1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

    Dismiss Notice

Windows failed to start..A recent hardware error and BSOD error STOP; 0X000000ED

Discussion in 'Virus, Spyware and Malware Removal Help' started by mikeinstlouis, Jun 30, 2015.

  1. mikeinstlouis

    mikeinstlouis Member iHF Regular

    Joined:
    Jun 30, 2015
    Messages:
    36
    Likes Received:
    4
    Trophy Points:
    8
    Hi guys.

    First off..This is my first post at this forum! I am sorry if this question has been posted before. I have seen it on Google with different suggestions that people said didn't work.

    A few weeks ago, I started my Toshiba Satellite Windows laptop and it went to the screen that says that "Windows failed to start. A recent hardware or software change might be the cause.."
    The options of "Launch Startup Repair (recommended) vs Start Windows Normally" are given.

    I use the first option and it ends up with a black screen and a bigger than normal white arrow cursor that responds to the mouse and that's it...no icons or anything every appear and it remains black except for the large white arrow.

    I use the second option that shows the Windows logo loading up normally then right to the BSOD.

    I went to safemode and turned off the auto restart. To summarize, the error message in the BSOD said Unmountable_Boot_Volume.

    At the bottom it said STOP; 0X000000ED, (0xFFFFFA8004C86CD0, 0XFFFFFFFFC0000185, then two 0xlots of 0's repeated twice.

    I tried to go to a previous restore point with no luck

    I have tried to do some previously suggested things at the command prompt, when I boot into safe mode and pick the command prompt option, it goes straight to that BSOD error.

    I did notice that my antivirus program was alerting me several times that it had found some things the night before it stopped working.

    I was able to remove my hard drive and slave it to a desktop computer. I used a data recovery program and so far have been able to get back nearly all of my pictures so that is good.

    Obviously I would love to save my laptop and not have to start all over.

    I would be grateful if someone knows where to direct me or any advice or if any additional information is needed.

    Thanks!
    Mikeinstlouis
     
  2. veeg

    veeg Live Long And Eat Bacon Moderator WCG Team Member

    Joined:
    May 7, 2014
    Messages:
    1,003
    Likes Received:
    381
    Trophy Points:
    93
    Hello

    I would suggest that you run an anti virus/malware scan on those pics you downloaded and then run a scan on that HDD.
     
  3. mikeinstlouis

    mikeinstlouis Member iHF Regular

    Joined:
    Jun 30, 2015
    Messages:
    36
    Likes Received:
    4
    Trophy Points:
    8
    I did not download any pictures. They were from my digital camera.
    is it possible to run the antivirus as a slave?
     
  4. driver_ian

    driver_ian In at the Deep End... Administrator iHF Legend Security Advisor

    Joined:
    May 2, 2014
    Messages:
    2,387
    Likes Received:
    523
    Trophy Points:
    123
    Hello mikeinstlouis
    You can connect it to the desktop you used to back up you photos etc and scan it with the antivirus you have running on that machine. Make sure the antivirus software is updated before running it.. Most AV software will give the option to scsn a selected drive if you don't want to scan the whole machine..
     
  5. mikeinstlouis

    mikeinstlouis Member iHF Regular

    Joined:
    Jun 30, 2015
    Messages:
    36
    Likes Received:
    4
    Trophy Points:
    8
    Thank you very much! Do you know about Kapersky (sp?) disk recovery? I have read about that.
     
  6. Lord Chance

    Lord Chance iHelpForum Jester & Door Greeter iHF Veteran Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    2,630
    Likes Received:
    2,164
    Trophy Points:
    273
    Greetings MikeinStLouis and welcome to iHelp Forum.

    An Unmountable_Boot_Volume error, as you may suspect, is usually caused by a corrupt boot sector or Master Boot Record. While a virus or malware infection can cause this issue it is most often caused by a failing hard drive. It may be possible to recover from this by using one of the hard drive manufacturer's hard drive tools. They can rewrite corrupt sectors to reserve sectors on the hard drive. Be aware this is only a temporary fix but may help you get up and running long enough to image your drive to a new one.

    My suggestion would be to allow Driver Ian to give your drive a once over to insure it is or is not virus related before other avenues are visited. ")
     
  7. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Lets see if we can get your machine booting again.

    • On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.\


      FRST 64bit or FRST 32 bit


      Note: You need to run the version compatible with your system.

      Plug the flashdrive into the infected PC.
    • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

      If you are using Vista or Windows 7 enter System Recovery Options.

      To enter System Recovery Options from the Advanced Boot Options:
      • Restart the computer.
      • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
      • Use the arrow keys to select the Repair your computer menu item.
      • Select US as the keyboard language settings, and then click Next.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account an click Next.
      Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
      To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


      To enter System Recovery Options by using Windows installation disc:
      • Insert the installation disc.
      • Restart your computer.
      • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.[/*]
      • Click Repair your computer.
      • Select US as the keyboard language settings, and then click Next.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
    • On the System Recovery Options menu you will get the following options:

      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


      Select Command Prompt
    • Once in the Command Prompt:
      • In the command window type in notepad and press Enter.
      • The notepad opens. Under File menu select Open.
      • Select "Computer" and find your flash drive letter and close the notepad.
      • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
        Note:
        Replace letter e with the drive letter of your flash drive.
      • The tool will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  8. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Hello, you still need help???
     
  9. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Can you give us an update?
     
  10. mikeinstlouis

    mikeinstlouis Member iHF Regular

    Joined:
    Jun 30, 2015
    Messages:
    36
    Likes Received:
    4
    Trophy Points:
    8
    Wow! I stopped getting email alerts that any one was responding so I assumed that no one was helping...MY APOLOGIES and THANKS!!
    My dad passed away in June so needless to day, I have been unable to work on my laptop...that and I received no email alerts.
    I will look at these suggestions and get to it as soon as possible. I have to go back to KC this weekend and won't be able to work on it but will be back in St. Louis next week. I would love to get this resolved and THANK YOU so much for all of your help you guys!
     
  11. Lord Chance

    Lord Chance iHelpForum Jester & Door Greeter iHF Veteran Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    2,630
    Likes Received:
    2,164
    Trophy Points:
    273
    Please accept our heartfelt condolences Mike. You have our prayers of comfort for you and your family. :)

    Please be safe and check back when things settle for you. We will be pleased to help you try to resolve your issues. :)
     
  12. mikeinstlouis

    mikeinstlouis Member iHF Regular

    Joined:
    Jun 30, 2015
    Messages:
    36
    Likes Received:
    4
    Trophy Points:
    8
    My sincerest thanks for your kind words and understanding. This has been very tough on me as he was not only my dad, but probably my best friend. I know it is something we all must go through, but that sure doesn't make it any easier.
    I am anxious to tackle this laptop next week and thanks again for everything...I am moved at the "kindness of stranger"

    Mike

    PS...How would I allow for Driver Ian to give my hard drive a check?
    Thanks
     
  13. driver_ian

    driver_ian In at the Deep End... Administrator iHF Legend Security Advisor

    Joined:
    May 2, 2014
    Messages:
    2,387
    Likes Received:
    523
    Trophy Points:
    123
    Kindness is what we do here at iHF Mike... come back to us when you are ready...
     
    Cameldung likes this.
  14. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93

     
  15. mikeinstlouis

    mikeinstlouis Member iHF Regular

    Joined:
    Jun 30, 2015
    Messages:
    36
    Likes Received:
    4
    Trophy Points:
    8
    Thanks guys. I am not sure what you mean by letting Driver Ian give my hard drive a check.. does that mean that my next step is to download the Farbar Recovery tool?

    I tried to run some commands at the command prompt before and they brought me back to the blue screen. Will running this program as instructed this override all of that?

    Sorry for such basic questions.

    Thanks
    Mike
     
    Last edited: Jul 14, 2015
  16. driver_ian

    driver_ian In at the Deep End... Administrator iHF Legend Security Advisor

    Joined:
    May 2, 2014
    Messages:
    2,387
    Likes Received:
    523
    Trophy Points:
    123
    Follow the instructions given by Malnutrition.

    Farbars Recovery Scan Tool will provide diagnostic information allowing us to know what is causing your issues.

    Be sure to post the contents of the log file it produces when it has finished it's scan.
     
    Malnutrition likes this.
  17. mikeinstlouis

    mikeinstlouis Member iHF Regular

    Joined:
    Jun 30, 2015
    Messages:
    36
    Likes Received:
    4
    Trophy Points:
    8
    UPDATE

    Last night while I was using an Aluratek adapter to connect my laptop's hard drive to my pc, (finalizing a backup), my PC rebooted and tried to boot off of the laptop's hard drive. It went through a series of screens to one that said fix my computer, or something like that.

    I thought I would give it a try and it took a long time and then came up saying that it could not be repaired.

    I noticed that I could see the contents of my laptop's hard drive on my PC which is something that was totally new. It barely recognized it before. It showed a hard drive but no contents.

    I was going to follow Malnutrition's instructions so I put the hard drive back into the laptop and it booted up all the way up to my home screen!

    It seems to be working fine, except it is slow with certain things.

    I ran a malwarebytes scan and if found 22 things which I deleted

    I can not complete a scan with my Symentic End Point antivirus. I try to run a scan and it just stops after scanning about 700 files.

    I tried to reboot and it said I had 31 updates. It stalled for about 25 minutes on the first update. I powered off and I was able to get back to my home screen again but with the same issues of lagginess and unable to do a virus scan.

    That is where I am right now. It is working but does not seem to be optimal.

    Shall I do the Farbar's scan? Scan with my AV in safe mode? It IS working, but not optimal...just slow and won't complete virus scans. Not sure if super antispyware is a good one but I am giving that one a go before bed.

    Any help would be appreciate.

    Thanks

    Mike

    Update
    Overnight the superspyware didnt' find much.
    I tried the antivirus again and let it go. It was complete when I came home from work and found a few things. Not sure if anything important was found.

    What would you guys do if you were in my position?
    Thanks!
    Mike
     
    Last edited: Jul 15, 2015
  18. Pancake

    Pancake To Protect and Serve Moderator iHF Master Craftsman Security Advisor

    Joined:
    May 5, 2014
    Messages:
    1,219
    Likes Received:
    168
    Trophy Points:
    73
    Yes. Run Farbar
     
  19. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Since your machine is running in normal mode now please run the following scans.

    Step 1: Adware Cleaner Scan.


    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:AdwCleaner[s1].txt as well.
    STEP 2: Rogue Killer Scan.

    Download Rogue Killer and save it to your Desktop, you will need the version compatible with your machine.

    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Step 3: FRST Scan.


    Please download and save FRST 64bit or FRST 32 bit to your Desktop.


    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  20. mikeinstlouis

    mikeinstlouis Member iHF Regular

    Joined:
    Jun 30, 2015
    Messages:
    36
    Likes Received:
    4
    Trophy Points:
    8
    Here is the AdwCleaner report:: (BTW your link for the is app was to something else)
    There were several Reports with an R, but this is the last one called AdwCleaner [S0].txt


    # AdwCleaner v4.208 - Logfile created 15/07/2015 at 22:25:58
    # Updated 09/07/2015 by Xplode
    # Database : 2015-07-15.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Mike - USER-PC
    # Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\SearchProtect
    Folder Deleted : C:\Program Files (x86)\Applian Technologies
    Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
    Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Mike\AppData\Roaming\DigitalSites
    Folder Deleted : C:\Users\Mike\AppData\Roaming\pccustubinstaller
    File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klibnahbojhkanfgaglnlalfkgpcppfi
    File Deleted : C:\END

    ***** [ Scheduled tasks ] *****

    Task Deleted : Digital Sites

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2974C985-8151-4DE5-B23C-B875F0A8522F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\BetterSurf
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17801


    -\\ Mozilla Firefox v25.0 (en-US)


    -\\ Google Chrome v43.0.2357.134


    *************************

    AdwCleaner[R0].txt - [2160 bytes] - [15/07/2015 21:40:39]
    AdwCleaner[R1].txt - [2217 bytes] - [15/07/2015 22:11:29]
    AdwCleaner[R2].txt - [2276 bytes] - [15/07/2015 22:22:40]
    AdwCleaner[S0].txt - [2233 bytes] - [15/07/2015 22:25:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2292 bytes] ##########

    Next the Rogue Killer

    RogueKiller V10.9.1.0 (x64) [Jul 9 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mike [Administrator]
    Started from : C:\Users\Mike\Desktop\RogueKillerX64.exe
    Mode : Delete -- Date : 07/15/2015 23:12:00

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activation.cloud.techsmith.com

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++
    --- User ---
    [MBR] 5ef40d288db3adce03a84c60ef3b562c
    [BSP] 42bc0da9f77616d50982df71a625c8c7 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 461782 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 948803584 | Size: 13657 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK




    Last but not least the FRST.txt Please note that I not CLEAN anything since it was never mentioned to do so. Should I?


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
    Ran by Mike (administrator) on USER-PC on 15-07-2015 23:49:27
    Running from C:\Users\Mike\Desktop
    Loaded Profiles: Mike (Available Profiles: Mike & Administrator)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    () C:\Windows\System32\GFNEXSrv.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Dropbox, Inc.) C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-12] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-10] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544104 2011-04-07] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2011-04-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-31] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [200704 2007-08-06] (PowerISO Computing, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKU\S-1-5-21-41184670-3636737264-1091244728-1003\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-10] (Google Inc.)
    HKU\S-1-5-21-41184670-3636737264-1091244728-1003\...\Run: [GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)
    HKU\S-1-5-21-41184670-3636737264-1091244728-1003\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    HKU\S-1-5-21-41184670-3636737264-1091244728-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-41184670-3636737264-1091244728-1003\...\Run: [Dropbox Update] => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-14] (Dropbox, Inc.)
    HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
    AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
    Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-14]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\S-1-5-21-41184670-3636737264-1091244728-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    SearchScopes: HKLM-x32 -> {7C7F5D0D-3797-4160-BAE6-617F526D542A} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {7F1540B2-6D07-4FD4-BB49-7E16A78416F4} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-41184670-3636737264-1091244728-1003 -> DefaultScope {93970751-DA98-4705-8671-6ACAF025BC6F} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-41184670-3636737264-1091244728-1003 -> {7F1540B2-6D07-4FD4-BB49-7E16A78416F4} URL =
    SearchScopes: HKU\S-1-5-21-41184670-3636737264-1091244728-1003 -> {93970751-DA98-4705-8671-6ACAF025BC6F} URL = https://www.google.com/search?q={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-10-20] (Symantec Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
    Toolbar: HKU\S-1-5-21-41184670-3636737264-1091244728-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Hosts: 127.0.0.1 activation.cloud.techsmith.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{68965837-5A6F-4D97-A5C2-4C7CCEC4B706}: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jjx00lup.default-1420397607136
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-41184670-3636737264-1091244728-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-41184670-3636737264-1091244728-1003: @talk.google.com/O1DPlugin -> C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-41184670-3636737264-1091244728-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-41184670-3636737264-1091244728-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Extension: Firefox Old Version Update Hotfix - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jjx00lup.default-1420397607136\Extensions\firefox-hotfix@mozilla.org.xpi [2015-01-04]
    FF Extension: UnPlug - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jjx00lup.default-1420397607136\Extensions\unplug@compunach.xpi [2015-01-04]

    Chrome:
    =======
    CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-06]
    CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-06]
    CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-06]
    CHR Extension: (Google Cast) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-24]
    CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06]
    CHR Extension: (Readium) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-02-19]
    CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2015-01-17]
    CHR Extension: (Google Voice (by Google)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-10-10]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
    CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
    CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
    R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation)
    R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-20] (Symantec Corporation)
    S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-20] (Symantec Corporation)
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20150625.011\BHDrvx64.sys [1647856 2015-06-25] (Symantec Corporation)
    R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-20] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-14] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-14] (Symantec Corporation)
    R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20150715.011\IDSvia64.sys [671448 2015-07-14] (Symantec Corporation)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
    R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150715.001\ENG64.SYS [138488 2015-07-14] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150715.001\EX64.SYS [2146040 2015-07-14] (Symantec Corporation)
    R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-20] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-20] (Symantec Corporation)
    S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-20] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-20] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-20] (Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-14] (Symantec Corporation)
    R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-20] (Symantec Corporation)
    R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-20] (Symantec Corporation)
    R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2013-11-14] (Symantec Corporation)
    R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
    R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2013-10-20] (Symantec Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-07-15] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-15 23:49 - 2015-07-15 23:50 - 00027354 _____ C:\Users\Mike\Desktop\FRST.txt
    2015-07-15 23:47 - 2015-07-15 23:49 - 00000000 ____D C:\FRST
    2015-07-15 23:13 - 2015-07-15 23:13 - 00001346 _____ C:\Users\Mike\Desktop\rk_97EB.tmp.txt
    2015-07-15 22:39 - 2015-07-15 22:39 - 00037624 _____ C:\windows\system32\Drivers\TrueSight.sys
    2015-07-15 22:39 - 2015-07-15 22:39 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-07-15 21:52 - 2015-07-15 21:39 - 02248704 _____ C:\Users\Mike\Desktop\AdwCleaner.exe
    2015-07-15 21:49 - 2015-07-15 21:49 - 21971528 _____ C:\Users\Mike\Downloads\RogueKillerX64 (1).exe
    2015-07-15 21:49 - 2015-07-15 21:49 - 02133504 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
    2015-07-15 21:49 - 2015-07-15 21:49 - 02133504 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
    2015-07-15 21:49 - 2015-07-15 21:47 - 21971528 _____ C:\Users\Mike\Desktop\RogueKillerX64.exe
    2015-07-15 21:46 - 2015-07-15 21:47 - 21971528 _____ C:\Users\Mike\Downloads\RogueKillerX64.exe
    2015-07-15 21:40 - 2015-07-15 22:26 - 00000000 ____D C:\AdwCleaner
    2015-07-15 21:39 - 2015-07-15 21:39 - 02248704 _____ C:\Users\Mike\Downloads\AdwCleaner.exe
    2015-07-15 21:02 - 2015-07-15 21:02 - 00000000 ____D C:\Users\Mike\Tracing
    2015-07-14 23:30 - 2015-07-14 23:30 - 00000000 ____D C:\Users\Mike\AppData\Local\GWX
    2015-07-14 23:01 - 2015-07-15 23:29 - 00000392 _____ C:\windows\setupact.log
    2015-07-14 23:01 - 2015-07-14 23:01 - 00000000 _____ C:\windows\setuperr.log
    2015-07-14 23:00 - 2015-07-15 18:10 - 00002292 _____ C:\windows\PFRO.log
    2015-07-14 22:54 - 2015-07-14 22:54 - 00000000 ____D C:\8b8ded3a1a3e523571005907
    2015-07-14 22:22 - 2015-07-14 22:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mike\Downloads\spybot-2.4 (1).exe
    2015-07-14 22:21 - 2015-07-14 22:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mike\Downloads\spybot-2.4.exe
    2015-07-14 19:32 - 2015-07-14 19:33 - 22437104 _____ (SUPERAntiSpyware) C:\Users\Mike\Downloads\SUPERAntiSpyware.exe
    2015-07-14 19:03 - 2015-07-14 19:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-07-14 19:03 - 2015-07-14 19:03 - 00000000 ____D C:\Users\Mike\AppData\Local\Dropbox
    2015-07-14 19:03 - 2015-07-14 19:03 - 00000000 ____D C:\ProgramData\Dropbox

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-15 23:48 - 2013-09-10 20:05 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41184670-3636737264-1091244728-1003UA.job
    2015-07-15 23:41 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-15 23:41 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-15 23:36 - 2013-03-29 00:19 - 01473782 _____ C:\windows\WindowsUpdate.log
    2015-07-15 23:35 - 2015-03-29 21:16 - 00000000 ___RD C:\Users\Mike\Dropbox
    2015-07-15 23:35 - 2014-01-06 01:21 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox
    2015-07-15 23:31 - 2013-03-29 00:47 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-07-15 23:29 - 2013-04-24 17:14 - 00000266 _____ C:\windows\Tasks\AutoKMS.job
    2015-07-15 23:29 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-07-15 22:56 - 2013-03-29 00:47 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-15 22:54 - 2013-05-21 18:20 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-07-15 22:11 - 2013-04-16 21:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype
    2015-07-15 21:51 - 2013-03-29 00:47 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-07-15 21:51 - 2013-03-29 00:47 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-07-15 21:32 - 2014-01-05 18:52 - 00000000 ____D C:\Users\Mike\Desktop\temp
    2015-07-15 21:02 - 2013-04-15 19:51 - 00000000 ____D C:\Users\Mike
    2015-07-15 21:01 - 2014-09-23 21:51 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-07-15 21:01 - 2013-04-16 21:01 - 00000000 ____D C:\ProgramData\Skype
    2015-07-15 20:16 - 2013-11-14 18:42 - 00000000 ____D C:\ProgramData\Symantec
    2015-07-15 19:37 - 2013-06-06 16:57 - 00000000 ____D C:\Users\Mike\Desktop\Assimil Spanish With Ease
    2015-07-15 19:17 - 2009-07-13 23:45 - 00419112 _____ C:\windows\system32\FNTCACHE.DAT
    2015-07-15 18:49 - 2013-06-05 23:29 - 00000000 ____D C:\ProgramData\Rosetta Stone
    2015-07-15 18:47 - 2014-01-05 22:18 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HandBrake
    2015-07-15 17:43 - 2014-01-13 00:39 - 00000000 ____D C:\Users\Mike\Desktop\New folder (2)
    2015-07-15 17:22 - 2009-07-14 00:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
    2015-07-15 08:32 - 2014-01-06 01:24 - 00000000 ___RD C:\Users\Mike\Dropbox (Old)
    2015-07-14 23:50 - 2014-03-20 23:34 - 00000000 ____D C:\Users\Mike\AppData\Local\Windows Live
    2015-07-14 23:02 - 2014-10-07 16:32 - 00000000 ____D C:\Users\Administrator
    2015-07-14 22:59 - 2009-07-13 22:20 - 00000000 ____D C:\windows\Help
    2015-07-14 22:54 - 2013-08-15 00:14 - 00000000 ____D C:\windows\system32\MRT
    2015-07-14 22:34 - 2014-01-17 00:09 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc
    2015-07-14 21:06 - 2013-05-21 18:20 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-07-14 21:06 - 2013-05-21 18:20 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-07-14 21:06 - 2013-05-21 18:20 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-07-14 19:11 - 2014-06-30 22:33 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-14 19:11 - 2013-05-21 18:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-07-14 19:00 - 2015-01-01 11:51 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2015-07-03 08:43 - 2013-03-30 08:42 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2013-04-16 21:29 - 2015-01-21 20:54 - 0006144 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    Some files in TEMP:
    ====================
    C:\Users\Mike\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjsk14e.dll
    C:\Users\Mike\AppData\Local\Temp\Quarantine.exe
    C:\Users\Mike\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Mike\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-15 09:52

    ==================== End of log ============================

    And the Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
    Ran by Mike at 2015-07-15 23:50:32
    Running from C:\Users\Mike\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-41184670-3636737264-1091244728-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-41184670-3636737264-1091244728-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-41184670-3636737264-1091244728-1002 - Limited - Enabled)
    Mike (S-1-5-21-41184670-3636737264-1091244728-1003 - Administrator - Enabled) => C:\Users\Mike

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ******** (HKU\S-1-5-21-41184670-3636737264-1091244728-1003\...\uTorrent) (Version: 3.4.2.38656 - ********** Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
    Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
    Anki (HKLM-x32\...\Anki) (Version: - )
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{5BFBC3C9-A4F2-E7F9-E8B2-1495D3928068}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Camtasia Studio 8 (HKLM-x32\...\{A7727F03-5311-4A12-9A63-2ACD20BA0497}) (Version: 8.2.1.1423 - TechSmith Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
    CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
    Dropbox (HKU\S-1-5-21-41184670-3636737264-1091244728-1003\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
    Handbrake 5953 Nightly (HKLM-x32\...\Handbrake) (Version: 5953 Nightly - )
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kodi (HKU\S-1-5-21-41184670-3636737264-1091244728-1003\...\Kodi) (Version: - XBMC-Foundation)
    Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    LINE (HKLM-x32\...\LINE) (Version: 3.6.0.32 - LINE Corporation)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
    Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power ISO (HKLM-x32\...\Power ISO 4.9) (Version: 4.9 - Power ISO )
    PowerISO (HKLM-x32\...\PowerISO) (Version: - )
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6289 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
    Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
    Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
    Tango (HKU\S-1-5-21-41184670-3636737264-1091244728-1003\...\Tango) (Version: 1.6.14117 - TangoMe, Inc.)
    TechSmith Screen Codec 2 (x32 Version: 1.0.6.0 - TechSmith Corporation) Hidden
    Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM\...\{6FF9A012-0254-41E9-81E2-F538C4B53611}) (Version: 1.3.2.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0012 - TOSHIBA)
    TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.7.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.18.64 - TOSHIBA Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0007 - TOSHIBA)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.10.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.21 - TOSHIBA Corporation)
    TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
    Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41184670-3636737264-1091244728-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    14-07-2015 22:53:01 Windows Update
    15-07-2015 18:20:06 Removed Rosetta Stone Version 3
    15-07-2015 19:23:26 Removed Helium

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-01-07 22:53 - 00000866 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 activation.cloud.techsmith.com

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1122B766-083C-4449-8C71-1D89E91F221F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
    Task: {3E5921C5-0EC9-4175-9748-DF229676C45E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {53C1AB13-E1DB-4735-BEB1-BED88A811740} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {64CC680D-6711-4756-9595-AF0BA5C75A91} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe
    Task: {745DD22C-CDDF-4441-B9DB-2C222D5772D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {814B819A-F393-43D1-AD3A-6DB08BF377BC} - System32\Tasks\{F256E64C-EB18-4781-9027-6087CC24E0FA} => pcalua.exe -a C:\Users\Mike\Downloads\QuickTimeInstaller.exe -d C:\Users\Mike\Downloads
    Task: {83BA3EED-4CFA-45D9-B169-B2229C6A8BED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
    Task: {8D278B62-05C7-4349-A144-015FD32B3C57} - System32\Tasks\{5E5B64C0-F9F9-4C5A-A671-A31AF51DE881} => Iexplore.exe http://ui.skype.com/ui/0/6.21.59.104/en/abandoninstall?page=tsBing
    Task: {94F593F2-527D-4F48-A127-91F267C31B0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-41184670-3636737264-1091244728-1003UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
    Task: {A67677DF-60B0-40B6-93CE-A4AFCF6CBB05} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
    Task: {C1608DDE-A739-4716-8C40-DC382BEC751F} - System32\Tasks\{403AFB21-D6A8-41AF-9B06-24CED29915BD} => pcalua.exe -a "C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\service_installer.exe" -d "C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3"
    Task: {E7462143-2AEE-4F70-83AC-0C03C29AC8C4} - System32\Tasks\{01D97629-3997-40A3-B0BE-CFB98A53136E} => pcalua.exe -a "C:\Program Files (x86)\WinAce\SXUNINST.EXE" -c "C:\Program Files (x86)\WinAce\SXUNINST.INI"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41184670-3636737264-1091244728-1003UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-03-29 00:25 - 2010-09-09 19:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
    2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
    2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
    2011-04-20 18:11 - 2011-04-20 18:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-03-22 12:17 - 2011-03-22 12:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-12-08 17:42 - 2010-12-08 17:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2015-07-14 21:42 - 2015-07-13 16:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
    2015-07-14 21:42 - 2015-07-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
    2015-07-15 23:34 - 2015-07-15 23:34 - 00043008 _____ () c:\users\mike\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjsk14e.dll
    2015-07-14 19:02 - 2015-03-19 02:15 - 00750080 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-07-14 19:02 - 2015-03-19 02:15 - 00047616 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-07-14 19:02 - 2015-03-19 02:15 - 00865280 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-07-14 19:02 - 2015-03-19 02:15 - 00200704 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2015-07-14 19:02 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
    2015-07-14 19:02 - 2015-03-19 02:15 - 00726016 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-07-14 19:02 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
    2015-07-14 21:42 - 2015-07-13 16:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
    AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-41184670-3636737264-1091244728-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{09220F83-4B19-4A2D-B903-90DA944A01CF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{B0719328-B4A8-4004-B8F7-20CD0508E5D1}] => (Allow) LPort=2869
    FirewallRules: [{8DFD88F8-ED74-450F-984F-B622BF177A93}] => (Allow) LPort=1900
    FirewallRules: [{60708C73-3AE5-4F13-A315-9851B78E50DE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{9171A43D-7C25-48F1-B79A-8418DC029904}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{D2D1192F-8016-4798-99D0-8B0077949817}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{0E7BCCAA-C151-405D-A06F-D39E6E811D3A}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
    FirewallRules: [{051E9E36-6678-48D5-83E1-993EFDD36710}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
    FirewallRules: [{431680EF-EA9F-4EFB-834F-68CC6BA6894A}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
    FirewallRules: [{D9E2492B-E906-4D4B-8D90-035DAC2452A6}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
    FirewallRules: [{7821EC36-A6BF-4DDC-B0AC-6DB07C20C5A8}] => (Allow) C:\Users\Mike\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{65867C1C-7261-42DF-BC21-09F51D7CE984}] => (Allow) C:\Users\Mike\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{4D199DC1-F447-4E10-A89D-8DD1C9FB1C68}C:\users\mike\downloads\utorrent.exe] => (Allow) C:\users\mike\downloads\utorrent.exe
    FirewallRules: [UDP Query User{7909C349-7E1A-4D0D-AE8A-32805F28A6E8}C:\users\mike\downloads\utorrent.exe] => (Allow) C:\users\mike\downloads\utorrent.exe
    FirewallRules: [TCP Query User{15D92AA7-01C4-4B75-9777-4DC3113373DB}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Block) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
    FirewallRules: [UDP Query User{E53406E6-848A-4B3E-A114-29F37B462635}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Block) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
    FirewallRules: [{9BF7B9BD-6FCF-4C1D-A4FF-389E74319F15}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
    FirewallRules: [{8902A0C2-9E13-426D-AF1F-7166BBE42BF0}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
    FirewallRules: [{18BB2A1A-2156-41AA-A104-D7141FC8B1D2}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
    FirewallRules: [{054C554C-AD1F-4B67-B34E-85EDDC45A43D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
    FirewallRules: [{25DB97EE-FEAD-432D-B171-FD4B55128D5C}] => (Allow) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{20ACCA5B-0DFF-482D-BBCC-80B5A7056FA3}] => (Allow) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{D83567D3-6B67-40DD-9FFF-792D2B58C013}] => (Allow) LPort=8317
    FirewallRules: [{A99CEF63-F06A-4436-BB93-881EC447DBB8}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{7F75640B-16CD-4EA2-8DE1-EF3D2B5C36D2}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{4315D957-9B23-4920-8C22-1C3211C4DD4C}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
    FirewallRules: [{7EE96807-8BBB-419A-8840-E581EF98D588}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
    FirewallRules: [{51F68DB3-E7FA-4CF1-88F2-B20CA8AB695A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{93936BFA-01BC-4E8F-ABBF-302E823BE126}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/15/2015 11:33:41 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (07/15/2015 11:31:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/15/2015 10:34:14 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (07/15/2015 10:31:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/15/2015 09:50:09 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
    Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Mike\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

    Error: (07/15/2015 07:49:59 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (07/15/2015 07:47:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/15/2015 07:23:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:
    The system cannot find the file specified.
    .

    Error: (07/15/2015 07:20:49 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (07/15/2015 07:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (07/15/2015 11:35:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (07/15/2015 11:29:06 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:25:57 PM on ‎7/‎15/‎2015 was unexpected.

    Error: (07/15/2015 10:32:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Symantec Management Client service failed to start due to the following error:
    %%1053

    Error: (07/15/2015 10:32:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Symantec Management Client service to connect.

    Error: (07/15/2015 10:32:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Symantec Management Client service failed to start due to the following error:
    %%1053

    Error: (07/15/2015 10:32:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Symantec Management Client service to connect.

    Error: (07/15/2015 10:31:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%1053

    Error: (07/15/2015 10:31:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

    Error: (07/15/2015 10:31:53 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (07/15/2015 10:31:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
    %%1053


    Microsoft Office:
    =========================
    Error: (07/15/2015 11:33:41 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (07/15/2015 11:31:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/15/2015 10:34:14 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (07/15/2015 10:31:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/15/2015 09:50:09 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
    Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Mike\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

    Error: (07/15/2015 07:49:59 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (07/15/2015 07:47:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/15/2015 07:23:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:
    The system cannot find the file specified.

    Error: (07/15/2015 07:20:49 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (07/15/2015 07:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 55%
    Total physical RAM: 3562.12 MB
    Available physical RAM: 1569.61 MB
    Total Virtual: 7122.45 MB
    Available Virtual: 4694.66 MB

    ==================== Drives ================================

    Drive c: (TI106164W0D) (Fixed) (Total:450.96 GB) (Free:257.97 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: E6E6F40B)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.3 GB) - (Type=17)

    ==================== End of log ============================

    This looks like a lot of stuff! Let me know what to do. Do you think maybe my hard drive is failing or I am missing some files?
    Thanks

    Mike
     
Loading...

Share This Page