17:28 - 2012-04-28 15:01 - 00000000 ___RD () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-11 17:28 - 2012-04-28 14:58 - 00000000 ____D () C:\Users\Steven
2014-05-11 17:14 - 2009-07-13 21:45 - 00025120 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 17:14 - 2009-07-13 21:45 - 00025120 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 17:09 - 2012-05-30 11:16 - 00000121 _____ () C:\Users\Public\LMDebug.log
2014-05-11 16:52 - 2012-04-16 18:41 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 16:40 - 2012-05-10 06:51 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 14:45 - 2012-12-21 14:53 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{A0F2CFD9-EB86-4089-A6FB-7D70AB7DF542}
2014-05-09 19:16 - 2014-05-09 19:16 - 01451744 _____ () C:\windows\Minidump\050914-36488-01.dmp
2014-05-09 19:16 - 2012-12-21 22:27 - 00000000 ____D () C:\windows\Minidump
2014-05-09 19:15 - 2014-05-06 20:38 - 1152980697 _____ () C:\windows\MEMORY.DMP
2014-05-08 23:47 - 2012-04-16 18:41 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 23:47 - 2012-04-16 18:41 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 22:12 - 2014-05-08 22:12 - 00375544 _____ () C:\windows\Minidump\050814-29936-01.dmp
2014-05-08 21:09 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-05-07 05:18 - 2014-05-07 05:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 20:39 - 2014-05-06 20:38 - 00274728 _____ () C:\windows\Minidump\050614-27362-01.dmp
2014-05-04 15:18 - 2014-05-04 15:18 - 00333952 _____ () C:\Users\Steven\Desktop\summary.zip
2014-05-04 15:14 - 2014-05-04 15:13 - 09167862 _____ () C:\Users\Steven\Desktop\summary.nfo
2014-05-04 15:01 - 2014-05-04 15:00 - 00042811 _____ () C:\Users\Steven\Desktop\Addition.txt
2014-05-04 09:58 - 2014-05-01 18:08 - 00001242 _____ () C:\Users\Steven\Desktop\Macgregor ad.txt
2014-05-04 03:55 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-05-02 04:26 - 2014-05-02 04:26 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieUserList
2014-05-02 04:26 - 2014-05-02 04:26 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieSiteList
2014-05-02 04:22 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-30 18:21 - 2012-05-17 07:36 - 00096768 _____ () C:\Users\Steven\Desktop\current.xls
2014-04-29 07:01 - 2014-05-04 03:00 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-29 06:40 - 2014-05-04 03:00 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-29 05:48 - 2014-05-04 03:00 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-29 05:34 - 2014-05-04 03:00 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-28 18:40 - 2012-05-10 06:51 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 18:40 - 2012-05-10 06:51 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 18:40 - 2011-11-23 19:56 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-25 20:27 - 2014-04-25 20:27 - 00373496 _____ () C:\windows\Minidump\042514-31668-01.dmp
2014-04-21 04:11 - 2013-10-16 15:34 - 00000000 ____D () C:\Users\Steven\AppData\Local\Amazon Cloud Player
2014-04-18 13:24 - 2012-11-05 15:56 - 00000000 ____D () C:\Users\Steven\Documents\Outlook Files
2014-04-15 18:40 - 2012-05-17 07:36 - 00000000 ____D () C:\Users\Steven\Documents\Legal
2014-04-14 11:49 - 2012-05-17 07:36 - 00000000 ____D () C:\Users\Steven\Documents\TAX
2014-04-14 11:23 - 2014-04-14 11:23 - 00866195 _____ () C:\Users\Steven\Desktop\Hi.zip
2014-04-13 19:24 - 2014-05-06 20:57 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-04-13 19:19 - 2014-05-06 20:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-04-12 17:50 - 2013-10-02 01:03 - 00000000 ____D () C:\Users\Steven\Desktop\UFCU
2014-04-12 17:50 - 2012-05-17 07:34 - 00000000 ____D () C:\Users\Steven\Documents\Current
2014-04-12 15:56 - 2014-04-12 13:45 - 00002600 _____ () C:\Users\Steven\Documents\Computer Problem.txt
2014-04-12 15:47 - 2014-04-12 15:45 - 00016759 _____ () C:\Users\Steven\Desktop\dds.txt
2014-04-12 15:47 - 2014-04-12 15:45 - 00010379 _____ () C:\Users\Steven\Desktop\attach.txt
2014-04-12 15:39 - 2014-04-12 15:39 - 00688992 ____R (Swearware) C:\Users\Steven\Desktop\dds.com

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-09 06:19

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by Steven at 2014-05-11 17:38:53
Running from C:\Users\Steven\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ESET Smart Security 5.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

3 Tor (HKCU\...\3 Tor) (Version:  - Zubba)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{16EA5479-5CE2-F045-8D65-3F1FC41B90E5}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61110.2305 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.07(T) - TOSHIBA CORPORATION)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Corel Digital Studio SE (HKLM-x32\...\_{E185BD5C-0E10-479F-AF44-63D3A068446A}) (Version: 1.5.10.332 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.110 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
DFPro (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
ESET Smart Security (HKLM\...\{F7274D82-C857-4C20-AB1A-D701D64BFD90}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
ICA (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
IPM_OEM (x32 Version: 1.53 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
ISCOM (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.59.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (x32 Version: 1.0 - Corel) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Logitech Unifying Software 2.00 (HKLM\...\Logitech Unifying) (Version: 2.00.43 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (x32 Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
MLE (x32 Version: 1.0.0.60 - Corel Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PureHD (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share64 (Version: 1.5.10.332 - Corel Corporation) Hidden
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.3C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
VIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

09-04-2014 13:40:00 Windows Update
10-04-2014 10:00:20 Windows Update
15-04-2014 10:49:51 Windows Update
22-04-2014 13:33:27 Windows Update
25-04-2014 15:24:00 Windows Update
01-05-2014 05:36:17 Windows Update
02-05-2014 11:16:34 Windows Update
04-05-2014 10:00:15 Windows Update
07-05-2014 12:17:15 Windows Update

==================== Hosts content: ==========================

2014-05-11 17:28 - 2014-05-11 17:28 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07221D07-5F1C-41AE-ADB7-B7508C212D44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: {8C2EDD4F-2702-452B-8B40-9367C072EAF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: {B8BB50AF-C540-41DC-8221-9921F831D0D4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 10:44 - 2011-06-22 10:44 - 00034304 _____ () C:\windows\System32\sst2cl6.dll
2011-03-11 14:14 - 2011-03-11 14:14 - 00030064 _____ () c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 10:37 - 2010-11-30 10:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2013-10-16 15:34 - 2014-03-07 13:39 - 03168576 _____ () C:\Users\Steven\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2011-02-22 19:22 - 2011-02-22 19:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2011-11-10 23:24 - 2011-11-10 23:24 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-09 21:09 - 2011-06-09 21:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-06-22 10:43 - 2011-06-22 10:43 - 00826880 _____ () C:\windows\system32\spool\DRIVERS\x64\3\sst2cdu.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Steven^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^McAfee PC Security.lnk => C:\windows\pss\McAfee PC Security.lnk.Startup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2014 05:33:44 PM) (Source: Toshiba App Place) (User: ) (EventID: 0)
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/11/2014 05:33:24 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 02:36:15 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: The program IEXPLORE.EXE version 11.0.9600.17041 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 29ec

Start Time: 01cf6c97c8240460

Termination Time: 23

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: 18e19382-d88b-11e3-9562-dc0ea14cb902

Error: (05/09/2014 07:18:32 PM) (Source: Toshiba App Place) (User: ) (EventID: 0)
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/09/2014 07:17:43 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 10:16:16 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: The program IEXPLORE.EXE version 11.0.9600.17041 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 344

Start Time: 01cf6b459290e4c5

Termination Time: 14

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: f4b92c61-d738-11e3-9c9e-dc0ea14cb902

Error: (05/08/2014 10:16:08 PM) (Source: Toshiba App Place) (User: ) (EventID: 0)
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/08/2014 10:13:56 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 07:43:45 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: The program IEXPLORE.EXE version 11.0.9600.17041 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1068

Start Time: 01cf6a4d360af120

Termination Time: 127

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/07/2014 04:36:37 PM) (Source: Toshiba App Place) (User: ) (EventID: 0)
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

System errors:
=============
Error: (05/10/2014 05:41:05 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Error: (05/10/2014 05:41:05 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Error: (05/10/2014 05:40:51 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Error: (05/10/2014 05:40:50 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Error: (05/10/2014 05:40:50 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Error: (05/10/2014 05:40:50 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Error: (05/10/2014 05:40:48 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Error: (05/10/2014 05:40:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Error: (05/10/2014 05:40:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Error: (05/10/2014 04:53:13 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY) (EventID: 1012)
Description: There was an error while attempting to read the local hosts file.

Microsoft Office Sessions:
=========================
Error: (05/11/2014 05:33:44 PM) (Source: Toshiba App Place) (User: ) (EventID: 0)
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/11/2014 05:33:24 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 02:36:15 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: IEXPLORE.EXE11.0.9600.1704129ec01cf6c97c824046023C:\Program Files\Internet Explorer\IEXPLORE.EXE18e19382-d88b-11e3-9562-dc0ea14cb902

Error: (05/09/2014 07:18:32 PM) (Source: Toshiba App Place) (User: ) (EventID: 0)
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/09/2014 07:17:43 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 10:16:16 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: IEXPLORE.EXE11.0.9600.1704134401cf6b459290e4c514C:\Program Files\Internet Explorer\IEXPLORE.EXEf4b92c61-d738-11e3-9c9e-dc0ea14cb902

Error: (05/08/2014 10:16:08 PM) (Source: Toshiba App Place) (User: ) (EventID: 0)
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/08/2014 10:13:56 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 07:43:45 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: IEXPLORE.EXE11.0.9600.17041106801cf6a4d360af120127C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (05/07/2014 04:36:37 PM) (Source: Toshiba App Place) (User: ) (EventID: 0)
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 7656.67 MB
Available physical RAM: 5773.23 MB
Total Pagefile: 15311.52 MB
Available Pagefile: 13064.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI106338W0C) (Fixed) (Total:682.64 GB) (Free:579.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 7E17517C)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

==================== End Of Log ============================



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 AM

Posted 11 May 2014 - 09:34 PM

Thanks Steve, now please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [wscfe] => rundll32.exe "C:\Users\Steven\AppData\Roaming\wscfe.dll",PSTGetData <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [ronwi] => "C:\Windows\System32\rundll32.exe" "C:\Users\Steven\AppData\Roaming\ronwi.dll",SetObject <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [MigWiz] => rundll32.exe "C:\Users\Steven\AppData\Local\Opera\MigWiz\ewpgjd.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-4078917017-1294288483-172199226-1000\...\Run: [bgespi] => "C:\Windows\System32\rundll32.exe" "C:\Users\Steven\AppData\Roaming\bgespi.dll",FromReadWriteObject <===== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Please download and run Microsoft Fix it 50688 to fix a non-malware related technical issue with Windows.

===================================================

ListParts by Farbar for 64 bit Systems

--------------------
  • Please download ListParts64.exe (for 64 bit systems), or and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Did the Microsoft Fixit run properly?
  • Result log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 AM

Posted 15 May 2014 - 08:44 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:15 AM

Posted 18 May 2014 - 09:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users