# Windows 7- I.E. Shuts Down when try to Print



## tenntod (Mar 17, 2013)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4002 Mb
Graphics Card: Intel(R) HD Graphics Family, 1809 Mb
Hard Drives: C: Total - 593551 MB, Free - 454028 MB;
Motherboard: TOSHIBA, PEQAA
Antivirus: Kaspersky Internet Security, Updated and Enabled

I'm running Windows 7 Home Premium 64 Bit on a Toshiba laptop. When I try to print anything from the internet when using Internet Explorer 10 it causes a shut down and reboot. I also have Firefox loaded on this computer. I have no problems printing anything from the internet when using Firefox.
Thank you in advance for any help you may provide.


----------



## etaf (Oct 2, 2003)

try doing a repair install http://support.microsoft.com/kb/923737 or re-instal
http://support.microsoft.com/kb/318378


----------



## Mark1956 (May 7, 2011)

As you don't have a problem when printing from Firefox I think it is highly likely the problem is within IE10, possibly an incompatibility issue. Running a Repair Install or a full re-install of Windows may well fix the problem but there are a couple of things that I would suggest trying first. If IE10 is the problem then reinstalling Windows is not going to fix it.

Did you update Internet Explorer or did it happen without your intervention? Was the problem apparent before it upgraded to IE10?

Try uninstalling IE10 to revert back to IE9 and see if the problem persists.

Please follow this guide: How to install or uninstall IE10 in Windows 7

Before you do that, please also try and print something from within IE10 so that the error is logged, then immediately run this program below so we can see if any specific error is recorded in the log, this may show us what the problem is.

Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop: Event Veiwer


For XP operating sysetms double-click VEW.exe For later operating systems right-click VEW.exe and select "Run As Administrator".
Under "Select log to query", select:

*Application
System*
Under "Select type to list", select:

*Error
Warning*
Click the radio button for "Number of events"
Type 10 in the 1 to 20 box
Then click the Run button.

Notepad will open with the output log. Please copy and paste the contents into your next reply.


----------



## flavallee (May 12, 2002)

Not to get off the subject here, but the final version of *Internet Explorer 11* is available for Windows 7.

I'm using it in my Windows 7 computers and have printed several items from the internet with no issues.

----------------------------------------------------------


----------



## Mark1956 (May 7, 2011)

Quite correct Frank, but I wanted to try and establish what is causing the problem and if it is directly related to IE10 before considering an update to IE11.


----------



## flavallee (May 12, 2002)

Mark:

I'm just mentioning that option and not trying to interfere here.

----------------------------------------------------------


----------



## Mark1956 (May 7, 2011)

Not a problem :up:.


----------



## Mark1956 (May 7, 2011)

Tenntod, please look back at post 3, follow the instructions and answer my questions and we will see how it goes.


----------



## tenntod (Mar 17, 2013)

I'm sorry I took so long to respond. I was not able to get on my computer until tonight. I tried to install Event Viewer and was not able to. I tried again to print something from IE10 and it continues to shut down. Please advise what steps you want me to take moving forward.
Sincerely,
Tenntod


----------



## Mark1956 (May 7, 2011)

No problem with the delay.

It isn't at all clear why you had an issue with VEW, you say you tried to install it, but this is a stand alone program that does not install into Windows. What exactly was the problem with it? You must not forget I cannot see what is happening at your end so the more information you give me the easier it is to help, just saying that you could not do something tells me very little.

In post 3 I also asked a question which you have not answered and made a suggestion to try uninstalling IE10 which you have made no response to.


----------



## tenntod (Mar 17, 2013)

Dear Mark,


I clicked on the link Event Viewer today and followed the instructions. A window popped up saying it couldn't find the file. Then a blank notepad window opened. I have not gone any further with your instructions because I wanted to let you know about this problem first. I did try to print something from IE10 and got the same thing I've been getting which is IE shuts down.


----------



## Mark1956 (May 7, 2011)

Are you seeing the VEW box open so that you are able to make the selections in the instructions.

You still have not responded to this:



> In post 3 I also asked a question which you have not answered and made a suggestion to try uninstalling IE10 which you have made no response to.


----------



## tenntod (Mar 17, 2013)

Dear Mark,

Yes I did see the VEW box open and I typed in what you told me to in the boxes. But I still got the blank notepad. No, I have not tried to uninstall IE10 as yet because I've had the problems I've mentioned. If you want me to uninstall IE10 before we solve this other problem with the Event Viewer, please let me know. And, I apologize for not doing everything you've asked me to do. I'm a bit of a novice.

I might need to place this in a different area of the techguy website. But, I somehow got what is called wedownload manager pro on this computer. I cannot delete it from the control panel uninstall page. It appears to show when I open Firefox. When it does I get all kinds of advertisement pop ups. I don't know if this is causing any problems in IE10 though. Please advise how I uninstall it off my computer, or should I post it in a different place on the techguy website? Thank You.


----------



## Mark1956 (May 7, 2011)

WeDownload manager pro is Adware, this might be the cause of your problem. We shall concentrate on removing that first then see how things are. Did you ever click on any of the pop up adverts that this Adware produced?

Are there any other performance issues which you have not yet mentioned?

You needn't start another thread, I shall have this moved to the Malware forum. From that point on only Malware staff will be able to post advice. Please don't do anything on your PC that I have not asked you to do and make sure you respond to any questions I post in order to get a quick resolution.

Please run this scan and post the log.

Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop: 

You will then see the screen below, click on the *Scan* button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the *Clean* button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


----------



## tenntod (Mar 17, 2013)

Dear Mark,

Below is the log from running the ADWCleaner. I want to mention that it did not give me an option to save it to my desktop, but it worked just fine. I'm running IE11 as you can see, not 10 like I thought. After running the ADWCleaner I tried to print an email and IE shut down like it has been doing.

I have not at anytime clicked on any ad that popped up from the adware wedownload manager pro. I will stop at this point and wait your further instruction. Thank you very much for helping me.

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\prefs.js ]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.expiration", "Sat Dec 28 2013 13:01:39 GMT-0800 (Pacific Standard Ti[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration", "Fri Jan 03 2014 13:01:39 GMT-0800 (Pacific Sta[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Sat Dec 28 2013 13:01:39 GMT-0800 (Pacific Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1432d6b7f96dd8d0e2ff0ae70d4b106b");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : keyword
*************************
AdwCleaner[R0].txt - [5430 octets] - [10/09/2013 22:53:17]
AdwCleaner[R1].txt - [5494 octets] - [11/09/2013 13:11:36]
AdwCleaner[R2].txt - [6376 octets] - [28/12/2013 21:42:18]
AdwCleaner[S0].txt - [11130 octets] - [11/09/2013 13:12:51]
AdwCleaner[S1].txt - [6145 octets] - [28/12/2013 21:45:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6205 octets] ##########


----------



## Mark1956 (May 7, 2011)

Ok, you have not posted the entire Adwcleaner log, only the bottom half of it, so I cannot see all that it removed. I can see you already had this program installed and first used it on 10th September.

The logs are saved on your C: drive in the Adwcleaner folder.

Please open the Adwcleaner folder, double click on the log with this name AdwCleaner[S1], then click on the text and press the Control (Ctrl) and the A key on your keyboard at the same time. All the text will turn blue. Right click on any part of the blue text and select Copy. Then come back here and right click in the message box and select Paste, the log will appear, click on Post Click Reply to submit the post.

When done please run Adwcleaner again, click on the scan button followed by the Clean button once the scan has finished, allow the system to reboot and use the instructions above to copy the entire log that will appear. Post that log also.

If you are ever prompted to update Adwcleaner when you run it please allow it to do so.


----------



## tenntod (Mar 17, 2013)

# AdwCleaner v3.016 - Report created 28/12/2013 at 21:45:14
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC2AAVI7\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\Program Files (x86)\weDownload Manager Pro
Folder Deleted : C:\Users\Owner\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\searchplugins\conduit-search.xml
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{30CBDB40-5B21-481B-A09B-F87CEF73F020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{952EEDFD-A98B-4670-9BDD-3634C8846FC1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\weDownload Manager Pro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload Manager Pro
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\prefs.js ]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.expiration", "Sat Dec 28 2013 13:01:39 GMT-0800 (Pacific Standard Ti[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration", "Fri Jan 03 2014 13:01:39 GMT-0800 (Pacific Sta[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Sat Dec 28 2013 13:01:39 GMT-0800 (Pacific Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1432d6b7f96dd8d0e2ff0ae70d4b106b");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : keyword
*************************
AdwCleaner[R0].txt - [5430 octets] - [10/09/2013 22:53:17]
AdwCleaner[R1].txt - [5494 octets] - [11/09/2013 13:11:36]
AdwCleaner[R2].txt - [6376 octets] - [28/12/2013 21:42:18]
AdwCleaner[S0].txt - [11130 octets] - [11/09/2013 13:12:51]
AdwCleaner[S1].txt - [6145 octets] - [28/12/2013 21:45:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6205 octets] ##########


----------



## tenntod (Mar 17, 2013)

# AdwCleaner v3.016 - Report created 31/12/2013 at 19:39:26
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\prefs.js ]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.expiration", "Wed Jan 01 2014 02:15:45 GMT-0800 (Pacific Standard Ti[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration", "Tue Jan 07 2014 02:15:46 GMT-0800 (Pacific Sta[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Wed Jan 01 2014 02:15:46 GMT-0800 (Pacific Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [5430 octets] - [10/09/2013 22:53:17]
AdwCleaner[R1].txt - [5494 octets] - [11/09/2013 13:11:36]
AdwCleaner[R2].txt - [6376 octets] - [28/12/2013 21:42:18]
AdwCleaner[R3].txt - [3149 octets] - [31/12/2013 19:38:17]
AdwCleaner[S0].txt - [11130 octets] - [11/09/2013 13:12:51]
AdwCleaner[S1].txt - [6321 octets] - [28/12/2013 21:45:14]
AdwCleaner[S2].txt - [3088 octets] - [31/12/2013 19:39:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3148 octets] ##########


----------



## Mark1956 (May 7, 2011)

We may have to take further action to get rid of the Crossrider Adware, please run the JRT scan below and post the log, then run Adwcleaner again and post the new log from that.

Please download Junkware Removal Tool  to your desktop.


Shutdown your antivirus to avoid any conflicts.
Right-mouse click JRT.exe and select Run as administrator *(If using XP just double click on the icon to run it.)*
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## tenntod (Mar 17, 2013)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Wed 01/01/2014 at 16:37:07.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9258CEB7-F77E-41A3-97AA-C15AF06C972A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{a3c7f059-87bf-105b-8fe8-c45a7615290e}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CC445537-8BE3-4995-AA85-3C327888F5F4}

~~~ FireFox
Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\mzg8cnb7.default-1370897875420\extensions\[email protected]8ecae1906.com
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\mzg8cnb7.default-1370897875420\minidumps [64 files]

~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/01/2014 at 16:42:58.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.016 - Report created 01/01/2014 at 16:59:18
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\prefs.js ]

-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [5430 octets] - [10/09/2013 22:53:17]
AdwCleaner[R1].txt - [5494 octets] - [11/09/2013 13:11:36]
AdwCleaner[R2].txt - [6376 octets] - [28/12/2013 21:42:18]
AdwCleaner[R3].txt - [3149 octets] - [31/12/2013 19:38:17]
AdwCleaner[R4].txt - [1334 octets] - [01/01/2014 16:58:32]
AdwCleaner[S0].txt - [11130 octets] - [11/09/2013 13:12:51]
AdwCleaner[S1].txt - [6321 octets] - [28/12/2013 21:45:14]
AdwCleaner[S2].txt - [3228 octets] - [31/12/2013 19:39:26]
AdwCleaner[S3].txt - [1255 octets] - [01/01/2014 16:59:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1315 octets] ##########


----------



## Mark1956 (May 7, 2011)

We now have a clean log, is the printing problem still there?


----------



## tenntod (Mar 17, 2013)

Yes, whenever I try to print something when using Internet Explorer it shuts down. I can however print everything when using Firefox.


----------



## Mark1956 (May 7, 2011)

Ok, lets run a scan on your system to show us what is on there, this will also give us the error logs which may help to identify the cause.

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to disclaimer.
Press the*Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## tenntod (Mar 17, 2013)

I'm going to post the two logs for you but I have a question. I downloaded and ran the scan tool using Firefox. is that okay or should I download and run it using Internet Explorer too. Here are the logs

Sincerely,
tenntod

Com C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AOL Toolbar (HKCU Version: - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (x32 Version: 6.4.0.9 - )
Canon Camera Window MC 6 for ZoomBrowser EX (x32 Version: 6.3.0.8 - )
Canon G.726 WMP-Decoder (x32 Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 2.4.0.14 - )
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.6.0.13 - )
Canon RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.7.0.8 - )
Canon Utilities PhotoStitch (x32 Version: 3.1.19.43 - )
Canon Utilities ZoomBrowser EX (x32 Version: 5.8.0.74 - )
CCleaner (Version: 3.25 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Product Detection (x32 Version: 11.15.0004 - HP)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2430 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004 - Intel Corporation)
Intel(R) WiDi (x32 Version: 2.1.42.0 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-01-2014
Ran by Owner (administrator) on OWNER-PC on 09-01-2014 23:01:13
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\System32\lxdpcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe


----------



## Mark1956 (May 7, 2011)

It makes no difference which browser you use to download the FRST.

You have only posted a small section from the FRST.txt and Addition.txt logs. Please post both the logs again and make sure you copy the entire log, this following guide should help.

Open the saved log by double clicking on it.
Click on the log so the cursor appears on it.
Press down the Control(Ctrl) and A keys at the same time, all the text should turn blue.
Right click on the blue area and select Copy from the pop up menu.
Come back here and right click in the Message box and select Paste.
The log should appear in the box. Add any comments or replies to any questions asked and submit the post.


----------



## tenntod (Mar 17, 2013)

Dear Mark,

Being a novice I think I blew it by deleting those two logs after sending what I thought was the complete logs. I ran the scan again and the FRST.txt log came up by not the Addition.txt log. Can you tell me where the first Addition.txt log might be stored on my computer?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 01
Ran by Owner (administrator) on OWNER-PC on 10-01-2014 21:11:23
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\System32\lxdpcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid fdf7cdc8e5a747d0807f0d47e7a5e5b4-34df4124311971fa58557d1b1d108ea2519a20d8 --CMPID 0913a
HKCU\...\Policies\system: [DisableLockWorkstation] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - DefaultScope {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS477
SearchScopes: HKCU - {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS477
SearchScopes: HKCU - {5EB07BDA-DAA9-43E9-9508-0BAD4693CEC6} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgrameFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: http:\/\/www.google.com
CHR RestoreOnStartup: "http:\/\/www.google.com"
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http:\/\/www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Liveu0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (weDownload Manager Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S3 lxcg_device; C:\Windows\system32\lxcgcoms.exe [451584 2005-07-25] ( )
R2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-09-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-09-18] (Kaspersky Lab ZAO)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 gfiark; system32\drivers\gfiark.sys [x]
S1 hlnfd; system32\drivers\hlnfd.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-09-18] (Kaspersky Lab ZAO)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-10 21:11 - 2014-01-10 21:11 - 00000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2014-01-09 23:01 - 2014-01-10 21:11 - 00023900 _____ C:\Users\Owner\Downloads\FRST.txt
2014-01-09 23:01 - 2014-01-09 23:08 - 00031700 _____ C:\Users\Owner\Downloads\Addition.txt
2014-01-09 22:59 - 2014-01-10 21:11 - 00000000 ____D C:\FRST
2014-01-09 22:58 - 2014-01-10 21:11 - 02076160 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-01-08 08:24 - 2014-01-08 08:25 - 00270416 _____ C:\Windows\Minidump\010814-20139-01.dmp
2014-01-08 08:24 - 2014-01-08 08:24 - 553218876 _____ C:\Windows\MEMORY.DMP
2014-01-06 01:34 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-06 01:34 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-06 01:34 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-06 01:34 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-06 01:34 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-06 01:34 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-06 01:34 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-02 23:38 - 2014-01-02 23:38 - 00560388 _____ C:\Users\Owner\Downloads\Attachments_2014_01_2.zip
2014-01-01 21:47 - 2014-01-01 21:47 - 00001609 _____ C:\Users\Owner\Downloads\this_message_in_html.html
2014-01-01 16:35 - 2014-01-01 16:36 - 01036305 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-01-01 13:51 - 2014-01-10 20:42 - 00002240 _____ C:\Windows\setupact.log
2014-01-01 13:51 - 2014-01-01 13:51 - 00000000 _____ C:\Windows\setuperr.log
2013-12-28 21:53 - 2013-12-28 21:53 - 01233962 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2013-12-27 12:58 - 2013-12-27 12:58 - 00000653 _____ C:\Users\Public\Desktop\PDF To Excel Converter.lnk
2013-12-27 12:58 - 2013-12-27 12:58 - 00000000 ____D C:\PDFToExcelConverter
2013-12-26 22:59 - 2013-12-26 23:00 - 00000000 ____D C:\Program Files (x86)\Payroll Income Documents Generator
2013-12-26 22:59 - 2013-12-26 22:59 - 06728256 _____ (Payroll Documents LLC) C:\Users\Owner\Downloads\winversion.exe
2013-12-26 22:50 - 2013-12-26 22:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis_exe
2013-12-26 22:38 - 2013-12-26 22:39 - 00061440 _____ ( ) C:\Users\Owner\Downloads\VEW_exe
2013-12-26 22:18 - 2013-12-26 22:18 - 00003162 _____ C:\Windows\System32\Tasks\{54848757-9494-4ECC-8FA6-47CBB927C8F1}
2013-12-25 22:02 - 2013-12-25 22:03 - 00176952 _____ (Rapiddown) C:\Users\Owner\Downloads\Setup(2).exe
2013-12-25 22:02 - 2013-12-25 22:02 - 00176952 _____ (Rapiddown) C:\Users\Owner\Downloads\Setup(1).exe
2013-12-25 21:39 - 2014-01-10 20:42 - 00001282 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-25 21:39 - 2013-12-25 21:39 - 00004312 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-25 21:38 - 2014-01-10 20:42 - 00002288 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-25 21:38 - 2014-01-10 20:42 - 00002012 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-25 21:37 - 2013-12-25 21:37 - 00508240 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\ie6setupOe{1}.exe
2013-12-25 21:36 - 2013-12-25 21:36 - 00524384 _____ C:\Users\Owner\Downloads\outlook express setup(1).exe
2013-12-20 14:33 - 2013-12-26 22:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 19:17 - 2013-12-18 19:17 - 00033676 _____ C:\Users\Owner\Downloads\attachment
2013-12-12 00:22 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 00:22 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 00:22 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 00:22 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 00:21 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 00:21 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 00:21 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 00:21 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 00:21 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 00:21 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 00:21 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 00:21 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 00:21 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 00:21 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 00:21 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:21 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 00:21 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 00:21 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 00:21 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 00:21 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 00:21 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 00:21 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 00:21 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 00:21 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 00:21 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 00:21 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 00:21 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 00:21 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 00:21 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 00:21 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 00:21 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 00:21 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 00:21 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 00:21 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 00:21 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 10:24 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 10:24 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 10:24 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 10:24 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 10:24 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 10:24 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 10:24 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 10:24 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 10:24 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 10:23 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 10:23 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 10:23 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 10:23 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 10:23 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 10:23 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 10:23 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 10:23 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 10:23 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 10:23 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-10 21:11 - 2014-01-10 21:11 - 00000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2014-01-10 21:11 - 2014-01-09 23:01 - 00023900 _____ C:\Users\Owner\Downloads\FRST.txt
2014-01-10 21:11 - 2014-01-09 22:59 - 00000000 ____D C:\FRST
2014-01-10 21:11 - 2014-01-09 22:58 - 02076160 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-01-10 20:59 - 2013-09-18 17:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-10 20:50 - 2009-07-13 20:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 20:50 - 2009-07-13 20:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 20:44 - 2012-05-29 18:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2014-01-10 20:42 - 2014-01-01 13:51 - 00002240 _____ C:\Windows\setupact.log
2014-01-10 20:42 - 2013-12-25 21:39 - 00001282 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2014-01-10 20:42 - 2013-12-25 21:38 - 00002288 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2014-01-10 20:42 - 2013-12-25 21:38 - 00002012 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2014-01-10 20:42 - 2013-05-05 18:26 - 00000095 _____ C:\Users\Owner\.accessibility.properties
2014-01-10 20:42 - 2012-03-28 16:00 - 00000000 ____D C:\Users\Owner
2014-01-10 20:42 - 2012-01-25 19:08 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-10 20:42 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 15:01 - 2012-08-18 21:00 - 01245359 _____ C:\Windows\WindowsUpdate.log
2014-01-10 14:35 - 2013-03-15 19:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 14:23 - 2012-01-25 19:08 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-09 23:08 - 2014-01-09 23:01 - 00031700 _____ C:\Users\Owner\Downloads\Addition.txt
2014-01-08 08:25 - 2014-01-08 08:24 - 00270416 _____ C:\Windows\Minidump\010814-20139-01.dmp
2014-01-08 08:24 - 2014-01-08 08:24 - 553218876 _____ C:\Windows\MEMORY.DMP
2014-01-08 08:24 - 2013-03-17 12:05 - 00000000 ____D C:\Windows\Minidump
2014-01-07 13:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-02 23:38 - 2014-01-02 23:38 - 00560388 _____ C:\Users\Owner\Downloads\Attachments_2014_01_2.zip
2014-01-02 23:17 - 2009-07-13 21:08 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-01 21:47 - 2014-01-01 21:47 - 00001609 _____ C:\Users\Owner\Downloads\this_message_in_html.html
2014-01-01 16:59 - 2013-09-10 22:53 - 00000000 ____D C:\AdwCleaner
2014-01-01 16:36 - 2014-01-01 16:35 - 01036305 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-01-01 13:51 - 2014-01-01 13:51 - 00000000 _____ C:\Windows\setuperr.log
2013-12-31 19:37 - 2012-04-08 15:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Games
2013-12-30 23:24 - 2012-06-07 09:08 - 00000000 ___HD C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2013-12-30 22:45 - 2012-06-07 08:58 - 00000000 ___HD C:\ProgramData\ZoomBrowser
2013-12-29 22:24 - 2013-05-22 15:19 - 00003284 ____H C:\Users\Owner\Desktop\ZbThumbnail.info
2013-12-28 21:53 - 2013-12-28 21:53 - 01233962 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2013-12-27 18:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-12-27 15:19 - 2012-03-28 16:01 - 00000000 ___HD C:\Users\Owner\AppData\Local\VirtualStore
2013-12-27 12:58 - 2013-12-27 12:58 - 00000653 _____ C:\Users\Public\Desktop\PDF To Excel Converter.lnk
2013-12-27 12:58 - 2013-12-27 12:58 - 00000000 ____D C:\PDFToExcelConverter
2013-12-26 23:00 - 2013-12-26 22:59 - 00000000 ____D C:\Program Files (x86)\Payroll Income Documents Generator
2013-12-26 22:59 - 2013-12-26 22:59 - 06728256 _____ (Payroll Documents LLC) C:\Users\Owner\Downloads\winversion.exe
2013-12-26 22:51 - 2013-12-26 22:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis_exe
2013-12-26 22:39 - 2013-12-26 22:38 - 00061440 _____ ( ) C:\Users\Owner\Downloads\VEW_exe
2013-12-26 22:18 - 2013-12-26 22:18 - 00003162 _____ C:\Windows\System32\Tasks\{54848757-9494-4ECC-8FA6-47CBB927C8F1}
2013-12-26 22:16 - 2013-12-20 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-26 01:46 - 2013-04-05 17:06 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-12-25 22:03 - 2013-12-25 22:02 - 00176952 _____ (Rapiddown) C:\Users\Owner\Downloads\Setup(2).exe
2013-12-25 22:02 - 2013-12-25 22:02 - 00176952 _____ (Rapiddown) C:\Users\Owner\Downloads\Setup(1).exe
2013-12-25 21:39 - 2013-12-25 21:39 - 00004312 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-25 21:37 - 2013-12-25 21:37 - 00508240 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\ie6setupOe{1}.exe
2013-12-25 21:36 - 2013-12-25 21:36 - 00524384 _____ C:\Users\Owner\Downloads\outlook express setup(1).exe
2013-12-21 13:00 - 2013-04-15 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-18 19:17 - 2013-12-18 19:17 - 00033676 _____ C:\Users\Owner\Downloads\attachment
2013-12-15 13:13 - 2013-08-14 10:24 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 13:11 - 2012-03-29 08:58 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 19:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 09:15 - 2009-07-13 21:13 - 00767080 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 09:10 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 09:09 - 2009-07-13 20:45 - 00418856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 00:22 - 2012-05-27 16:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 00:52 - 2012-08-02 14:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-12-11 00:52 - 2012-06-19 16:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys

ZeroAccess:
C:\Users\Owner\AppData\Local\{a3c7f059-87bf-105b-8fe8-c45a7615290e}

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-09 14:09

==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

FRST only produces one log after it has been run for the first time. The log above shows there is still an infected file in the system and there are a few more items that need to be removed, follow the instructions below. Once complete please run FRST again, when the FRST window pops up put a check mark next to Addition.txt, it will then produce two new logs, please post them both.

I can also see in the log that you had a Blue screen crash on the 8th January, seeing the crash dump may help to identify the cause and this might be related to the print/IE problem. Follow the instructions at the bottom of this post to attach the dump file.

Download the attachment and save it in the same location as FRST (your Download folder).


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.

=====================================================

Please follow this small guide to attach your minidump files so they can be analysed.

First locate your minidump files, open *Windows Explorer* and click on the *C:* drive in the left pane, in the right pane look down the list of folders and double click on *Windows* to view its contents._ *NOTE:* If your operating system is installed under a different drive letter then look there._ Scroll down the contents of the *Windows* folder and look for a folder called *minidump* and double click on it. You should now see the *minidump* files which will have a *.dmp* extension.

Zip up at least 6 of the most recent files into *one* zip folder (if there are less then just zip up what you have).

*NOTE:* To zip up the files in Windows (all versions). Right click the file, click on* Send To*, and then click
*Compressed (zipped) Folder*. That will create a zip folder containing a copy of the file, you should see it appear.

If there is more than one *.dmp* file click on the first one, hold down the shift key and then click on the last one. That should highlight all the files. Then right click in the highlighted area, click on *Send To*, and then click *Compressed (zipped) Folder*.




Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the zip folder you made earlier and click on it so it becomes highlighted and click on *Open.*
Now click on the *Upload* button. Wait for the Upload to complete, it will appear just below the *Browse* box.
When done, click on the *Close this window* button at the top of the page.
Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## tenntod (Mar 17, 2013)

Dear Mark,

I had a problem when following your instructions with the minidump file. I followed your instructions to the letter bur got different results. I opened the .dmp extension and tried to compress in a zip folder but got a error message that read, DMP File compressed File not Found or no read permission. I stopped everything at this point and I'm writing you regarding the errors.

Please advise.


----------



## Mark1956 (May 7, 2011)

That will be a permissions problem so you need to take ownership of each file in turn, as follows.

Follow this guide: Add "Take ownership" to right click menu Once this is done you can simply right click on a file/folder and select Take Ownership from the right click menu.


----------



## tenntod (Mar 17, 2013)

Dear Mark,

It's been so long since I posted here I'm not sure I'm providing you with the information you want. I hope I've started in the right place and the FRST log below is where I need to re-start. f it is not please direct me on what to do.
Sincerely,
Tennod

2014-02-03 23:20 - 2014-02-03 23:20 - 02080256 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-02-03 12:55 - 2014-02-03 12:55 - 514171738 _____ () C:\Windows\MEMORY.DMP
2014-02-03 12:55 - 2014-02-03 12:55 - 00270416 _____ () C:\Windows\Minidump\020314-30685-01.dmp
2014-02-02 22:56 - 2014-02-02 22:56 - 00000568 _____ () C:\Windows\PFRO.log
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-02 22:30 - 2014-02-02 22:30 - 01649256 _____ (SafeInstall, LLC) C:\Users\Owner\Downloads\mediaplayer.exe
2014-02-02 22:07 - 2014-02-02 22:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\Java
2014-02-02 21:56 - 2014-02-02 21:57 - 21646856 _____ () C:\Users\Owner\Downloads\homestream-2.0-win-setup.exe
2014-02-01 23:25 - 2014-02-01 23:25 - 13079688 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
2014-02-01 13:09 - 2014-02-01 13:09 - 00847312 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthSetup(1).exe
2014-01-30 18:21 - 2014-02-03 21:59 - 00001680 _____ () C:\Windows\setupact.log
2014-01-30 18:21 - 2014-01-30 18:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-26 22:11 - 2014-01-26 22:51 - 00000000 ____D () C:\Users\Owner\Documents\Apowersoft Free Audio Recorder
2014-01-26 22:11 - 2014-01-26 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apowersoft
2014-01-26 22:11 - 2014-01-26 22:11 - 00930440 _____ (CNET Download.com) C:\Users\Owner\Downloads\cbsidlm-cbsi176-Apowersoft_Free_Audio_Recorder-SEO-75959668(1).exe
2014-01-26 22:11 - 2014-01-26 22:11 - 00001387 _____ () C:\Users\Public\Desktop\Apowersoft Free Audio Recorder.lnk
2014-01-26 22:11 - 2014-01-26 22:11 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-01-26 22:10 - 2014-01-26 22:12 - 00000242 _____ () C:\Windows\wininit.ini
2014-01-26 22:09 - 2014-01-27 09:30 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-01-26 22:08 - 2014-01-26 22:08 - 00930440 _____ (CNET Download.com) C:\Users\Owner\Downloads\cbsidlm-cbsi176-Apowersoft_Free_Audio_Recorder-SEO-75959668.exe
2014-01-21 22:26 - 2014-01-21 22:26 - 00000000 ____D () C:\Program Files (x86)\BearShare Applications
2014-01-21 22:20 - 2014-01-21 22:20 - 01537968 _____ (Musiclab, LLC) C:\Users\Owner\Downloads\BearShareSetup-r1239-w-bf.exe
2014-01-18 22:34 - 2014-01-18 22:34 - 00002892 _____ () C:\Users\Owner\Downloads\1960_05_22.kml
2014-01-15 09:50 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:50 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 09:50 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 13:12 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-14 13:12 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-14 13:12 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-14 13:12 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-14 13:11 - 2014-01-14 13:12 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-10 21:11 - 2014-01-11 22:59 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-01-09 23:01 - 2014-01-09 23:08 - 00031700 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-01-09 22:59 - 2014-02-03 23:21 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-02-03 23:21 - 2014-02-03 23:21 - 00025205 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-02-03 23:21 - 2014-01-09 22:59 - 00000000 ____D () C:\FRST
2014-02-03 23:20 - 2014-02-03 23:20 - 02080256 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-02-03 22:35 - 2013-03-15 19:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 22:23 - 2012-01-25 19:08 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 22:11 - 2013-09-18 17:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-03 21:59 - 2014-01-30 18:21 - 00001680 _____ () C:\Windows\setupact.log
2014-02-03 21:57 - 2012-03-28 16:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-02-03 21:54 - 2013-06-05 08:51 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 21:54 - 2012-08-18 21:00 - 01889115 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 21:54 - 2012-05-29 18:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-02-03 21:52 - 2013-12-25 21:39 - 00001282 _____ () C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2014-02-03 21:52 - 2013-12-25 21:38 - 00002288 _____ () C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2014-02-03 21:52 - 2013-12-25 21:38 - 00002012 _____ () C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2014-02-03 20:36 - 2009-07-13 20:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:36 - 2009-07-13 20:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:29 - 2013-05-05 18:26 - 00000095 _____ () C:\Users\Owner\.accessibility.properties
2014-02-03 20:29 - 2012-03-28 16:00 - 00000000 ____D () C:\Users\Owner
2014-02-03 20:29 - 2012-01-25 19:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 20:29 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 12:55 - 2014-02-03 12:55 - 514171738 _____ () C:\Windows\MEMORY.DMP
2014-02-03 12:55 - 2014-02-03 12:55 - 00270416 _____ () C:\Windows\Minidump\020314-30685-01.dmp
2014-02-03 12:55 - 2013-03-17 12:05 - 00000000 ____D () C:\Windows\Minidump
2014-02-03 11:49 - 2009-07-13 21:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-02 22:56 - 2014-02-02 22:56 - 00000568 _____ () C:\Windows\PFRO.log
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-02 22:35 - 2012-03-28 16:02 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 22:30 - 2014-02-02 22:30 - 01649256 _____ (SafeInstall, LLC) C:\Users\Owner\Downloads\mediaplayer.exe
2014-02-02 22:07 - 2014-02-02 22:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\Java
2014-02-02 21:57 - 2014-02-02 21:56 - 21646856 _____ () C:\Users\Owner\Downloads\homestream-2.0-win-setup.exe
2014-02-01 23:25 - 2014-02-01 23:25 - 13079688 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
2014-02-01 13:09 - 2014-02-01 13:09 - 00847312 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthSetup(1).exe
2014-02-01 08:02 - 2012-06-07 09:08 - 00000000 ___HD () C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2014-01-30 18:24 - 2009-07-13 21:13 - 00767080 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-30 18:21 - 2014-01-30 18:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-27 09:30 - 2014-01-26 22:09 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-01-26 22:51 - 2014-01-26 22:11 - 00000000 ____D () C:\Users\Owner\Documents\Apowersoft Free Audio Recorder
2014-01-26 22:17 - 2014-01-26 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apowersoft
2014-01-26 22:12 - 2014-01-26 22:10 - 00000242 _____ () C:\Windows\wininit.ini
2014-01-26 22:11 - 2014-01-26 22:11 - 00930440 _____ (CNET Download.com) C:\Users\Owner\Downloads\cbsidlm-cbsi176-Apowersoft_Free_Audio_Recorder-SEO-75959668(1).exe
2014-01-26 22:11 - 2014-01-26 22:11 - 00001387 _____ () C:\Users\Public\Desktop\Apowersoft Free Audio Recorder.lnk
2014-01-26 22:11 - 2014-01-26 22:11 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-01-26 22:08 - 2014-01-26 22:08 - 00930440 _____ (CNET Download.com) C:\Users\Owner\Downloads\cbsidlm-cbsi176-Apowersoft_Free_Audio_Recorder-SEO-75959668.exe
2014-01-23 20:55 - 2013-04-05 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-01-21 23:18 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-21 22:26 - 2014-01-21 22:26 - 00000000 ____D () C:\Program Files (x86)\BearShare Applications
2014-01-21 22:20 - 2014-01-21 22:20 - 01537968 _____ (Musiclab, LLC) C:\Users\Owner\Downloads\BearShareSetup-r1239-w-bf.exe
2014-01-18 22:34 - 2014-01-18 22:34 - 00002892 _____ () C:\Users\Owner\Downloads\1960_05_22.kml
2014-01-15 15:53 - 2009-07-13 20:45 - 00418856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 12:12 - 2012-05-27 16:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 12:11 - 2013-08-14 10:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 12:09 - 2012-03-29 08:58 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 13:12 - 2014-01-14 13:11 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-14 13:12 - 2011-11-21 20:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-14 13:10 - 2013-10-20 15:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-11 22:59 - 2014-01-10 21:11 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-01-09 23:08 - 2014-01-09 23:01 - 00031700 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-01-07 13:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF

ZeroAccess:
C:\Users\Owner\AppData\Local\{a3c7f059-87bf-105b-8fe8-c45a7615290e}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 19:00

==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

All you have posted is the bottom end of an FRST log which still shows the ZeroAccess Rootkit infection.

You need to go back and follow the instructions I gave in post 27.

You need to run the fix using the attached file and then post the fixlog.txt report.
Then run FRST again and put a check mark next to Addition.txt so it produces both logs.
Then complete the instructions to post the minidump file after following the instructions in post 29 so you can access it.


----------



## tenntod (Mar 17, 2013)

Dear Mark,

I'm doing the best I can to follow your instructions but I'm having a hard time getting the second half of post #27 done for you. When I pull up the .dmp extension I get a error that reads file not found or no read permission. So, if I remember right that had to do with the Take ownership. I thought I followed those instructions to the letter. Would you have any idea what I'm doing wrong? In the meantime here is what have been able to complete and post for you. I apologize for my difficulties, if you have any suggestions as to what I'm doing wrong please let me know.

Sincerely,
Ted

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2014
Ran by Owner at 2014-02-04 19:11:22 Run:1
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid fdf7cdc8e5a747d0807f0d47e7a5e5b4-34df4124311971fa58557d1b1d108ea2519a20d8 --CMPID 0913a
HKCU\...\Policies\system: [DisableLockWorkstation] 0
CHR DefaultSearchProvider: Conduit Search
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plug in/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plug in/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plug in/content_blocker_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plug in/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plug in/npVKPlugin.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSk ypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugi ns/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugi ns/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugi ns/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Owner\AppData\Local\{a3c7f059-87bf-105b-8fe8-c45a7615290e}
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913a => Value deleted successfully.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plug in/online_banking_npapi.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plug in/npUrlAdvisor.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plug in/content_blocker_npapi.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plug in/npABPlugin.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plug in/npVKPlugin.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSk ypeChromePlugin.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugi ns/ConduitChromeApiPlugin.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugi ns/np-cwmp.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugi ns/ChromeApproveTBPlugin.dll not found.
C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\Owner\AppData\Local\{a3c7f059-87bf-105b-8fe8-c45a7615290e} => Moved successfully.

==== End of Fixlog ====


----------



## tenntod (Mar 17, 2013)

Mark,

Here is the fix.list log I forgot to post that in my last post.

HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid fdf7cdc8e5a747d0807f0d47e7a5e5b4-34df4124311971fa58557d1b1d108ea2519a20d8 --CMPID 0913a
HKCU\...\Policies\system: [DisableLockWorkstation] 0
CHR DefaultSearchProvider: Conduit Search
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plug in/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plug in/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plug in/content_blocker_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plug in/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plug in/npVKPlugin.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSk ypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugi ns/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugi ns/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugi ns/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Owner\AppData\Local\{a3c7f059-87bf-105b-8fe8-c45a7615290e}


----------



## Mark1956 (May 7, 2011)

You posted the fixlog which is all I needed, you didn't need to post a copy of the fixlist as that is included in the fixlog. You can delete post 33 if the Edit button is still available when you are back here.

It sounds like you still need to take ownership of the .dmp files in order to zip them up and post as an attachment. If you have followed the instructions to add 'Take Ownership' to the right click menu you should find when you right click on any of the .dmp files that 'Take Ownership' is shown in the pop up menu, just select 'Take Ownership' you should then be able to zip up the file.

If you cannot see 'Take Ownership' in the right click menu then you will have to follow the instructions again to add it. post 29.

Please also complete my instructions to post new logs from FRST, post 31.


----------



## tenntod (Mar 17, 2013)

Dear Mark,

I did went back and did the Take Ownership task in #29 post over to the letter and still get the error message that reads file not found or you do not have read permission. I don't want to do anything you don't tell me to do but I've read online that people have trouble Taking Ownership in Windows 7. This all happens when I'm trying to analyze the minidump files. Can you tell me how to resolve this issue? Again, I have followed your instructions 3 times now exactly as it says but I cannot get it correct. I'm sorry to be struggling with this so much. I'm very anxious to get this problems resolved as my computer is running slower than before now. 

Also I realized today that I have an adware issue when opening the Firefox browser. When I click on certain commands from Youtube for example it goes to a blank black screen with a tiny white dot in the center of the screen. The URL reads ad.doubleclick.net. I don't want to follow the removal instructions on the internet for that, because I want to remove it the way you tell me to. 

Sincerely,
Ted


----------



## Mark1956 (May 7, 2011)

Ok, sounds like you have been re-infected with Adware. So, we need to start again with fresh scans and to replace the tools used as they have recently been updated. It will also make it easier for you to change the download location of your browser so the tools get saved to your desktop.

First, from this point on please use Internet Explorer to download any tools used.
Go into your Downloads folder and delete FRST, JRT and Adwcleaner and also delete any logs you find there.

Next, follow this to change the download location in IE and take careful note of the instructions for copying logs to make sure you always send a complete log.

Follow these two sets of instructions to get all tools used saved to the Desktop and how to copy and post the logs asked for.
Please use Internet Explorer for all downloads, but if you prefer to use another browser please ask for the instructions.

*How to change the download location in IE9, 10 or 11.*


Open Internet Explorer.
Press the *CTRL + J* keys simultaneously to open the *View Downloads* window.
Click on Options.
Click on the *Browse* button.
Navigate to and select (highlight) *Desktop* in the left pane, then click on the *Select Folder* button, click on *OK* and shut the remaining window.
Close IE and re-open it for the changes to take effect.

*How to post a log*.
With the log open, hold down the *Control(Ctrl)* and* A* keys on your keyboard at the same time, the log text should turn blue, release the keys. If the text does not change color, left click on the log so the cursor appears on it and try again.
Right click on the blue area and select *Copy* from the pop up menu.
Come back here and right click on the Message box and select *Paste* from the pop up menu, the log should appear.
Type in any comments you wish to add and respond to any questions asked, then submit the post.

==========================================================

I appreciate it isn't always possible due to other commitments, but it will help to speed up the process of cleaning your system if you can continue to give quick responses to my posts. We discovered a Rootkit infection was on your system on 11th January, it then took three weeks before you ran the removal process, this may well have allowed time for the infection to do more damage and this time lapse may also have allowed more infections onto the system. Due to that time lapse we need to start from scratch and run additional scans.

A Rootkit infection can compromise your systems security and as it has been on your system for some time I would recommend you follow this warning:



> If you use this PC for any financial transactions or on-line banking you should inform the companies concerned that your system may have been compromised by a hacker and change all passwords used on a clean machine. Do not use this machine again to log into any accounts or make any on-line purchases until we are sure it is clean.


=========================================================

Please now follow these instructions and take great care when following the instructions to avoid the posting of incorrect or incomplete logs. When you run FRST please make sure as the first window opens that you put a check mark next to Addition.txt so that it creates both of the logs requested. If there is already a check mark in place next to Addition.txt then leave it as it is.

There are a lot of scans to complete here so take your time and complete each one in the order listed. Post the logs in separate posts so you don't exceed the character limit. We will come back and deal with the minidump access problem once we are quite sure the system is clean and any damage done by the Rootkit has been fixed.

Please run these five scans and post all six of the logs requested, FRST produces two logs:

*SCAN 1*
Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note:* If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the*Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.

*SCAN 2*
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop: 

You will then see the screen below, click on the *Scan* button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the *Clean* button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.



*SCAN 3*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs.
Start RogueKiller.exe by double clicking on the icon.
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*










*SCAN 4*
Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and select *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. *Please Copy & Paste the entire log in your next reply.*
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

*SCAN 5*
*DO NOT* reboot, download Malwarebytes from here if you do not already have it: Malwarebytes. Install the program, run it and let it update. If you already have Malwarebytes launch the program.


Select *Perform full scan* and click on the *Scan* button. When the scan completes click on *Show Results*.
If the scan does not find any infections the log will appear as soon as it completes, please Copy & Paste it into your next reply.
If items are detected it will stay on the Scanner window and you will see *Objects detected: 1* (the number may be higher).
Click on *Show Results* and put a check mark next to all the items displayed in the list by clicking on each one in turn *<--- very important*, then click on *Remove Selected*.
The log will appear, Copy & Paste it into your next post.
Click on OK and close the window.


----------



## tenntod (Mar 17, 2013)

Dear mark,

I apologize but I cannot get the AdwCleaner program to download on my computer. Therefore, I'm stopping at this point so I can post two of the logs you've asked for and ask you what I should do next? I turned off the SmartScreen filter as the instructions said to do. I don't want to go on with the other downloads until you instruct me. Btw, I have verified all the old programs were deleted prior to me trying to download any program your asking me to do now.

Sincerely,
Ted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014
Ran by Owner (administrator) on OWNER-PC on 06-02-2014 21:02:28
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRX8RK4Q
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\System32\lxdpcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] - C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1699991964-2536946847-36376121-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1699991964-2536946847-36376121-1000\...\Policies\system: [DisableLockWorkstation] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - DefaultScope {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSNP_enUS477
SearchScopes: HKCU - {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSNP_enUS477
SearchScopes: HKCU - {5EB07BDA-DAA9-43E9-9508-0BAD4693CEC6} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Liveu0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (lookinglink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakbkblgilodacnlnmcoiofdjakliih [2014-02-01]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (weDownload Manager Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2013-12-25]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-13]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S3 lxcg_device; C:\Windows\system32\lxcgcoms.exe [451584 2005-07-25] ( )
R2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-09-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-09-18] (Kaspersky Lab ZAO)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 gfiark; system32\drivers\gfiark.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-09-18] (Kaspersky Lab ZAO)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-02-06 13:06 - 2014-02-06 20:57 - 00000168 _____ () C:\Windows\setupact.log
2014-02-06 13:06 - 2014-02-06 13:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-02 22:30 - 2014-02-02 22:30 - 01649256 _____ (SafeInstall, LLC) C:\Users\Owner\Downloads\mediaplayer.exe
2014-02-02 22:07 - 2014-02-02 22:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\Java
2014-02-02 21:56 - 2014-02-02 21:57 - 21646856 _____ () C:\Users\Owner\Downloads\homestream-2.0-win-setup.exe
2014-02-01 23:25 - 2014-02-01 23:25 - 13079688 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
2014-01-26 22:11 - 2014-01-26 22:51 - 00000000 ____D () C:\Users\Owner\Documents\Apowersoft Free Audio Recorder
2014-01-26 22:11 - 2014-01-26 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apowersoft
2014-01-26 22:11 - 2014-01-26 22:11 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-01-26 22:10 - 2014-01-26 22:12 - 00000242 _____ () C:\Windows\wininit.ini
2014-01-26 22:09 - 2014-01-27 09:30 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-01-21 22:26 - 2014-01-21 22:26 - 00000000 ____D () C:\Program Files (x86)\BearShare Applications
2014-01-15 09:50 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:50 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 09:50 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 13:12 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-14 13:12 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-14 13:12 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-14 13:12 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-14 13:11 - 2014-01-14 13:12 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-09 22:59 - 2014-02-06 21:02 - 00000000 ____D () C:\FRST
==================== One Month Modified Files and Folders =======
2014-02-06 21:02 - 2014-01-09 22:59 - 00000000 ____D () C:\FRST
2014-02-06 20:57 - 2014-02-06 13:06 - 00000168 _____ () C:\Windows\setupact.log
2014-02-06 20:55 - 2012-08-18 21:00 - 02058340 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 20:35 - 2013-03-15 19:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 20:23 - 2012-01-25 19:08 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 19:59 - 2013-09-18 17:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-06 17:59 - 2013-12-20 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 17:45 - 2012-05-29 18:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-02-06 17:40 - 2009-07-13 20:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 17:40 - 2009-07-13 20:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 17:32 - 2013-12-25 21:39 - 00001282 _____ () C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2014-02-06 17:32 - 2013-12-25 21:38 - 00002288 _____ () C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2014-02-06 17:32 - 2013-12-25 21:38 - 00002012 _____ () C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2014-02-06 17:32 - 2013-05-05 18:26 - 00000095 _____ () C:\Users\Owner\.accessibility.properties
2014-02-06 17:32 - 2012-03-28 16:00 - 00000000 ____D () C:\Users\Owner
2014-02-06 17:32 - 2012-01-25 19:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 17:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 13:06 - 2014-02-06 13:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-06 07:24 - 2013-03-17 12:05 - 00000000 ____D () C:\Windows\Minidump
2014-02-05 15:35 - 2013-03-15 19:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 15:35 - 2013-03-15 19:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 15:35 - 2013-03-15 19:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-03 21:57 - 2012-03-28 16:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-02-03 21:54 - 2013-06-05 08:51 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 11:49 - 2009-07-13 21:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-02 22:35 - 2012-03-28 16:02 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 22:30 - 2014-02-02 22:30 - 01649256 _____ (SafeInstall, LLC) C:\Users\Owner\Downloads\mediaplayer.exe
2014-02-02 22:07 - 2014-02-02 22:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\Java
2014-02-02 21:57 - 2014-02-02 21:56 - 21646856 _____ () C:\Users\Owner\Downloads\homestream-2.0-win-setup.exe
2014-02-01 23:25 - 2014-02-01 23:25 - 13079688 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
2014-02-01 08:02 - 2012-06-07 09:08 - 00000000 ___HD () C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2014-01-30 18:24 - 2009-07-13 21:13 - 00767080 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-27 09:30 - 2014-01-26 22:09 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-01-26 22:51 - 2014-01-26 22:11 - 00000000 ____D () C:\Users\Owner\Documents\Apowersoft Free Audio Recorder
2014-01-26 22:17 - 2014-01-26 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apowersoft
2014-01-26 22:12 - 2014-01-26 22:10 - 00000242 _____ () C:\Windows\wininit.ini
2014-01-26 22:11 - 2014-01-26 22:11 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-01-23 20:55 - 2013-04-05 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-01-21 23:18 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-21 22:26 - 2014-01-21 22:26 - 00000000 ____D () C:\Program Files (x86)\BearShare Applications
2014-01-15 15:53 - 2009-07-13 20:45 - 00418856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 12:12 - 2012-05-27 16:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 12:11 - 2013-08-14 10:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 12:09 - 2012-03-29 08:58 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 13:12 - 2014-01-14 13:11 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-14 13:12 - 2011-11-21 20:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-14 13:10 - 2013-10-20 15:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-07 13:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-29 19:00
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-02-2014
Ran by Owner at 2014-02-06 21:02:43
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRX8RK4Q
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AOL Toolbar (HKCU Version: - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (x32 Version: 6.4.0.9 - )
Canon Camera Window MC 6 for ZoomBrowser EX (x32 Version: 6.3.0.8 - )
Canon G.726 WMP-Decoder (x32 Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 2.4.0.14 - )
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.6.0.13 - )
Canon RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.7.0.8 - )
Canon Utilities PhotoStitch (x32 Version: 3.1.19.43 - )
Canon Utilities ZoomBrowser EX (x32 Version: 5.8.0.74 - )
CCleaner (Version: 3.25 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Product Detection (x32 Version: 11.15.0004 - HP)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2430 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004 - Intel Corporation)
Intel(R) WiDi (x32 Version: 2.1.42.0 - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PDF To Excel Converter V3.0 (x32 Version: - http://www.PDFExcelConverter.com)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype Launcher (x32 Version: 2.01 - TOSHIBA Corporation)
Skype 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 15.2.11.1 - Synaptics Incorporated)
Toshiba App Place (x32 Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (x32 Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (x32 Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (x32 Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (x32 Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (x32 Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (x32 Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (x32 Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (x32 Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Display Monitor (x32 Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (x32 Version: 1.0.9 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
21-01-2014 19:28:52 Windows Update
28-01-2014 12:03:48 Windows Update
31-01-2014 23:02:31 Windows Update
02-02-2014 07:29:30 Removed Microsoft Silverlight
02-02-2014 07:52:01 Removed Microsoft Silverlight
03-02-2014 05:59:54 Installed Java(TM) 7 Update 5 (64-bit)
03-02-2014 06:33:45 Removed Google Earth.
03-02-2014 06:35:21 Removed Microsoft Silverlight
04-02-2014 06:04:56 Removed Google Earth.
04-02-2014 11:23:03 Windows Update
==================== Hosts content: ==========================
2009-07-13 18:34 - 2013-04-10 13:40 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0C3181F3-6F13-4800-951F-DFCF3D891E1C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {282700B0-FBCB-4730-9C02-C0E6C2164E9E} - System32\Tasks\weDownload Manager Pro-firefoxinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe
Task: {3DA6CFE4-A0F5-47F1-9F7A-CFA6E27D2956} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {3DC9AB5D-75BF-4E6C-9EDE-D6A8D8432BA4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1699991964-2536946847-36376121-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5802D785-7045-4705-9017-377A1D1FD770} - System32\Tasks\{37ABBFA8-F24D-4317-A442-5FA3BB0F7D11} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {622DFA1D-AF33-439A-BEB3-343E5B4F1949} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25] (Google Inc.)
Task: {6C2E4F53-D9D1-4D78-81EC-459E77442452} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {850B310A-9F73-4972-A5C4-963FD0F158FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1699991964-2536946847-36376121-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {85A5E7B8-7DAC-4962-8762-50A39EB25535} - System32\Tasks\weDownload Manager Pro-chromeinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe
Task: {8D237195-0D55-41CB-8FF0-33973362B6BF} - System32\Tasks\{5C4213AD-B3D4-409D-971C-2E458CFCE332} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {A3B62135-8A37-4413-995A-F7EAB95B0D07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25] (Google Inc.)
Task: {AB262AD3-4F28-4091-9981-F0EAE566FA88} - System32\Tasks\weDownload Manager Pro-codedownloader => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe
Task: {C601B345-BEA0-4C69-8C76-3886A5FDA14B} - System32\Tasks\{9CE12553-2BDB-4DB5-BB66-6CBC2BBAFADD} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {D2D4104A-D7AF-4C51-865E-A670875498B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {EA8CA7EF-25B1-4A68-8159-144073608B15} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {F377211F-9E81-4EDA-A788-AF52B2F9F0E6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe
==================== Loaded Modules (whitelisted) =============
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-04-14 12:08 - 2009-08-13 11:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdpdrpp.dll
2011-06-27 09:16 - 2011-06-27 09:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 10:37 - 2010-11-30 10:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-09 21:09 - 2011-06-09 21:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-08-17 20:39 - 2013-09-18 17:54 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-12-20 14:33 - 2013-12-20 14:33 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-05 15:35 - 2014-02-05 15:35 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Owner\Documents\Emailing_ Doctor_jpeg.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============
Name: hlnfd
Description: hlnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: hlnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2014 05:32:35 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/06/2014 05:32:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2014 01:50:42 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (02/06/2014 01:06:34 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/06/2014 01:06:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2014 07:12:22 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/06/2014 07:12:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2014 04:46:55 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/06/2014 04:46:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2014 01:01:03 AM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

System errors:
=============
Error: (02/06/2014 05:32:17 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/06/2014 05:32:05 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/06/2014 01:06:17 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/06/2014 01:06:04 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/06/2014 07:12:06 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/06/2014 07:11:51 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/06/2014 04:46:39 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/06/2014 04:46:25 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/05/2014 07:33:42 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/05/2014 07:33:27 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2

Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-02-06 19:06:32.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 19:06:32.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 19:06:32.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 19:06:32.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 19:06:32.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 19:06:32.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-04 03:06:00.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-04 03:06:00.353
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-04 03:06:00.353
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-04 03:06:00.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 57%
Total physical RAM: 4002.69 MB
Available physical RAM: 1694.53 MB
Total Pagefile: 8003.56 MB
Available Pagefile: 5218.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (TI106332W0C) (Fixed) (Total:579.64 GB) (Free:481.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 27058636)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=580 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)
==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

I can see you are not following the instructions as you have used the Run option when downloading FRST instead of Saving it as the instructions ask you to do, it doesn't matter at the moment, but please try to stick with the instructions.



> I apologize but I cannot get the AdwCleaner program to download on my computer.


 I can't help with this unless you tell me exactly what you are seeing.

Your system is clearly re-infected with Adware so getting Adwcleaner saved to your desktop and run on the system is most important.

If you cannot find any way to get Adwcleaner to download and run please continue with the remaining scans.


----------



## tenntod (Mar 17, 2013)

Mark, I've started completely over. I discovered I needed to turn off my anti virus software in order to download AdwCleaner. I ran it and had a notepad log ready to send but when I tried to download Rogue Killer that was lost. I'm very frustrated because I'm having so many problems. I thank you for your patience as I'm a novice at this type of thing. When I think I'm doing right I find out I'm not. The Roque Killer download told me I need a zip file. so, I downloaded that and now I think I have another adware called Mysearchdial. And I cannot delete it. I'm hoping starting over is what you would want me to do. Again, I'm so sorry for having such a challenging time. Additional logs to follow as I'm trying not to exceed the characters.
Ted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Owner (administrator) on OWNER-PC on 07-02-2014 22:57:00
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\System32\lxdpcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] - C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1699991964-2536946847-36376121-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1699991964-2536946847-36376121-1000\...\Policies\system: [DisableLockWorkstation] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...FtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...FtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...FtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - DefaultScope {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://start.mysearchdial.com/resul...FtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
SearchScopes: HKCU - {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://start.mysearchdial.com/resul...FtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
SearchScopes: HKCU - {5EB07BDA-DAA9-43E9-9508-0BAD4693CEC6} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSNP_enUS477
SearchScopes: HKCU - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\user.js
FF DefaultSearchEngine: Mysearchdial
FF SearchEngineOrder.1: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\searchplugins\Mysearchdial.xml
FF Extension: MySearchDial NewTab - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-02-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
Chrome: 
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEtCtD0CyEyB0CtD0F0DtN0D0Tzu0SyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Liveu0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (lookinglink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakbkblgilodacnlnmcoiofdjakliih [2014-02-01]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (weDownload Manager Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2013-12-25]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-13]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S3 lxcg_device; C:\Windows\system32\lxcgcoms.exe [451584 2005-07-25] ( )
R2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-09-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-09-18] (Kaspersky Lab ZAO)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 gfiark; system32\drivers\gfiark.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-09-18] (Kaspersky Lab ZAO)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-02-07 22:57 - 2014-02-07 22:57 - 00026163 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-02-07 22:40 - 2014-02-07 22:40 - 00002422 _____ () C:\Windows\PFRO.log
2014-02-07 22:31 - 2014-02-07 22:31 - 00000030 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-02-07 22:29 - 2014-02-07 22:29 - 00003232 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-07 22:29 - 2014-02-07 22:29 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-07 22:29 - 2014-02-07 22:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-02-07 22:29 - 2014-02-07 22:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-02-07 22:14 - 2014-02-07 22:15 - 00000000 ____D () C:\AdwCleaner
2014-02-07 22:13 - 2014-02-07 22:14 - 01166132 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-02-06 21:34 - 2014-02-06 21:34 - 02079744 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-02-06 17:59 - 2014-02-07 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 13:06 - 2014-02-07 22:40 - 00000728 _____ () C:\Windows\setupact.log
2014-02-06 13:06 - 2014-02-06 13:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-02 22:30 - 2014-02-02 22:30 - 01649256 _____ (SafeInstall, LLC) C:\Users\Owner\Downloads\mediaplayer.exe
2014-02-02 22:07 - 2014-02-02 22:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\Java
2014-02-02 21:56 - 2014-02-02 21:57 - 21646856 _____ () C:\Users\Owner\Downloads\homestream-2.0-win-setup.exe
2014-02-01 23:25 - 2014-02-01 23:25 - 13079688 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
2014-01-26 22:11 - 2014-01-26 22:51 - 00000000 ____D () C:\Users\Owner\Documents\Apowersoft Free Audio Recorder
2014-01-26 22:11 - 2014-01-26 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apowersoft
2014-01-26 22:11 - 2014-01-26 22:11 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-01-26 22:10 - 2014-01-26 22:12 - 00000242 _____ () C:\Windows\wininit.ini
2014-01-21 22:26 - 2014-01-21 22:26 - 00000000 ____D () C:\Program Files (x86)\BearShare Applications
2014-01-15 09:50 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:50 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:50 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 09:50 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 13:12 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-14 13:12 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-14 13:12 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-14 13:12 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-14 13:11 - 2014-01-14 13:12 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-09 22:59 - 2014-02-07 22:57 - 00000000 ____D () C:\FRST
==================== One Month Modified Files and Folders =======
2014-02-07 22:57 - 2014-02-07 22:57 - 00026163 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-02-07 22:57 - 2014-01-09 22:59 - 00000000 ____D () C:\FRST
2014-02-07 22:47 - 2009-07-13 20:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 22:47 - 2009-07-13 20:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 22:44 - 2012-08-18 21:00 - 01108574 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 22:41 - 2013-09-18 17:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-07 22:41 - 2012-05-29 18:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-02-07 22:40 - 2014-02-07 22:40 - 00002422 _____ () C:\Windows\PFRO.log
2014-02-07 22:40 - 2014-02-06 13:06 - 00000728 _____ () C:\Windows\setupact.log
2014-02-07 22:40 - 2013-12-25 21:39 - 00001282 _____ () C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2014-02-07 22:40 - 2013-12-25 21:38 - 00002288 _____ () C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2014-02-07 22:40 - 2013-12-25 21:38 - 00002012 _____ () C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2014-02-07 22:40 - 2013-05-05 18:26 - 00000095 _____ () C:\Users\Owner\.accessibility.properties
2014-02-07 22:40 - 2012-03-28 16:00 - 00000000 ____D () C:\Users\Owner
2014-02-07 22:40 - 2012-01-25 19:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 22:40 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 22:35 - 2013-03-15 19:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 22:33 - 2014-02-06 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-07 22:31 - 2014-02-07 22:31 - 00000030 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-02-07 22:29 - 2014-02-07 22:29 - 00003232 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-07 22:29 - 2014-02-07 22:29 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-07 22:29 - 2014-02-07 22:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-02-07 22:29 - 2014-02-07 22:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-02-07 22:23 - 2012-01-25 19:08 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 22:15 - 2014-02-07 22:14 - 00000000 ____D () C:\AdwCleaner
2014-02-07 22:14 - 2014-02-07 22:13 - 01166132 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-02-06 21:34 - 2014-02-06 21:34 - 02079744 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-02-06 13:06 - 2014-02-06 13:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-06 07:24 - 2013-03-17 12:05 - 00000000 ____D () C:\Windows\Minidump
2014-02-05 15:35 - 2013-03-15 19:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 15:35 - 2013-03-15 19:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 15:35 - 2013-03-15 19:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-03 21:57 - 2012-03-28 16:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-02-03 21:54 - 2013-06-05 08:51 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 11:49 - 2009-07-13 21:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-02 22:35 - 2012-03-28 16:02 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 22:30 - 2014-02-02 22:30 - 01649256 _____ (SafeInstall, LLC) C:\Users\Owner\Downloads\mediaplayer.exe
2014-02-02 22:07 - 2014-02-02 22:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\Java
2014-02-02 21:57 - 2014-02-02 21:56 - 21646856 _____ () C:\Users\Owner\Downloads\homestream-2.0-win-setup.exe
2014-02-01 23:25 - 2014-02-01 23:25 - 13079688 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
2014-02-01 08:02 - 2012-06-07 09:08 - 00000000 ___HD () C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2014-01-30 18:24 - 2009-07-13 21:13 - 00767080 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-26 22:51 - 2014-01-26 22:11 - 00000000 ____D () C:\Users\Owner\Documents\Apowersoft Free Audio Recorder
2014-01-26 22:17 - 2014-01-26 22:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apowersoft
2014-01-26 22:12 - 2014-01-26 22:10 - 00000242 _____ () C:\Windows\wininit.ini
2014-01-26 22:11 - 2014-01-26 22:11 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-01-23 20:55 - 2013-04-05 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-01-21 23:18 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-21 22:26 - 2014-01-21 22:26 - 00000000 ____D () C:\Program Files (x86)\BearShare Applications
2014-01-15 15:53 - 2009-07-13 20:45 - 00418856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 12:12 - 2012-05-27 16:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 12:11 - 2013-08-14 10:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 12:09 - 2012-03-29 08:58 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 13:12 - 2014-01-14 13:11 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-14 13:12 - 2011-11-21 20:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-14 13:10 - 2013-10-20 15:40 - 00000000 ____D () C:\ProgramData\Oracle
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\43790uninstall.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-29 19:00
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014
Ran by Owner at 2014-02-07 22:57:48
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AOL Toolbar (HKCU Version: - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (x32 Version: 6.4.0.9 - )
Canon Camera Window MC 6 for ZoomBrowser EX (x32 Version: 6.3.0.8 - )
Canon G.726 WMP-Decoder (x32 Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 2.4.0.14 - )
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.6.0.13 - )
Canon RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.7.0.8 - )
Canon Utilities PhotoStitch (x32 Version: 3.1.19.43 - )
Canon Utilities ZoomBrowser EX (x32 Version: 5.8.0.74 - )
CCleaner (Version: 3.25 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Product Detection (x32 Version: 11.15.0004 - HP)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2430 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004 - Intel Corporation)
Intel(R) WiDi (x32 Version: 2.1.42.0 - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PDF To Excel Converter V3.0 (x32 Version: - http://www.PDFExcelConverter.com)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype Launcher (x32 Version: 2.01 - TOSHIBA Corporation)
Skype 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 15.2.11.1 - Synaptics Incorporated)
Toshiba App Place (x32 Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (x32 Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (x32 Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (x32 Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (x32 Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (x32 Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (x32 Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (x32 Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (x32 Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Display Monitor (x32 Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (x32 Version: 1.0.9 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zip Opener Packages (HKCU Version: - ) <==== ATTENTION
==================== Restore Points =========================
28-01-2014 12:03:48 Windows Update
31-01-2014 23:02:31 Windows Update
02-02-2014 07:29:30 Removed Microsoft Silverlight
02-02-2014 07:52:01 Removed Microsoft Silverlight
03-02-2014 05:59:54 Installed Java(TM) 7 Update 5 (64-bit)
03-02-2014 06:33:45 Removed Google Earth.
03-02-2014 06:35:21 Removed Microsoft Silverlight
04-02-2014 06:04:56 Removed Google Earth.
04-02-2014 11:23:03 Windows Update
08-02-2014 02:29:35 Windows Update
==================== Hosts content: ==========================
2009-07-13 18:34 - 2013-04-10 13:40 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0C3181F3-6F13-4800-951F-DFCF3D891E1C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {282700B0-FBCB-4730-9C02-C0E6C2164E9E} - System32\Tasks\weDownload Manager Pro-firefoxinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe
Task: {3DA6CFE4-A0F5-47F1-9F7A-CFA6E27D2956} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {3DC9AB5D-75BF-4E6C-9EDE-D6A8D8432BA4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1699991964-2536946847-36376121-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5802D785-7045-4705-9017-377A1D1FD770} - System32\Tasks\{37ABBFA8-F24D-4317-A442-5FA3BB0F7D11} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {622DFA1D-AF33-439A-BEB3-343E5B4F1949} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25] (Google Inc.)
Task: {6C2E4F53-D9D1-4D78-81EC-459E77442452} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {850B310A-9F73-4972-A5C4-963FD0F158FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1699991964-2536946847-36376121-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {85A5E7B8-7DAC-4962-8762-50A39EB25535} - System32\Tasks\weDownload Manager Pro-chromeinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe
Task: {8D237195-0D55-41CB-8FF0-33973362B6BF} - System32\Tasks\{5C4213AD-B3D4-409D-971C-2E458CFCE332} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {A327D6CB-8B02-4C45-9B88-D3CD8464901C} - System32\Tasks\Digital Sites => C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: {A3B62135-8A37-4413-995A-F7EAB95B0D07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25] (Google Inc.)
Task: {AB262AD3-4F28-4091-9981-F0EAE566FA88} - System32\Tasks\weDownload Manager Pro-codedownloader => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe
Task: {C601B345-BEA0-4C69-8C76-3886A5FDA14B} - System32\Tasks\{9CE12553-2BDB-4DB5-BB66-6CBC2BBAFADD} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {D2D4104A-D7AF-4C51-865E-A670875498B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {EA8CA7EF-25B1-4A68-8159-144073608B15} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {F377211F-9E81-4EDA-A788-AF52B2F9F0E6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe
==================== Loaded Modules (whitelisted) =============
2011-06-27 09:16 - 2011-06-27 09:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 10:37 - 2010-11-30 10:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-09 21:09 - 2011-06-09 21:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-08-17 20:39 - 2013-09-18 17:54 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Owner\Documents\Emailing_ Doctor_jpeg.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============
Name: hlnfd
Description: hlnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: hlnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (02/07/2014 10:41:15 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/07/2014 10:40:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 10:17:46 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/07/2014 10:17:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 09:58:06 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/07/2014 09:57:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 07:58:48 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/07/2014 07:58:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 06:25:25 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/07/2014 06:25:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/07/2014 10:40:46 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/07/2014 10:40:30 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/07/2014 10:34:47 PM) (Source: Service Control Manager) (User: )
Description: The Update RightSurf service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (02/07/2014 10:17:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/07/2014 10:16:58 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/07/2014 09:57:42 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/07/2014 09:57:27 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/07/2014 07:58:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/07/2014 07:58:09 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/07/2014 06:25:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd

Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-02-07 20:42:23.008
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-07 20:42:22.998
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-07 20:42:22.998
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-07 20:42:22.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-07 20:42:22.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-07 20:42:22.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 19:06:32.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 19:06:32.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 19:06:32.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 19:06:32.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 49%
Total physical RAM: 4002.69 MB
Available physical RAM: 2003.55 MB
Total Pagefile: 8003.56 MB
Available Pagefile: 5591.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (TI106332W0C) (Fixed) (Total:579.64 GB) (Free:483.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 27058636)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=580 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)
==================== End Of Log ============================


----------



## tenntod (Mar 17, 2013)

# AdwCleaner v3.018 - Report created 07/02/2014 at 23:40:04
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjpogn14.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ovmz69us.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjpogn14.default\user.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\user.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ovmz69us.default\user.js
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjpogn14.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites0103");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEtCtD0CyEyB0CtD0F0DtN0D0Tzu0SyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "378930771");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "E36E6BC2134E0420077E0D5D887251D2");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEtCtD0CyEyB0CtD0F0DtN0D0Tzu0SyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "DC0EA1410C47C0FD");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16108");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEtCtD0CyEyB0CtD0F0DtN0D0Tzu0SyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBt[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.022:29:6");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEtCtD0CyEyB0CtD0F0DtN0D0Tzu0SyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Cz[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEtCtD0CyEyB0CtD0F0DtN0D0Tzu0SyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.022:29:6");
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ovmz69us.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
*************************
AdwCleaner[R5].txt - [1886 octets] - [07/02/2014 22:14:51]
AdwCleaner[R6].txt - [7677 octets] - [07/02/2014 23:30:23]
AdwCleaner[S4].txt - [1916 octets] - [07/02/2014 22:15:33]
AdwCleaner[S5].txt - [6717 octets] - [07/02/2014 23:40:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [6777 octets] ##########


----------



## Mark1956 (May 7, 2011)

There was no need to post another FRST log as you had already done that.

The RogueKiller download does not require any other software, the file just needs to be saved to the desktop. I think you have clicked on the wrong button on the RogueKiller page, you need to scroll down to the two blue icons, one is marked X64, that is the one you need.

Please now go back and repeat the scan with Adwcleaner and post the log produced after the reboot, then continue with the other scans in the order listed. Put each log into a separate post as soon as it is produced and submit the post, then move on to the next scan.

NOTE: we just crossed posts, please do a repeat scan with Adwcleaner and then move on to the others.


----------



## tenntod (Mar 17, 2013)

Thank you for your patience, yes, I did click on the wrong download button for Rogue Killer. I seem to be moving forward now thanks to your help! Here is the AdwCleaner report you asked for, and on to the others.

# AdwCleaner v3.018 - Report created 07/02/2014 at 23:55:21
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjpogn14.default\prefs.js ]

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\prefs.js ]

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ovmz69us.default\prefs.js ]

-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R5].txt - [1886 octets] - [07/02/2014 22:14:51]
AdwCleaner[R6].txt - [7677 octets] - [07/02/2014 23:30:23]
AdwCleaner[R7].txt - [1336 octets] - [07/02/2014 23:54:39]
AdwCleaner[S4].txt - [1916 octets] - [07/02/2014 22:15:33]
AdwCleaner[S5].txt - [6865 octets] - [07/02/2014 23:40:04]
AdwCleaner[S6].txt - [1257 octets] - [07/02/2014 23:55:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1317 octets] ##########


----------



## tenntod (Mar 17, 2013)

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/08/2014 12:14:56 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\lxdpcoms.exe (PID: 1632) [WD-HEUR]
 * C:\windows\system32\ThpSrv.exe (PID: 1964) [WD-HEUR]
* C:\Windows\System32\ThpSrv.exe (PID: 2676) [WD-HEUR]
3 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity: 
* WSearch [Missing Service]
Searching for Missing Digital Signatures: 
* No issues found.
Checking HOSTS File: 
* HOSTS file entries found: 
::1 localhost
127.0.0.1 localhost
Program finished at: 02/08/2014 12:15:53 AM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)


----------



## tenntod (Mar 17, 2013)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.08.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Owner :: OWNER-PC [administrator]
2/8/2014 12:22:14 AM
mbam-log-2014-02-08 (00-22-14).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374442
Time elapsed: 1 hour(s), 15 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 14
C:\$RECYCLE.BIN\S-1-5-21-1699991964-2536946847-36376121-1000\$R6XKGGQ.exe (PUP.Optional.Firseria) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1699991964-2536946847-36376121-1000\$R9VZI54.exe (PUP.Optional.MusicToolbar.A) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1699991964-2536946847-36376121-1000\$RN6GHQC.exe (PUP.Optional.JumpyApps) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe (PUP.Optional.JumpyApps) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\is357113909\689053_stp\Mysearchdial.exe (PUP.Optional.MySpeedDial.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\is357113909\689105_stp\RightSurfSetup.exe (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\mediaplayer.exe (PUP.Optional.SafeInstall.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\outlook express setup(1).exe (PUP.Optional.Soft32.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\outlook express setup.exe (PUP.Optional.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\outlook-express-s32-downloader.exe (PUP.Optional.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\Setup(1).exe (PUP.Optional.Firseria) -> Quarantined and deleted successfully.
C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
(end)


----------



## Mark1956 (May 7, 2011)

And the RogueKiller log???

Malwarebytes got rid of a few more items of Adware. Rkill detected a missing service which needs to be replaced as follows.

Please download the attachment and save it to your desktop.
Extract the reg file from the zip folder.
Double click on the reg file and allow it to merge with the registry.
Reboot the system.


----------



## tenntod (Mar 17, 2013)

Here is the RogueKiller log. I'm sorry I thought I had included it. I will download the attachment and include that in the next reply. Your responses had been automatically been sent to my email inbox. However, it's not doing that now. I have to go to the thread and look for your response. Any idea why that would be?

RogueKiller V8.8.6 _x64_ [Feb 7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 02/07/2014 23:22:13
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 7 ¤¤¤
[V1][SUSP PATH] Digital Sites.job : C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V1][ROGUE ST] weDownload Manager Pro-chromeinstaller.job : C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe - /installcrx /agentregpath='weDownload Manager Pro' /extensionfilepath='C:\Program Files (x86)\weDownload Manager Pro\43628.crx' /appid=43628 /srcid='000529' /subid='verticals-' /zdata='0' /bic=01B34060DDC041BE93EA6D819093B1DAIE /verifier=e9c2694dbce1112c9ca08a0586184fff /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1388036328 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=kikjpgpbpnapbimplfcbcbakjacpgceb /extensionversion=1.25.32 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu8GEww/SpmxxDWtUIoK+qf7gcvMs9g2pbGq356uPGhNudUe1FfwbhK89mzTMusLcZY/bgjcC5z/NV5019ehcBC9Ss8CfVUB1F/f9ElNm4r3DA6OMpIY0n3LLjeoRWK55QZR53N1sQKE5xWAZl1Hx4vrLnnvS0aTkg10BGFHGIJQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x] -> FOUND
[V1][ROGUE ST] weDownload Manager Pro-firefoxinstaller.job : C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe - /installxpi /agentregpath='weDownload Manager Pro' /extensionfilepath='C:\Program Files (x86)\weDownload Manager Pro\43628.xpi' /appid=43628 /srcid='000529' /subid='verticals-' /zdata='0' /bic=01B34060DDC041BE93EA6D819093B1DAIE /verifier=e9c2694dbce1112c9ca08a0586184fff /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1388036328 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /[email protected]484-a26b-b888ecae1906.com /extensionversion=0.93 /prefsbranch=a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/43628.rdf /extensionname='weDownload Manager Pro' /extensiondesc='Enhance your search results with direct download links and information for apps and games.' /publishername='weDownload' /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x] -> FOUND
[V2][SUSP PATH] Digital Sites : C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][SUSP PATH] Test TimeTrigger : C:\Users\Owner\AppData\Local\Temp\Runner.exe - C:\Users\Owner\AppData\Local\Temp\DNS.exe [x][x] -> FOUND
[V2][ROGUE ST] weDownload Manager Pro-chromeinstaller : C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe - /installcrx /agentregpath='weDownload Manager Pro' /extensionfilepath='C:\Program Files (x86)\weDownload Manager Pro\43628.crx' /appid=43628 /srcid='000529' /subid='verticals-' /zdata='0' /bic=01B34060DDC041BE93EA6D819093B1DAIE /verifier=e9c2694dbce1112c9ca08a0586184fff /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1388036328 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=kikjpgpbpnapbimplfcbcbakjacpgceb /extensionversion=1.25.32 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu8GEww/SpmxxDWtUIoK+qf7gcvMs9g2pbGq356uPGhNudUe1FfwbhK89mzTMusLcZY/bgjcC5z/NV5019ehcBC9Ss8CfVUB1F/f9ElNm4r3DA6OMpIY0n3LLjeoRWK55QZR53N1sQKE5xWAZl1Hx4vrLnnvS0aTkg10BGFHGIJQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x] -> FOUND
[V2][ROGUE ST] weDownload Manager Pro-firefoxinstaller : C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe - /installxpi /agentregpath='weDownload Manager Pro' /extensionfilepath='C:\Program Files (x86)\weDownload Manager Pro\43628.xpi' /appid=43628 /srcid='000529' /subid='verticals-' /zdata='0' /bic=01B34060DDC041BE93EA6D819093B1DAIE /verifier=e9c2694dbce1112c9ca08a0586184fff /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1388036328 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /[email protected]484-a26b-b888ecae1906.com /extensionversion=0.93 /prefsbranch=a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/43628.rdf /extensionname='weDownload Manager Pro' /extensiondesc='Enhance your search results with direct download links and information for apps and games.' /publishername='weDownload' /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x] -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

::1 localhost
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK6475GSX +++++
--- User ---
[MBR] bed019c8e6a4fe1a2f4347874fbba52e
[BSP] 9ea1ced1571f36b81b112b3982abe1b2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 593552 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1218668544 | Size: 15427 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_02072014_232213.txt >>


----------



## tenntod (Mar 17, 2013)

Was a report supposed to have been generated when I downloaded and ran the wsearch attachment. I saw it had merged with the registry bud don't see a report anywhere


----------



## Mark1956 (May 7, 2011)

You should check your settings on this site to make sure it is still set to inform you by email of any responses.

There was no report expected from merging the reg file, having seen that it merged with the registry is all that is required.

RogueKiller found a few things that need some action, please follow this:


Quit all running programs. 
Start RogueKiller.exe by double clicking on the icon. 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on *Delete* when complete.
Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply.


----------



## tenntod (Mar 17, 2013)

RogueKiller V8.8.6 _x64_ [Feb 7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 02/09/2014 15:11:48
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowVideos (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][SUSP PATH] Digital Sites.job : C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V2][SUSP PATH] Digital Sites : C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V2][SUSP PATH] Test TimeTrigger : C:\Users\Owner\AppData\Local\Temp\Runner.exe - C:\Users\Owner\AppData\Local\Temp\DNS.exe [x][x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

::1 localhost
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK6475GSX +++++
--- User ---
[MBR] bed019c8e6a4fe1a2f4347874fbba52e
[BSP] 9ea1ced1571f36b81b112b3982abe1b2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 593552 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1218668544 | Size: 15427 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_02092014_151148.txt >>
RKreport[0]_S_02072014_232213.txt;RKreport[0]_S_02092014_151113.txt


----------



## Mark1956 (May 7, 2011)

How well is the system running now?


----------



## tenntod (Mar 17, 2013)

System seems to be running much faster and I can print from Internet Explorer now. If there is anything else I need to do on my end please let me know. Thank you so much for your patience and awesome help!


----------



## tenntod (Mar 17, 2013)

I did forget to mention the print is very small and I haven't done anything to change that.


----------



## Mark1956 (May 7, 2011)

The print size will relate to the size of the print on the web page, as far as I know. What web site do you print from or is it from many different ones. Do you highlight what you wish to print first and then select Print Preview, or just print out the entire web page?


----------



## tenntod (Mar 17, 2013)

Dear Marc,


The print in question was from the techguy website. I printed one page from the instructions you gave me regarding the RogueKiller scan. The most recent one.


I should let you know my wife had yet another blue screen appear today. She cannot remember specifically what she was doing at the time. The computer shuts down to the blue screen and then recovers itself by re-booting. I've asked her to pay attention and write it down exactly what she was doing and which browser she is using if it does this again. Thank you.


----------



## Mark1956 (May 7, 2011)

I don't think the print size can be changed unless you copy the text and then paste it into Word or Notepad and then change the size, you may have to experiment, but I don't think this is a fault. Let me know how it goes.

Now the PC is in a clean state we may have better luck getting the minidumps posted here for analyzing.

Please try again to Take Ownership of the files and see if you can then zip them up. Can you confirm that when you right click on the files that the 'Take Ownership' option is visible in the right click menu. Not sure if you will remember from when you tried it before, but when you right click on a file and select Take Ownership you should have seen a black box flash up on screen and disappear, if you have seen that box then the process was successful.


----------



## tenntod (Mar 17, 2013)

Hi Mark,


I followed the instructions regarding the minidump files. I saw the black screen for just a second when I downloaded the Take Ownership. I was given a message access denied and a blank notebook page came up. Any idea what I'm doing wrong?


----------



## Mark1956 (May 7, 2011)

Not too clear on what you have done. When you right click on the minidump file do you see the option of 'Take Ownership' in the pop up menu, if so did the black box flash up on screen when you selected it?

I'm not sure why Notepad is opening, after you have selected Take Ownership from the right click menu you should then right click on the file again, select 'Send To' and then select 'Compressed (zipped) folder'.


----------



## tenntod (Mar 17, 2013)

Dear Mark,


I'll do my best to explain what I have done. I followed the directions on how to locate minidump files. I clicked on the C: drive, then double clicked on the windows file. Then I double clicked on the minidump file. Another window pops up showing 021014-36941-01. I right clicked on that file which is a .dmp extension take ownership comes up. That is also when I see the black screen flash. I then right click on the 021014-36941-01 file again and click on send to, slide over to compressed zip folder. I left click on that and I get the error message. File not found or no read permission.


Thank you,
Ted


----------



## Mark1956 (May 7, 2011)

Ok, lets give this a try, once you have run it, try again to zip up the minidumps.

Download this and save it to the desktop: Windows Repair Use the coloured button next to *Direct Download* just below *Installer (4.81MB)* to start the download. NOTE: DO NOT use the green buttons at the top of the page as this is dubious software that could infect your system with Adware.

Close your browser and any running programs, double click on the Tweaking icon on your desktop to run the tool. When the program opens click on the *Step 4* tab. Under System Restore click on *Create* and wait for the confirmation to appear just below the button.

When complete click on the tab *Start Repairs*, click on the *Start* button. Then click on *Unselect All* and tick the boxes next to the the items in the list below.

When done click on the *Start* button and leave it undisturbed until complete.


Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Remove Policies Set By Infections
Unhide Non System Files
Set Windows Services To Default Startup
Repair File Associations
Restore Important Windows Services


----------



## tenntod (Mar 17, 2013)

Dear Mark,


Well, I did exactly as the instructions told me, when running Windows Repair. I clicked on start button and left the computer alone so it would do it's thing.


After about 20 minutes I came back to the computer to find it had rebooted and I could not find a log anywhere to copy and paste for you to review. Nothing in Notebook. Did I do something wrong that you can think of. I did follow the directions and disabled my anti-virus where it told me. Thank you!


Sincerely,
Ted


----------



## Mark1956 (May 7, 2011)

The instructions to run Windows Repair do not request that you post the log.

Are you now able to zip up the minidump files?


----------



## tenntod (Mar 17, 2013)

Mark,


After running Windows Repair, there are no files under minidump. Several problems have shown themselves in the last few days. One is every time Internet Explorer boots up now a window pops up at the bottom of the page that says; only secure content is displayed and to the right of that it has a box that you can click on that says; show content.


The other thing it's doing is the computer freezes up. When it does that a notice comes up on the screen that says Display driver stopped responding, but has recovered. Then I have to reboot it.


Thank you


----------



## Mark1956 (May 7, 2011)

When you ran Windows Repair did you only select the options in the list I gave, none of those options could have deleted the minidump files, so I am not sure what has happened unless you also selected remove temp files by mistake. Likewise with the changed behaviour of Internet Explorer, if you also selected the IE repair option it will have reset it.

All we can do now is wait to see if you get any more BSOD's.

As for the Graphics driver I would first try reinstalling it from the manufacturer's site.


----------



## tenntod (Mar 17, 2013)

Dear Mark,


I do not know what I may have done wrong as I printed out your instructions and followed them to the letter. My wife has had the computer freeze on her twice in the last ten days. It freezes to where the mouse will not move the curser. It recovers itself when this has happened. She is using one of both browsers IE and Mozilla, when the computer freezes on her. Thank you


----------



## Mark1956 (May 7, 2011)

Ok, lets see if we can figure out what is going on. Please FRST again, when the window opens put a check mark next to Addition.txt, then run the scan. Post both of the new logs produced.

Please also run Rkill again and post the new log from that.


----------



## tenntod (Mar 17, 2013)

Mark, here are the logs you've requested I post.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by Owner at 2014-02-28 21:51:33
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.0.9 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.3.0.8 - )
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.4.0.14 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.6.0.13 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.0.8 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.19.43 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.8.0.74 - )
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Product Detection (HKLM-x32\...\{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}) (Version: 11.15.0004 - HP)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PDF To Excel Converter V3.0 (HKLM-x32\...\PDF To Excel Converter_is1) (Version: - http://www.PDFExcelConverter.com)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.3.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
16-02-2014 11:23:30 Windows Update
21-02-2014 21:31:13 Windows Update
24-02-2014 05:53:31 Tweaking.com - Windows Repair
25-02-2014 06:48:35 Windows Update
26-02-2014 06:21:52 Windows Update
==================== Hosts content: ==========================
2009-07-13 18:34 - 2013-04-10 13:40 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0C3181F3-6F13-4800-951F-DFCF3D891E1C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {3DC9AB5D-75BF-4E6C-9EDE-D6A8D8432BA4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1699991964-2536946847-36376121-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5802D785-7045-4705-9017-377A1D1FD770} - System32\Tasks\{37ABBFA8-F24D-4317-A442-5FA3BB0F7D11} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {622DFA1D-AF33-439A-BEB3-343E5B4F1949} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25] (Google Inc.)
Task: {6C2E4F53-D9D1-4D78-81EC-459E77442452} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {850B310A-9F73-4972-A5C4-963FD0F158FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1699991964-2536946847-36376121-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8D237195-0D55-41CB-8FF0-33973362B6BF} - System32\Tasks\{5C4213AD-B3D4-409D-971C-2E458CFCE332} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {A3B62135-8A37-4413-995A-F7EAB95B0D07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25] (Google Inc.)
Task: {C601B345-BEA0-4C69-8C76-3886A5FDA14B} - System32\Tasks\{9CE12553-2BDB-4DB5-BB66-6CBC2BBAFADD} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {D2D4104A-D7AF-4C51-865E-A670875498B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {EA8CA7EF-25B1-4A68-8159-144073608B15} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {F377211F-9E81-4EDA-A788-AF52B2F9F0E6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-04-14 12:08 - 2009-08-13 11:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdpdrpp.dll
2011-06-27 09:16 - 2011-06-27 09:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 10:37 - 2010-11-30 10:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-22 19:22 - 2011-02-22 19:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2011-06-09 21:09 - 2011-06-09 21:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-08-17 20:39 - 2013-09-18 17:54 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Owner\Documents\Emailing_ Doctor_jpeg.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (02/28/2014 09:26:12 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/28/2014 07:06:11 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (02/28/2014 06:23:02 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/28/2014 11:36:39 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/28/2014 10:12:29 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/28/2014 04:37:20 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/28/2014 02:02:09 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (02/27/2014 08:53:59 PM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
Error: (02/27/2014 06:33:26 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (02/27/2014 05:09:41 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

System errors:
=============
Error: (02/28/2014 09:25:59 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (02/28/2014 09:25:52 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error: 
%%2
Error: (02/28/2014 09:25:43 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/28/2014 06:22:39 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error: 
%%2
Error: (02/28/2014 06:22:30 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/28/2014 11:36:17 AM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error: 
%%2
Error: (02/28/2014 11:36:07 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/28/2014 10:12:09 AM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error: 
%%2
Error: (02/28/2014 10:12:01 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (02/28/2014 04:36:59 AM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error: 
%%2

Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-02-28 18:54:06.604
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-28 18:54:06.604
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-28 18:54:06.604
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-28 18:54:06.564
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-28 18:54:06.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-28 18:54:06.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-27 01:00:41.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-27 01:00:41.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-27 01:00:41.984
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-27 01:00:41.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 45%
Total physical RAM: 4002.69 MB
Available physical RAM: 2195.78 MB
Total Pagefile: 8003.56 MB
Available Pagefile: 5715.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (TI106332W0C) (Fixed) (Total:579.64 GB) (Free:481.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 27058636)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=580 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)
==================== End Of Log ============================

Log #2

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Owner (administrator) on OWNER-PC on 28-02-2014 21:51:03
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\system32\lxdpcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] - C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1699991964-2536946847-36376121-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1699991964-2536946847-36376121-1000\...\Policies\system: [DisableLockWorkstation] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - DefaultScope {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://start.mysearchdial.com/resul...FtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
SearchScopes: HKCU - {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://start.mysearchdial.com/resul...FtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
SearchScopes: HKCU - {5EB07BDA-DAA9-43E9-9508-0BAD4693CEC6} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Liveu0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (lookinglink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakbkblgilodacnlnmcoiofdjakliih [2014-02-01]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (weDownload Manager Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2013-12-25]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-13]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-05-02]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 lxcg_device; C:\Windows\system32\lxcgcoms.exe [451584 2005-07-25] ( )
R2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-09-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-09-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 gfiark; system32\drivers\gfiark.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-09-18] (Kaspersky Lab ZAO)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-02-28 21:50 - 2014-02-28 21:50 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-02-26 19:26 - 2014-02-26 19:26 - 509543360 _____ () C:\Windows\MEMORY.DMP
2014-02-26 19:26 - 2014-02-26 19:26 - 00270416 _____ () C:\Windows\Minidump\022614-30669-01.dmp
2014-02-25 03:04 - 2014-02-25 03:04 - 00147656 _____ () C:\Windows\PFRO.log
2014-02-16 11:31 - 2014-02-28 21:25 - 00002688 _____ () C:\Windows\setupact.log
2014-02-16 11:31 - 2014-02-16 11:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-15 22:20 - 2014-02-16 03:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-02-15 15:07 - 2014-02-15 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:22 - 2014-02-13 21:22 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-13 21:21 - 2014-02-13 21:21 - 00000000 ____D () C:\RegBackup
2014-02-13 19:35 - 2014-02-23 22:11 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-13 19:28 - 2014-02-13 19:28 - 00002130 _____ () C:\Users\Owner\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-13 19:28 - 2014-02-13 19:28 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-13 19:25 - 2014-02-13 19:25 - 05074688 _____ () C:\Users\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-02-12 15:56 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 15:56 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 15:56 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 15:56 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 15:56 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 15:56 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 15:56 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 15:56 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 15:56 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:56 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 15:56 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 15:56 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 15:56 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 15:56 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 15:56 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 15:56 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 15:56 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 15:56 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 15:56 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 15:56 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 15:56 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 15:56 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 15:56 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 15:56 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 15:56 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 15:56 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 15:56 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 15:56 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 15:56 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 15:56 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 15:56 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 15:56 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 15:56 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 15:56 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 15:56 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 15:55 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 15:55 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 15:55 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 15:55 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 15:55 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 15:55 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 09:40 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 09:40 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 09:40 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 09:40 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 09:40 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 09:40 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 09:39 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 09:39 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 09:39 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 09:39 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 09:39 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 09:39 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 09:39 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 09:39 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 09:39 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 09:39 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 09:39 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 09:39 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 09:39 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 09:39 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 09:39 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 09:39 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 09:39 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 09:39 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 09:39 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 09:39 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 09:39 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 09:39 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 22:00 - 2014-02-11 22:00 - 00000622 _____ () C:\Users\Owner\Desktop\takeownership.zip
2014-02-09 15:33 - 2014-02-09 15:33 - 00002342 _____ () C:\Users\Owner\Documents\RKreport[0]_D_02092014_151148.txt
2014-02-09 15:11 - 2014-02-09 15:11 - 00002342 _____ () C:\Users\Owner\Desktop\RKreport[0]_D_02092014_151148.txt
2014-02-09 15:11 - 2014-02-09 15:11 - 00002275 _____ () C:\Users\Owner\Desktop\RKreport[0]_S_02092014_151113.txt
2014-02-08 20:33 - 2014-02-08 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-08 20:24 - 2014-02-08 20:24 - 00002311 _____ () C:\Users\Owner\Desktop\Safe Money.lnk
2014-02-08 20:21 - 2014-02-08 20:20 - 00001117 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-02-08 20:10 - 2014-02-13 21:07 - 253548352 _____ (Kaspersky Lab) C:\Users\Owner\Desktop\kis14.0.0.4651abEN_5096_UpgEmail[1]
2014-02-08 19:07 - 2014-02-08 19:07 - 00000926 _____ () C:\Users\Owner\Desktop\wsearch.zip
2014-02-08 00:21 - 2014-02-08 00:21 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 00:21 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 00:19 - 2014-02-08 00:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-08 00:16 - 2014-02-08 00:16 - 00002794 _____ () C:\Users\Owner\Documents\Rkill.txt
2014-02-08 00:04 - 2014-02-08 00:04 - 00001397 _____ () C:\Users\Owner\Documents\AdwCleaner[S6].txt
2014-02-07 23:50 - 2014-02-08 00:15 - 00002794 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-02-07 23:50 - 2014-02-07 23:50 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2014-02-07 23:45 - 2014-02-07 23:45 - 00006865 _____ () C:\Users\Owner\Documents\AdwCleaner[S5].txt
2014-02-07 23:39 - 2014-02-08 14:30 - 00006586 _____ () C:\Users\Owner\Documents\RKreport[0]_S_02072014_232213.txt
2014-02-07 23:39 - 2014-02-07 23:39 - 00037262 _____ () C:\Users\Owner\Documents\FRST.txt
2014-02-07 23:39 - 2014-02-07 23:39 - 00032090 _____ () C:\Users\Owner\Documents\Addition.txt
2014-02-07 23:22 - 2014-02-07 23:37 - 00006586 _____ () C:\Users\Owner\Desktop\RKreport[0]_S_02072014_232213.txt
2014-02-07 23:19 - 2014-02-09 15:11 - 00000000 ____D () C:\Users\Owner\Desktop\RK_Quarantine
2014-02-07 23:19 - 2014-02-07 23:19 - 04403200 _____ () C:\Users\Owner\Desktop\RogueKillerX64.exe
2014-02-07 22:57 - 2014-02-28 21:51 - 00025560 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-02-07 22:57 - 2014-02-07 23:37 - 00032090 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-02-07 22:31 - 2014-02-07 22:31 - 00000030 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-02-07 22:29 - 2014-02-07 22:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-02-07 22:14 - 2014-02-07 23:55 - 00000000 ____D () C:\AdwCleaner
2014-02-07 22:13 - 2014-02-07 22:14 - 01166132 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-02-06 21:34 - 2014-02-28 21:50 - 02155520 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-02 22:07 - 2014-02-02 22:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\Java
2014-02-02 21:56 - 2014-02-02 21:57 - 21646856 _____ () C:\Users\Owner\Downloads\homestream-2.0-win-setup.exe
2014-02-01 23:25 - 2014-02-01 23:25 - 13079688 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
==================== One Month Modified Files and Folders =======
2014-02-28 21:51 - 2014-02-07 22:57 - 00025560 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-02-28 21:51 - 2014-01-09 22:59 - 00000000 ____D () C:\FRST
2014-02-28 21:50 - 2014-02-28 21:50 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-02-28 21:50 - 2014-02-06 21:34 - 02155520 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-02-28 21:35 - 2013-03-15 19:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 21:33 - 2009-07-13 20:45 - 00025120 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 21:33 - 2009-07-13 20:45 - 00025120 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 21:32 - 2012-05-29 18:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-02-28 21:29 - 2012-08-18 21:00 - 01758559 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 21:29 - 2009-07-13 21:13 - 00770284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-28 21:28 - 2012-01-25 19:08 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 21:26 - 2013-09-18 17:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-28 21:26 - 2012-01-25 19:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 21:25 - 2014-02-16 11:31 - 00002688 _____ () C:\Windows\setupact.log
2014-02-28 21:25 - 2013-05-05 18:26 - 00000095 _____ () C:\Users\Owner\.accessibility.properties
2014-02-28 21:25 - 2012-03-28 16:00 - 00000000 ____D () C:\Users\Owner
2014-02-28 21:25 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 15:15 - 2012-06-07 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2014-02-27 14:57 - 2012-06-07 08:58 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-02-26 19:26 - 2014-02-26 19:26 - 509543360 _____ () C:\Windows\MEMORY.DMP
2014-02-26 19:26 - 2014-02-26 19:26 - 00270416 _____ () C:\Windows\Minidump\022614-30669-01.dmp
2014-02-26 19:26 - 2013-03-17 12:05 - 00000000 ____D () C:\Windows\Minidump
2014-02-25 22:23 - 2012-05-25 11:19 - 00747006 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 03:04 - 2014-02-25 03:04 - 00147656 _____ () C:\Windows\PFRO.log
2014-02-23 22:14 - 2012-03-28 16:04 - 00109688 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-23 22:13 - 2009-07-13 20:45 - 00418856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-23 22:11 - 2014-02-13 19:35 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-21 18:31 - 2013-06-05 08:51 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 14:35 - 2013-03-15 19:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 14:35 - 2013-03-15 19:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 14:35 - 2013-03-15 19:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-19 13:38 - 2012-05-29 18:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-19 13:38 - 2012-05-29 18:01 - 00000000 ____D () C:\ProgramData\Skype
2014-02-16 11:31 - 2014-02-16 11:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 03:35 - 2014-02-15 22:20 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-02-16 03:26 - 2013-08-14 10:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:24 - 2012-03-29 08:58 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 15:07 - 2014-02-15 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:22 - 2014-02-13 21:22 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-13 21:21 - 2014-02-13 21:21 - 00000000 ____D () C:\RegBackup
2014-02-13 21:07 - 2014-02-08 20:10 - 253548352 _____ (Kaspersky Lab) C:\Users\Owner\Desktop\kis14.0.0.4651abEN_5096_UpgEmail[1]
2014-02-13 20:52 - 2010-11-20 23:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-13 19:28 - 2014-02-13 19:28 - 00002130 _____ () C:\Users\Owner\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-13 19:28 - 2014-02-13 19:28 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-13 19:25 - 2014-02-13 19:25 - 05074688 _____ () C:\Users\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-02-12 20:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 08:23 - 2012-01-25 19:08 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 08:23 - 2012-01-25 19:08 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 22:00 - 2014-02-11 22:00 - 00000622 _____ () C:\Users\Owner\Desktop\takeownership.zip
2014-02-09 15:33 - 2014-02-09 15:33 - 00002342 _____ () C:\Users\Owner\Documents\RKreport[0]_D_02092014_151148.txt
2014-02-09 15:11 - 2014-02-09 15:11 - 00002342 _____ () C:\Users\Owner\Desktop\RKreport[0]_D_02092014_151148.txt
2014-02-09 15:11 - 2014-02-09 15:11 - 00002275 _____ () C:\Users\Owner\Desktop\RKreport[0]_S_02092014_151113.txt
2014-02-09 15:11 - 2014-02-07 23:19 - 00000000 ____D () C:\Users\Owner\Desktop\RK_Quarantine
2014-02-08 20:33 - 2014-02-08 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-08 20:24 - 2014-02-08 20:24 - 00002311 _____ () C:\Users\Owner\Desktop\Safe Money.lnk
2014-02-08 20:20 - 2014-02-08 20:21 - 00001117 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-02-08 19:07 - 2014-02-08 19:07 - 00000926 _____ () C:\Users\Owner\Desktop\wsearch.zip
2014-02-08 14:30 - 2014-02-07 23:39 - 00006586 _____ () C:\Users\Owner\Documents\RKreport[0]_S_02072014_232213.txt
2014-02-08 00:21 - 2014-02-08 00:21 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 00:21 - 2013-03-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 00:19 - 2014-02-08 00:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-08 00:16 - 2014-02-08 00:16 - 00002794 _____ () C:\Users\Owner\Documents\Rkill.txt
2014-02-08 00:15 - 2014-02-07 23:50 - 00002794 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-02-08 00:04 - 2014-02-08 00:04 - 00001397 _____ () C:\Users\Owner\Documents\AdwCleaner[S6].txt
2014-02-07 23:55 - 2014-02-07 22:14 - 00000000 ____D () C:\AdwCleaner
2014-02-07 23:50 - 2014-02-07 23:50 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2014-02-07 23:45 - 2014-02-07 23:45 - 00006865 _____ () C:\Users\Owner\Documents\AdwCleaner[S5].txt
2014-02-07 23:39 - 2014-02-07 23:39 - 00037262 _____ () C:\Users\Owner\Documents\FRST.txt
2014-02-07 23:39 - 2014-02-07 23:39 - 00032090 _____ () C:\Users\Owner\Documents\Addition.txt
2014-02-07 23:37 - 2014-02-07 23:22 - 00006586 _____ () C:\Users\Owner\Desktop\RKreport[0]_S_02072014_232213.txt
2014-02-07 23:37 - 2014-02-07 22:57 - 00032090 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-02-07 23:19 - 2014-02-07 23:19 - 04403200 _____ () C:\Users\Owner\Desktop\RogueKillerX64.exe
2014-02-07 22:31 - 2014-02-07 22:31 - 00000030 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-02-07 22:29 - 2014-02-07 22:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-02-07 22:14 - 2014-02-07 22:13 - 01166132 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-02-06 04:16 - 2014-02-12 15:56 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-12 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-12 15:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-12 15:56 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-12 15:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-12 15:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-12 15:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-12 15:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-12 15:56 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-12 15:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-12 15:56 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-12 15:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-12 15:55 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-12 15:56 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-12 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-12 15:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-12 15:55 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-12 15:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-12 15:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-12 15:56 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-12 15:56 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-12 15:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-12 15:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-12 15:55 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-12 15:56 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-12 15:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-12 15:56 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-12 15:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:25 - 2014-02-12 15:55 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:24 - 2014-02-12 15:56 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-12 15:55 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-12 15:56 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-12 15:56 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-12 15:55 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-12 15:56 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-12 15:56 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-12 15:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-12 15:56 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-12 15:56 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 21:57 - 2012-03-28 16:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-02-03 11:49 - 2009-07-13 21:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-02 22:55 - 2014-02-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-02 22:35 - 2012-03-28 16:02 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 22:07 - 2014-02-02 22:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\Java
2014-02-02 21:57 - 2014-02-02 21:56 - 21646856 _____ () C:\Users\Owner\Downloads\homestream-2.0-win-setup.exe
2014-02-01 23:25 - 2014-02-01 23:25 - 13079688 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-28 18:52
==================== End Of Log ============================

Log #3 Rkill log

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/28/2014 10:00:27 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\lxdpcoms.exe (PID: 1852) [WD-HEUR]
* C:\windows\system32\ThpSrv.exe (PID: 2336) [WD-HEUR]
* C:\Windows\System32\ThpSrv.exe (PID: 2688) [WD-HEUR]
* C:\Users\Owner\Desktop\FRST64.exe (PID: 5360) [UP-HEUR]
4 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity: 
* No issues found.
Searching for Missing Digital Signatures: 
* No issues found.
Checking HOSTS File: 
* HOSTS file entries found: 
::1 localhost
127.0.0.1 localhost
Program finished at: 02/28/2014 10:02:52 PM
Execution time: 0 hours(s), 2 minute(s), and 25 seconds(s)


----------



## Mark1956 (May 7, 2011)

Looks like some Adware has got back into Chrome. Please run Adwcleaner again, it should offer you an update when you run it, accept it. It should replace the version you already have. When the update is complete run the program, just as you did before and post the log produced after the reboot.

We will now try another approach to give you access to the minidump files.

Download File/Folder Unlocker

Save the download to your desktop, double click on the icon to install it.

When the "Choose Components" window opens uncheck all the boxes apart from the top one "Check for Unlocker Updates"

Run the program and navigate to the minidump file 022614-30669-01.dmp. Follow the prompts to unlock it and shut the program. Reboot the PC and try to access the minidump file again and see if you can now send it to a zip folder and attach it to your next post.


----------



## tenntod (Mar 17, 2013)

Mark, here is the log created when I ran AwdCleaner. I'm a little confused with the Unlocker program you've asked me to download and run. It says I'm to uncheck boxes from the "Choose Components" window that opens. I double clicked on the Uncheck icon from the desktop. I got a page that has a tab at the top of the page that says Application. Below that there are boxes that has Browse in it. Moving left to right it has Unlock Resource, Kill All Processes, Check, Check For updates, Skin Chooser, EMCO on the Web, About. I do not see "Choose Components" anywhere so I thought I'd better send what I have and wait for further instruction. Thank you for your patience.
Ted

# AdwCleaner v3.020 - Report created 02/03/2014 at 22:44:18
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\BearShare Applications
Folder Deleted : C:\Users\Owner\AppData\Roaming\DigitalSites
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]gethighlightly.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjpogn14.default\prefs.js ]

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\prefs.js ]

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ovmz69us.default\prefs.js ]

-\\ Google Chrome v33.0.1750.117
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R5].txt - [1886 octets] - [07/02/2014 22:14:51]
AdwCleaner[R6].txt - [7677 octets] - [07/02/2014 23:30:23]
AdwCleaner[R7].txt - [1336 octets] - [07/02/2014 23:54:39]
AdwCleaner[R8].txt - [2415 octets] - [02/03/2014 22:36:08]
AdwCleaner[S4].txt - [1916 octets] - [07/02/2014 22:15:33]
AdwCleaner[S5].txt - [6865 octets] - [07/02/2014 23:40:04]
AdwCleaner[S6].txt - [1397 octets] - [07/02/2014 23:55:21]
AdwCleaner[S7].txt - [2352 octets] - [02/03/2014 22:44:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2412 octets] ##########


----------



## Mark1956 (May 7, 2011)

Looks like things have changed a bit with the Unlocker program since my instructions were created. When you launch the program just click on the first icon at the end of the box just below 'Select a file or folder to check for being locked:' You need to find the Minidump folder and then select the latest minidump file, then click on the Check button, the program should then tell you if the file is locked or not, if locked it should give you the option to unlock it, after which you should be able to zip up the minidump file/s. Let me know what happens. You should repeat the process for each minidump file if there is more than one.

Adwcleaner did find some more Adware, please run it again and post the new log so we can be sure it has all gone.


----------



## tenntod (Mar 17, 2013)

Mark,

I ran AdwCleaner again and here is the post. I will follow your instructions regarding minidump and forward that to you in a separate post.
Thank You,
Ted

# AdwCleaner v3.020 - Report created 03/03/2014 at 21:09:25
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjpogn14.default\prefs.js ]

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420\prefs.js ]

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ovmz69us.default\prefs.js ]

-\\ Google Chrome v33.0.1750.117
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R5].txt - [1886 octets] - [07/02/2014 22:14:51]
AdwCleaner[R6].txt - [7677 octets] - [07/02/2014 23:30:23]
AdwCleaner[R7].txt - [1336 octets] - [07/02/2014 23:54:39]
AdwCleaner[R8].txt - [2415 octets] - [02/03/2014 22:36:08]
AdwCleaner[R9].txt - [1590 octets] - [03/03/2014 21:08:38]
AdwCleaner[S4].txt - [1916 octets] - [07/02/2014 22:15:33]
AdwCleaner[S5].txt - [6865 octets] - [07/02/2014 23:40:04]
AdwCleaner[S6].txt - [1397 octets] - [07/02/2014 23:55:21]
AdwCleaner[S7].txt - [2500 octets] - [02/03/2014 22:44:18]
AdwCleaner[S8].txt - [1511 octets] - [03/03/2014 21:09:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1571 octets] ##########


----------



## Mark1956 (May 7, 2011)

Adwcleaner is now showing a clean result. I shall wait to hear from you about how things go with the minidumps.


----------



## tenntod (Mar 17, 2013)

Mark,


I followed the task to the letter and the minidump folder came up and said it was empty. I honestly don't know how the folder was emptied. I'll wait to hear from you.


----------



## Mark1956 (May 7, 2011)

We have not done anything that could have deleted the minidump file which should still be in the Minidump folder. When you search for the file with the Unlocker program there are two options. On the end of the box below 'Select a file or folder to check for being locked:' you must use the correct tab. When you wave the mouse pointer over the tabs one shows File the other shows Folder. If you choose the Folder tab it won't show the contents of the folder, check that you did the search using the File tab.


----------



## tenntod (Mar 17, 2013)

Dear Mark,


I'm sorry, I feel so dumb. I don't understand exactly how to use the Unlocker program. I opened the icon saved on my desktop that says EMCO Unlock It. There's what looks like a key as the icon. I went to the box you referred me to at the end of the line where it says "Select a file or folder to check for being unlocked." I clicked on "browse for file" Up pops a window. I double clicked on "C" drive, then double click on Windows, then click on minidump. Then this is what it syas at the top of the page "Computer C:\Windows\Minidump" After I click on minidump the following pops up at the top of the page. "C:\Windows\Minidump File Folder is empty". I'm confused and don't know what I'm doing wrong. Can you please let me know what you think I might be doing wrong? Thank you.


----------



## Mark1956 (May 7, 2011)

From what you have described, you have done nothing wrong. We will have to wait and see if another BSOD happens and then hopefully you will be able to access the minidump file in the normal way and post it for analysis.


----------



## tenntod (Mar 17, 2013)

Thank you Mark. What does BOSD stand for so I can keep and eye out for it?


----------



## tenntod (Mar 17, 2013)

I forgot to ask you a question. Your responses used to be come directly into my email. It hasn't been doing that for a couple of weeks now. I have to open my email, go find a old post from you, then click on it to see whether you've responded. Do you have any idea why that started doing that suddenly. Is there something I need to change so that your posts show up in my email inbox again?
Thank You,
Ted


----------



## Mark1956 (May 7, 2011)

BSOD stands for Blue Screen of Death, that is what happens when the system crashes and flashes up a blue screen with white text on it and then the system reboots.

Check you notification settings in your account, then you should receive notifications.

Click on My Account at the top of the page.
In the left column click on Edit Options.
Look down the list and make sure all the boxes under Receive Email are checked.
Then under the Default Thread Subscription Mode that it is set to Instant email Notification.
Scroll to the bottom of the page and click on Save Changes.


----------



## tenntod (Mar 17, 2013)

Thank you Mark I went into My Account and did what you instructed me to do. I have not had any lock ups of the computer or BSOD's for the past week or 10 days. I do want to report a problem and I don't know if it has anything to do with what we've been working on. When using Firefox as the browser, let's say I'm going thru my email. If someone has sent me a link to view a picture file or sometimes even a text file. A blank screen with a little "X" in the top left hand corner will pop up. That's all I will see when there is supposed to be text or a picture there. When I back out of Firefox and go into IE everything is normal. I don't know if I've described this problem well enough for you to know what it might be. Hopefully you will know.
Thank you,
Ted


----------



## Mark1956 (May 7, 2011)

Sounds like things have improved.

When you have Firefox open, click on Tools then Add-ons. Disable the Kaspersky items, then close Firefox. Then see if you can open links in your email.


----------



## tenntod (Mar 17, 2013)

Mark,


I'm sorry but I did what you told me to do, Kaspersky did not show as a ad-on. In fact, a page popped up that said no ad-ons with that name were found. What the heck could I be doing wrong?


----------



## Mark1956 (May 7, 2011)

That is a bit odd as there are several Kaspersky items showing in the FRST log as Extensions in Firefox.

Open Firefox, click on Tools at the top of the page and select Add-ons, take a screenshot of the page that opens, it should be the Extensions list.

How to take a screen shot in Vista/Windows 7

*How to attach a screenshot.*
Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on it and a new window opens.
• Click on the *Browse* button, find the screenshot/folder you made earlier and doubleclick on it.
• Now click on the *Upload* button. When done, click on the *Close this window* button at the top of the page.
• Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## tenntod (Mar 17, 2013)

Dear Mark,


I'm sorry but I have not been able to figure out what your asking me to do. When I opened Firefox and clicked on tools a pop-up window comes up that at the very top says "Ad-ons Manager". Below and to the left a little I see Get Ad-ons below that is Extensions and going further down the list is Appearance, Plug-ins, Services. I do not see anything from that page to move forward with what your asking me to do.
Sincerely,
Ted


----------



## Mark1956 (May 7, 2011)

Not to worry, from what you have described there are no Extensions showing.

As it has been over a month since last running FRST it may help if I could see fresh logs. Please run FRST, when the window opens put a check mark next to Addition.txt and then run the scan, post both of the logs produced.


----------



## tenntod (Mar 17, 2013)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2014
Ran by Owner at 2014-04-11 19:40:55
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.0.9 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.3.0.8 - )
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.4.0.14 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.6.0.13 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.0.8 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.19.43 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.8.0.74 - )
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EMCO UnLock IT 3.0 (HKLM-x32\...\EMCO UnLock IT 3_is1) (Version: - EMCO Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
HP Product Detection (HKLM-x32\...\{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}) (Version: 11.15.0004 - HP)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PDF To Excel Converter V3.0 (HKLM-x32\...\PDF To Excel Converter_is1) (Version: - http://www.PDFExcelConverter.com)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.3.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
21-03-2014 20:40:57 Windows Update
25-03-2014 15:40:48 Windows Update
28-03-2014 17:05:33 Windows Update
01-04-2014 18:38:37 Windows Update
04-04-2014 19:13:59 Windows Update
08-04-2014 15:51:02 Windows Update
12-04-2014 01:52:17 Windows Update
==================== Hosts content: ==========================
2009-07-13 19:34 - 2013-04-10 14:40 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {01C705B4-52CE-46B8-94E4-6454B2466103} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {13276ACD-4DDE-4A29-BB8B-C92A2D9C67C9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3CD59D2A-35A9-4701-BF09-A30BF7720DB2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3DC9AB5D-75BF-4E6C-9EDE-D6A8D8432BA4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1699991964-2536946847-36376121-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5802D785-7045-4705-9017-377A1D1FD770} - System32\Tasks\{37ABBFA8-F24D-4317-A442-5FA3BB0F7D11} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {581EB7A7-EB3B-4B89-85E4-1485DDDDD386} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {622DFA1D-AF33-439A-BEB3-343E5B4F1949} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25] (Google Inc.)
Task: {6C2E4F53-D9D1-4D78-81EC-459E77442452} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {850B310A-9F73-4972-A5C4-963FD0F158FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1699991964-2536946847-36376121-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8D237195-0D55-41CB-8FF0-33973362B6BF} - System32\Tasks\{5C4213AD-B3D4-409D-971C-2E458CFCE332} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {9C94075C-6F1D-47C5-BA88-E1D41C1584D3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A3B62135-8A37-4413-995A-F7EAB95B0D07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25] (Google Inc.)
Task: {C601B345-BEA0-4C69-8C76-3886A5FDA14B} - System32\Tasks\{9CE12553-2BDB-4DB5-BB66-6CBC2BBAFADD} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {D2D4104A-D7AF-4C51-865E-A670875498B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {EA8CA7EF-25B1-4A68-8159-144073608B15} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {F377211F-9E81-4EDA-A788-AF52B2F9F0E6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FAED077A-3B2A-4A2F-8ED4-879C68E6DA5B} - System32\Tasks\G2MUpdateTask-S-1-5-21-1699991964-2536946847-36376121-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-17] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1699991964-2536946847-36376121-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-05-31 18:32 - 2011-05-31 18:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-04-14 13:08 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdpdrpp.dll
2011-06-27 10:16 - 2011-06-27 10:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 11:37 - 2010-11-30 11:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 18:32 - 2011-05-31 18:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-22 20:22 - 2011-02-22 20:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2011-06-09 22:09 - 2011-06-09 22:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-08-17 21:39 - 2013-09-18 18:54 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2014-03-18 15:24 - 2014-03-18 15:24 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 12:35 - 2014-03-12 12:35 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Owner\Documents\Emailing_ Doctor_jpeg.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (04/11/2014 07:39:52 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.10.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1b04
Start Time: 01cf55f779ca487a
Termination Time: 2
Application Path: C:\Users\Owner\Desktop\FRST64.exe
Report Id: a8b39061-c1eb-11e3-95dc-dc0ea1410c47
Error: (04/11/2014 06:45:22 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (04/11/2014 00:53:48 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (04/11/2014 00:29:10 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (04/10/2014 03:51:36 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (04/10/2014 10:55:20 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (04/09/2014 11:25:19 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (04/09/2014 10:18:17 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (04/09/2014 04:36:40 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (04/09/2014 02:55:28 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

System errors:
=============
Error: (04/11/2014 06:45:02 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error: 
%%2
Error: (04/11/2014 06:44:56 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (04/11/2014 00:28:52 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error: 
%%2
Error: (04/11/2014 00:28:46 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (04/10/2014 03:55:16 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service hung on starting.
Error: (04/10/2014 03:51:13 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error: 
%%2
Error: (04/10/2014 03:51:07 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
Error: (04/10/2014 10:59:02 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service hung on starting.
Error: (04/10/2014 10:54:59 AM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error: 
%%2
Error: (04/10/2014 10:54:51 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2

Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-04-11 12:59:58.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-04-11 12:59:58.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-04-11 12:59:58.731
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-04-11 12:59:58.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-04-11 12:59:58.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-04-11 12:59:58.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-04-10 00:31:36.189
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-04-10 00:31:36.189
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-04-10 00:31:36.179
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-04-10 00:31:36.159
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 51%
Total physical RAM: 4002.69 MB
Available physical RAM: 1925.78 MB
Total Pagefile: 8003.56 MB
Available Pagefile: 5466.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (TI106332W0C) (Fixed) (Total:579.64 GB) (Free:481.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 27058636)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=580 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2014
Ran by Owner (administrator) on OWNER-PC on 11-04-2014 19:40:31
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\system32\lxdpcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] - C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1699991964-2536946847-36376121-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1699991964-2536946847-36376121-1000\...\Policies\system: [DisableLockWorkstation] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - DefaultScope {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://start.mysearchdial.com/resul...FtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
SearchScopes: HKCU - {186F63CE-8D08-4AC7-91C4-8A834A1E89FE} URL = http://start.mysearchdial.com/resul...FtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=378930771&ir=
SearchScopes: HKCU - {5EB07BDA-DAA9-43E9-9508-0BAD4693CEC6} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - {B7F42A96-DE99-47A7-B58E-8DDEB4BA9F8A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mzg8cnb7.default-1370897875420
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Liveu0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (lookinglink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakbkblgilodacnlnmcoiofdjakliih [2014-02-02]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (weDownload Manager Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2013-12-25]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-13]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-05-02]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S3 lxcg_device; C:\Windows\system32\lxcgcoms.exe [451584 2005-07-25] ( )
R2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-09-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-09-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-09-18] (Kaspersky Lab ZAO)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
S3 gfiark; system32\drivers\gfiark.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-04-11 19:39 - 2014-04-11 19:40 - 00024917 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-11 19:32 - 2014-04-11 19:32 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-04-11 18:53 - 2014-04-11 18:54 - 00000000 ____D () C:\04deeea4384f4da58c7a2f16b5
2014-04-03 21:02 - 2014-04-03 21:02 - 00085647 _____ () C:\Users\Owner\Desktop\Ignition Lock Cylinder_ REMOVAL &amp
2014-04-01 14:30 - 2014-04-01 14:30 - 603096878 _____ () C:\Windows\MEMORY.DMP
2014-04-01 14:30 - 2014-04-01 14:30 - 00270416 _____ () C:\Windows\Minidump\040114-26301-01.dmp
2014-03-29 13:06 - 2014-04-11 18:44 - 00002464 _____ () C:\Windows\setupact.log
2014-03-29 13:06 - 2014-03-29 13:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-26 22:13 - 2014-04-08 16:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-03-26 22:13 - 2014-03-26 22:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20254248-EF2C-4E10-BA78-FAC38FDECD00}
2014-03-26 13:24 - 2014-03-26 13:24 - 00097280 _____ () C:\Users\Owner\Desktop\split system estimate.xls
2014-03-26 13:19 - 2014-03-26 13:19 - 00097280 _____ () C:\Users\Owner\Desktop\RTU change out job estimate sheet.xls
2014-03-18 15:24 - 2014-03-18 15:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-12 12:15 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 12:15 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 12:15 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 12:15 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 12:15 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 12:15 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 12:15 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 12:15 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 12:15 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 12:15 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 12:15 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 12:15 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 12:15 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 12:15 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 12:15 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 12:15 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 12:15 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 12:15 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 12:15 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 12:15 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 12:15 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 12:15 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 12:15 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 12:15 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 12:15 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 12:15 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 12:15 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 12:14 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 12:14 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 12:14 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 12:14 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 12:14 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 12:14 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 12:14 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 12:14 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 12:14 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 12:14 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 12:14 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 12:14 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 12:14 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 12:14 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 12:14 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 12:14 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 12:14 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 12:14 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 12:14 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 12:14 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 12:14 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
==================== One Month Modified Files and Folders =======
2014-04-11 19:40 - 2014-04-11 19:39 - 00024917 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-11 19:39 - 2014-01-09 23:59 - 00000000 ____D () C:\FRST
2014-04-11 19:38 - 2013-06-05 09:51 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 19:38 - 2012-01-25 20:08 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-11 19:35 - 2013-03-15 20:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-11 19:32 - 2014-04-11 19:32 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-04-11 19:32 - 2014-02-06 22:34 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-04-11 19:12 - 2014-03-05 12:30 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1699991964-2536946847-36376121-1000.job
2014-04-11 19:06 - 2012-05-29 19:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-04-11 19:04 - 2013-09-18 18:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-11 18:56 - 2012-08-18 22:00 - 01667731 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 18:54 - 2014-04-11 18:53 - 00000000 ____D () C:\04deeea4384f4da58c7a2f16b5
2014-04-11 18:53 - 2009-07-13 21:45 - 00025120 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 18:53 - 2009-07-13 21:45 - 00025120 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 18:49 - 2009-07-13 22:13 - 00770284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-11 18:45 - 2013-05-05 19:26 - 00000095 _____ () C:\Users\Owner\.accessibility.properties
2014-04-11 18:45 - 2012-03-28 17:00 - 00000000 ____D () C:\Users\Owner
2014-04-11 18:45 - 2012-01-25 20:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-11 18:44 - 2014-03-29 13:06 - 00002464 _____ () C:\Windows\setupact.log
2014-04-11 18:44 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 16:11 - 2014-03-26 22:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-04-03 21:02 - 2014-04-03 21:02 - 00085647 _____ () C:\Users\Owner\Desktop\Ignition Lock Cylinder_ REMOVAL &amp
2014-04-01 14:30 - 2014-04-01 14:30 - 603096878 _____ () C:\Windows\MEMORY.DMP
2014-04-01 14:30 - 2014-04-01 14:30 - 00270416 _____ () C:\Windows\Minidump\040114-26301-01.dmp
2014-04-01 14:30 - 2013-03-17 13:05 - 00000000 ____D () C:\Windows\Minidump
2014-03-31 13:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-30 10:29 - 2012-01-25 20:08 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 10:29 - 2012-01-25 20:08 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 13:06 - 2014-03-29 13:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-26 22:13 - 2014-03-26 22:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{20254248-EF2C-4E10-BA78-FAC38FDECD00}
2014-03-26 22:13 - 2012-06-07 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2014-03-26 13:24 - 2014-03-26 13:24 - 00097280 _____ () C:\Users\Owner\Desktop\split system estimate.xls
2014-03-26 13:19 - 2014-03-26 13:19 - 00097280 _____ () C:\Users\Owner\Desktop\RTU change out job estimate sheet.xls
2014-03-18 15:24 - 2014-03-18 15:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-17 23:05 - 2013-08-14 11:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 23:03 - 2012-03-29 09:58 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 19:37 - 2014-03-05 12:30 - 00003564 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1699991964-2536946847-36376121-1000
2014-03-12 17:17 - 2009-07-13 21:45 - 00418856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 14:38 - 2012-05-29 19:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-12 12:35 - 2013-03-15 20:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 12:35 - 2013-03-15 20:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 12:35 - 2013-03-15 20:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 11:03
==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

There are a few items of Adware in the logs, but first to try and fix the email attachment issue do a reset on Firefox.

Open Firefox, click on Help, Troubleshooting Information, then click on the Reset Firefox button, reboot the system and try to open an email attachment.


----------

