Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.AdClicker and Trojan.Poweliks!gm keep attempting access at start-up


  • This topic is locked This topic is locked
10 replies to this topic

#1 Jphil8774

Jphil8774

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 12 October 2014 - 02:10 PM

The above keep attacking my laptop.  The laptop also will not connect to the internet after windows updates.  I receive proxy errors and must reset the laptop settings to an earlier date.  There is also an issue not being able to access google sites. 

 

I hope I followed the directions correctly.

 

Thank you for your assistance.

 

Jon

 

Attached File  dds.txt   23.68KB   0 downloadsDDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Fishbeer at 14:33:20 on 2014-10-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.1549 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Search Extensions\Client.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\taskeng.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\syswow64\dllhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/?cid=c001b2y
uSearch Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQBXGixp7StYWCwmSrLmLQ6iO2wdNtoG2pCV0MXccGRPbyA6Xa1FN1inBdNGYppQDVNbfb4d0SjXkHrx2tNu-vxpOOWxIn4oCcoigUMyWxsjndBg6pofIPo-I_1gaFq5tZLzyeFHl_PImsVPIK6UeLo9FUI7g,,&q={searchTerms}
uSearch Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQBXGixp7StYWCwmSrLmLQ6iO2wdNtoG2pCV0MXccGRPbyA6Xa1FN1inBdNGYppQDVNbfb4d0SjXkHrx2tNu-vxpOOWxIn4oCcoigUMyWxsjndBg6pofIPo-I_1gaFq5tZLzyeFHl_PImsVPIK6UeLo9FUI7g,,&q={searchTerms}
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uDefault_Search_URL = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:49261;https=127.0.0.1:49261
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQBXGixp7StYWCwmSrLmLQ6iO2wdNtoG2pCV0MXccGRPbyA6Xa1FN1inBdNGYppQDVNbfb4d0SjXkHrx2tNu-vxpOOWxIn4oCcoigUMyWxsjndBg6pofIPo-I_1gaFq5tZLzyeFHl_PImsVPIK6UeLo9FUI7g,,&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - <orphaned>
BHO: {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Fishbeer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [iLivid] "C:\Users\Fishbeer\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [biceeysv] C:\Users\Fishbeer\AppData\Local\Temp\1e90\AppData\Local\Microsoft\biceeysv.exe
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{44FE70F5-EB7E-4C77-B44C-9E0600B29C84} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{44FE70F5-EB7E-4C77-B44C-9E0600B29C84}\1427361646961602055726C69636 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{44FE70F5-EB7E-4C77-B44C-9E0600B29C84}\2516D616461602451313 : DHCPNameServer = 10.10.10.1
TCP: Interfaces\{44FE70F5-EB7E-4C77-B44C-9E0600B29C84}\2516D6164616024583 : DHCPNameServer = 10.10.10.1
TCP: Interfaces\{44FE70F5-EB7E-4C77-B44C-9E0600B29C84}\8416C6F62457277656270275962756C6563737 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{44FE70F5-EB7E-4C77-B44C-9E0600B29C84}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{44FE70F5-EB7E-4C77-B44C-9E0600B29C84}\A6078696C683737343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{48D878E9-2F2B-4390-808F-0E44AF2E1679} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= ,C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fishbeer\AppData\Roaming\Mozilla\Firefox\Profiles\ua8msrc0.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Fishbeer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1505000.013\symds64.sys [2014-8-13 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1505000.013\symefa64.sys [2014-8-13 1148120]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 AntiLog32;AntiLog32;C:\windows\System32\drivers\AntiLog64.sys [2013-11-24 49752]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [2014-9-12 1586904]
R1 ccSet_N360;N360 Settings Manager;C:\windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys [2014-8-13 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141002.001_415\IDSviA64.sys [2014-10-2 633560]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1505000.013\ironx64.sys [2014-8-13 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1505000.013\symnets.sys [2014-8-13 593112]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-18 87368]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2014-6-25 41024]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe [2014-8-13 265040]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-21 2656280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-10 142640]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-5-21 38096]
R3 pneteth;PdaNet Broadband;C:\windows\System32\drivers\pneteth.sys [2011-6-29 15360]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-5-21 1109096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-21 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe --> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-4-15 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-5-21 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-5-21 307304]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-4-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-4-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-28 18:27:23 -------- d-----w- C:\Program Files (x86)\Search Extensions
2014-09-26 22:58:25 -------- d-----w- C:\Users\Fishbeer\AppData\Local\{2D240777-F9CA-4524-BE98-3FFC9F4226E4}
2014-09-26 03:17:32 188304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-09-26 03:17:32 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2014-09-26 03:17:32 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2014-09-26 03:17:32 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-09-26 03:17:32 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-09-26 03:17:32 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-09-26 03:17:32 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-09-26 03:17:32 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-09-26 03:17:31 47216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-09-26 03:17:31 3231696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-24 02:09:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-24 02:09:02 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-13 01:32:45 2777088 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2014-09-13 01:32:45 2285056 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
.
==================== Find3M  ====================
.
2014-09-05 02:10:43 578048 ----a-w- C:\windows\System32\aepdu.dll
2014-09-05 02:05:42 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\windows\SysWow64\wininet.dll
2014-08-01 11:53:22 1031168 ----a-w- C:\windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
2014-07-25 06:35:46 875688 ----a-w- C:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\windows\System32\msvcr120_clr0400.dll
2014-07-23 05:13:11 593112 ----a-w- C:\windows\System32\drivers\N360x64\1505000.013\symnets.sys
2014-07-23 05:13:10 1148120 ----a-w- C:\windows\System32\drivers\N360x64\1505000.013\symefa64.sys
2014-07-23 04:50:26 875736 ----a-w- C:\windows\System32\drivers\N360x64\1505000.013\srtsp64.sys
2014-06-24 01:27:22 6010880 ----a-w- C:\Program Files (x86)\GUT88A1.tmp
2013-10-10 00:58:46 50053120 ----a-w- C:\Program Files (x86)\GUT916E.tmp
.
============= FINISH: 14:39:58.28 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:02 PM

Posted 13 October 2014 - 02:37 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#3 Jphil8774

Jphil8774
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 14 October 2014 - 11:32 PM

Here are the requested logs - Thank you

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Fishbeer (administrator) on FISHBEER-PC on 13-10-2014 18:58:57
Running from C:\Users\Fishbeer\Downloads
Loaded Profile: Fishbeer (Available profiles: Fishbeer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [ComcastAntispyClient] => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Fishbeer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-11-08] (Gemalto N.V.)
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [iLivid] => "C:\Users\Fishbeer\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [biceeysv] => C:\Users\Fishbeer\AppData\Local\Temp\1e90\AppData\Local\Microsoft\biceeysv.exe <===== ATTENTION
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\MountPoints2: {4361e496-4a43-11e3-b1a2-e89a8f3d4fdd} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs-x32: ,C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll [138048 2013-12-15] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Fishbeer at 2014-10-13 19:00:33
Running from C:\Users\Fishbeer\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with Rockettab (HKLM-x32\...\RocketTab) (Version:  - BrowserSafeguard with Rockettab) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.425.1 - Comcast)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
Final Media Player 2011 (HKLM-x32\...\FinalMediaPlayer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 29.0.1547.66 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Michigan 2012 (HKLM-x32\...\{90B44A11-7B9B-4866-9587-C8693CB4C7AB}) (Version: 1.12.5501 - HRB Technology, LLC.)
H&R Block Michigan 2013 (HKLM-x32\...\{F46C910F-0113-4D51-8268-A89E14C5D18B}) (Version: 1.13.5901 - HRB Technology, LLC.)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HRBlockDirect version 1.1.2.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.0.52.0 - HTC)
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
InstallIQ Updater (HKLM-x32\...\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}) (Version: 1.4.3.0 - W3i, LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lime PRO 3.0.1.0 (HKLM-x32\...\{D76918D7-995F-41F3-AEF0-30E8260052C2}_is1) (Version: 3.0.1.0 - Lime PRO)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office XP Small Business (HKLM-x32\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
PdaNet for Android 3.00 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA Hardware Setup (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Supervisor Password (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1466305756-587938971-1798298321-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

02-10-2014 01:49:57 Windows Update
02-10-2014 02:07:31 Restore Operation
02-10-2014 07:00:18 Windows Update
03-10-2014 00:58:30 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {030E166F-E0E0-41DC-A5B7-4C7F5D3CE463} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {06AE4FA6-A117-4607-901C-6E3A64D81E9E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1466305756-587938971-1798298321-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3281BD61-2842-4CD6-8B5F-9BC1CFFD6EFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21] (Google Inc.)
Task: {3BAC9084-389D-4441-A791-9D68C011850A} - \DSite No Task File <==== ATTENTION
Task: {3FE70219-7D2B-470F-BEB0-52FB55D090CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21] (Google Inc.)
Task: {41372D34-5F07-404F-8852-01EC0C09967B} - System32\Tasks\RocketTab => C:\windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {4B6F8C13-10E4-4AB7-8CB6-3B3C45E1BF3C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1466305756-587938971-1798298321-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8B113330-D610-4BFC-936B-14AE4F09C5F4} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-10-02] () <==== ATTENTION
Task: {923D2313-7CF9-4D88-ADC3-4D3B48894BDF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000Core => C:\Users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {A2D82171-C63A-4CB5-B4AE-1A6ADCD996F1} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {A4D82449-5B8F-4A56-B1E3-0F4CDC4C443E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000UA => C:\Users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BA55E2DF-1261-44DE-9124-582546929872} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C07D8A95-7582-4176-B302-8A4004ED4A01} - \FindLyrics Update No Task File <==== ATTENTION
Task: {E0D42D34-E55B-4F9B-B4A5-11152557F24E} - System32\Tasks\Final Media Player Update Checker => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-11] (Bitberry Software)
Task: {E8DF9F50-1A9A-40CA-86F0-9681F0B4DF6D} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EE56AE8B-E83E-4BEE-ACBF-380FA34E0548} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000Core.job => C:\Users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000UA.job => C:\Users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\Final Media Player Update Checker.job => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-05 20:24 - 2012-04-26 15:51 - 00040448 _____ () C:\windows\System32\pdf995mon64.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-03-24 11:32 - 2014-03-24 11:32 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-10-02 02:33 - 2014-10-02 02:33 - 01424104 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2011-04-04 22:18 - 2011-04-04 22:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 18:19 - 2010-12-15 18:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2010-12-08 18:42 - 2010-12-08 18:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 11:31 - 2014-03-24 11:31 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-24 11:34 - 2014-03-24 11:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-03-24 11:36 - 2014-03-24 11:36 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-06-25 20:58 - 2014-04-28 16:32 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2013-12-15 09:12 - 2013-12-15 09:12 - 00138048 _____ () C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D346F792

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1466305756-587938971-1798298321-500 - Administrator - Disabled)
Fishbeer (S-1-5-21-1466305756-587938971-1798298321-1000 - Administrator - Enabled) => C:\Users\Fishbeer
Guest (S-1-5-21-1466305756-587938971-1798298321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1466305756-587938971-1798298321-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2014 11:01:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 01:45:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8658

Error: (10/13/2014 01:45:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8658

Error: (10/13/2014 01:45:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/13/2014 01:45:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7488

Error: (10/13/2014 01:45:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7488

Error: (10/13/2014 01:45:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/13/2014 01:45:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6474

Error: (10/13/2014 01:45:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6474

Error: (10/13/2014 01:45:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (10/13/2014 11:01:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:59:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Comcast AntiSpyware service failed to start due to the following error:
%%2

Error: (10/13/2014 07:45:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (10/12/2014 02:15:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/12/2014 02:13:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Comcast AntiSpyware service failed to start due to the following error:
%%2

Error: (10/12/2014 10:23:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/09/2014 08:34:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/07/2014 08:52:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/05/2014 01:16:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/03/2014 05:22:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (10/13/2014 11:01:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 01:45:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8658

Error: (10/13/2014 01:45:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8658

Error: (10/13/2014 01:45:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/13/2014 01:45:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7488

Error: (10/13/2014 01:45:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7488

Error: (10/13/2014 01:45:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/13/2014 01:45:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6474

Error: (10/13/2014 01:45:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6474

Error: (10/13/2014 01:45:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 62%
Total physical RAM: 4043.86 MB
Available physical RAM: 1529.77 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 4467.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106139W0E) (Fixed) (Total:282.9 GB) (Free:41.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Sr Soccer Pix) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 4E59E2AF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End Of Log ============================



#4 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:02 PM

Posted 15 October 2014 - 02:03 AM

Hi :)

 

The FRST logfile is incomplete. Double check if this is all that was created in notepad. If so, please re-run the scan and post a fresh one.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#5 Jphil8774

Jphil8774
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 15 October 2014 - 01:54 PM

I re-ran the program - Thank you

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 01
Ran by Fishbeer (administrator) on FISHBEER-PC on 15-10-2014 14:47:14
Running from C:\Users\Fishbeer\Desktop
Loaded Profile: Fishbeer (Available profiles: Fishbeer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [ComcastAntispyClient] => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Fishbeer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-11-08] (Gemalto N.V.)
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [iLivid] => "C:\Users\Fishbeer\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\Run: [biceeysv] => C:\Users\Fishbeer\AppData\Local\Temp\1e90\AppData\Local\Microsoft\biceeysv.exe <===== ATTENTION
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2014-01-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...\MountPoints2: {4361e496-4a43-11e3-b1a2-e89a8f3d4fdd} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1466305756-587938971-1798298321-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs-x32: ,C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll [138048 2013-12-15] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49191;https=127.0.0.1:49191
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQBXGixp7StYWCwmSrLmLQ6iO2wdNtoG2pCV0MXccGRPbyA6Xa1FN1inBdNGYppQDVNbfb4d0SjXkHrx2tNu-vxpOOWxIn4oCcoigUMyWxsjndBg6pofIPo-I_1gaFq5tZLzyeFHl_PImsVPIK6UeLo9FUI7g,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=c001b2y
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQBXGixp7StYWCwmSrLmLQ6iO2wdNtoG2pCV0MXccGRPbyA6Xa1FN1inBdNGYppQDVNbfb4d0SjXkHrx2tNu-vxpOOWxIn4oCcoigUMyWxsjndBg6pofIPo-I_1gaFq5tZLzyeFHl_PImsVPIK6UeLo9FUI7g,,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN24369572136035860&UM=2&UP=SPBBF94A5A-0A12-4822-8553-E0C76E074F15&SSPV=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQBXGixp7StYWCwmSrLmLQ6iO2wdNtoG2pCV0MXccGRPbyA6Xa1FN1inBdNGYppQDVNbfb4d0SjXkHrx2tNu-vxpOOWxIn4oCcoigUMyWxsjndBg6pofIPo-I_1gaFq5tZLzyeFHl_PImsVPIK6UeLo9FUI7g,,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN24369572136035860&UM=2&UP=SPBBF94A5A-0A12-4822-8553-E0C76E074F15&SSPV=
SearchScopes: HKCU - {41D683B0-3877-4AD0-B696-CD52B0B5D51E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN24369572136035860&UM=2&UP=SPBBF94A5A-0A12-4822-8553-E0C76E074F15&SSPV=
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111116&iesrc={referrer:source}
SearchScopes: HKCU - {87F35FE1-BD33-4587-87BD-299F2C133038} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=420&systemid=406&v=n11551-273&apn_uid=6236814902824350&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-offrhap
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} ->  No File
BHO-x32: No Name -> {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll (WhiteSky)
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Fishbeer\AppData\Roaming\Mozilla\Firefox\Profiles\ua8msrc0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Fishbeer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-13]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Fishbeer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Fishbeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\Fishbeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-13]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AntiLog32; C:\windows\system32\drivers\AntiLog64.sys [49752 2014-05-18] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141010.001\IDSvia64.sys [633560 2014-09-30] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141012.001\ENG64.SYS [129752 2014-10-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141012.001\EX64.SYS [2137304 2014-10-02] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 14:47 - 2014-10-15 14:47 - 00029590 _____ () C:\Users\Fishbeer\Desktop\FRST.txt
2014-10-15 14:45 - 2014-10-15 14:45 - 02110976 _____ (Farbar) C:\Users\Fishbeer\Desktop\FRST64.exe
2014-10-13 19:38 - 2014-10-13 19:38 - 02110464 _____ (Farbar) C:\Users\Fishbeer\Downloads\FRST64 (1).exe
2014-10-13 19:00 - 2014-10-13 19:01 - 00032002 _____ () C:\Users\Fishbeer\Downloads\Addition.txt
2014-10-13 18:58 - 2014-10-15 14:47 - 00000000 ____D () C:\FRST
2014-10-13 18:58 - 2014-10-13 19:01 - 00037670 _____ () C:\Users\Fishbeer\Downloads\FRST.txt
2014-10-13 18:57 - 2014-10-13 18:57 - 02110464 _____ (Farbar) C:\Users\Fishbeer\Downloads\FRST64.exe
2014-10-12 14:42 - 2014-10-12 14:42 - 00688992 _____ (Swearware) C:\Users\Fishbeer\Downloads\dds (1).com
2014-10-12 14:40 - 2014-10-12 14:41 - 00024251 _____ () C:\Users\Fishbeer\Desktop\dds.txt
2014-10-12 14:32 - 2014-10-12 14:33 - 00688992 ____R (Swearware) C:\Users\Fishbeer\Downloads\dds.com
2014-10-03 17:24 - 2014-10-03 17:24 - 00244136 _____ () C:\Users\Fishbeer\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-02 02:34 - 2014-10-02 02:34 - 00004336 _____ () C:\windows\System32\Tasks\RocketTab Update Task
2014-09-30 20:42 - 2014-10-02 02:34 - 00003552 _____ () C:\windows\System32\Tasks\RocketTab
2014-09-28 14:27 - 2014-10-12 22:02 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-26 18:58 - 2014-09-26 18:58 - 00000000 ____D () C:\Users\Fishbeer\AppData\Local\{2D240777-F9CA-4524-BE98-3FFC9F4226E4}
2014-09-25 23:17 - 2014-10-03 17:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 22:36 - 2014-09-25 22:36 - 07195453 _____ () C:\Users\Fishbeer\Downloads\Lacroix.zip
2014-09-25 22:36 - 2014-09-25 22:36 - 05246184 _____ () C:\Users\Fishbeer\Downloads\Adam (1).zip
2014-09-25 22:36 - 2014-09-25 22:36 - 01436756 _____ () C:\Users\Fishbeer\Downloads\Elsworth.zip
2014-09-25 22:35 - 2014-09-25 22:36 - 03280774 _____ () C:\Users\Fishbeer\Downloads\Rob.zip
2014-09-25 22:35 - 2014-09-25 22:35 - 03143286 _____ () C:\Users\Fishbeer\Downloads\Szombati.zip
2014-09-25 22:34 - 2014-09-25 22:34 - 00499755 _____ () C:\Users\Fishbeer\Downloads\Adam and Szombati (1).zip
2014-09-25 22:33 - 2014-09-25 22:33 - 00488007 _____ () C:\Users\Fishbeer\Downloads\Szombati and Rob (1).zip
2014-09-25 20:56 - 2014-09-25 20:56 - 04029990 _____ () C:\Users\Fishbeer\Desktop\2014 soccer seniors.pptm
2014-09-25 20:55 - 2014-09-25 20:55 - 04896768 _____ () C:\Users\Fishbeer\Desktop\2014 soccer seniors.ppt
2014-09-25 20:55 - 2014-09-25 20:55 - 04031984 _____ () C:\Users\Fishbeer\Downloads\2014 soccer seniors.pptx
2014-09-25 20:54 - 2014-09-25 20:54 - 00499755 _____ () C:\Users\Fishbeer\Downloads\Adam and Szombati.zip
2014-09-25 20:54 - 2014-09-25 20:54 - 00488007 _____ () C:\Users\Fishbeer\Downloads\Szombati and Rob.zip
2014-09-25 20:53 - 2014-09-25 20:53 - 05246184 _____ () C:\Users\Fishbeer\Downloads\Adam.zip
2014-09-23 22:09 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-23 22:09 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 14:44 - 2011-12-25 17:26 - 00000000 ____D () C:\Users\Fishbeer\AppData\Roaming\ID Vault
2014-10-15 14:39 - 2012-02-12 14:10 - 00000918 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000Core.job
2014-10-15 14:34 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-15 14:32 - 2011-05-21 03:46 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 14:32 - 2011-05-21 03:20 - 01987880 _____ () C:\windows\WindowsUpdate.log
2014-10-15 14:31 - 2012-02-12 14:10 - 00000940 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000UA.job
2014-10-14 23:35 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 23:35 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 23:19 - 2011-08-21 21:17 - 00000416 _____ () C:\windows\Tasks\Final Media Player Update Checker.job
2014-10-14 23:19 - 2011-05-21 03:46 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 11:01 - 2014-05-04 23:23 - 00000000 ____D () C:\Users\Fishbeer\AppData\Local\HTC MediaHub
2014-10-13 10:59 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-13 10:59 - 2009-07-14 00:51 - 00145673 _____ () C:\windows\setupact.log
2014-10-12 22:02 - 2011-12-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-10-12 14:13 - 2010-11-20 23:47 - 02677920 _____ () C:\windows\PFRO.log
2014-10-12 14:12 - 2014-08-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 17:25 - 2014-08-10 20:31 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-03 00:59 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-10-02 22:25 - 2013-10-09 20:58 - 00000000 ____D () C:\Program Files (x86)\GUM916D.tmp
2014-10-02 22:09 - 2011-06-26 11:53 - 00000000 ____D () C:\Users\Fishbeer
2014-10-02 22:06 - 2011-08-21 21:17 - 00000000 ____D () C:\Users\Fishbeer\AppData\Roaming\FinalMediaPlayer
2014-10-02 22:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\AppCompat
2014-10-02 21:55 - 2014-05-05 20:24 - 00000000 ____D () C:\ProgramData\pdf995
2014-10-02 21:55 - 2014-01-03 16:36 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-02 21:55 - 2011-05-21 03:43 - 00000000 ____D () C:\ProgramData\Norton
2014-10-02 21:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-10-02 01:55 - 2012-01-28 16:30 - 00000000 ____D () C:\Users\Fishbeer\AppData\Local\CrashDumps
2014-10-01 22:21 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\servicing
2014-09-26 18:58 - 2011-08-24 21:23 - 00000000 ____D () C:\Users\Fishbeer\AppData\Local\Windows Live
2014-09-25 20:40 - 2012-04-28 10:07 - 00108040 _____ () C:\Users\Fishbeer\AppData\Roaming\GDIPFONTCACHEV1.DAT
2014-09-23 23:26 - 2014-08-20 22:59 - 01037312 _____ () C:\Users\Fishbeer\Desktop\RGFFL2014.xls
2014-09-20 23:39 - 2014-01-15 07:14 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-20 23:39 - 2011-03-23 22:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Some content of TEMP:
====================
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite15823.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite17201.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite24875.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite26784.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite32158.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite34920.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite46820.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite63848.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite75976.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite76341.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite85639.dll
C:\Users\Fishbeer\AppData\Local\Temp\System.Data.SQLite96349.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-13 23:01

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 01
Ran by Fishbeer at 2014-10-15 14:48:18
Running from C:\Users\Fishbeer\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with Rockettab (HKLM-x32\...\RocketTab) (Version:  - BrowserSafeguard with Rockettab) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.425.1 - Comcast)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
Final Media Player 2011 (HKLM-x32\...\FinalMediaPlayer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 29.0.1547.66 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Michigan 2012 (HKLM-x32\...\{90B44A11-7B9B-4866-9587-C8693CB4C7AB}) (Version: 1.12.5501 - HRB Technology, LLC.)
H&R Block Michigan 2013 (HKLM-x32\...\{F46C910F-0113-4D51-8268-A89E14C5D18B}) (Version: 1.13.5901 - HRB Technology, LLC.)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HRBlockDirect version 1.1.2.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.0.52.0 - HTC)
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
InstallIQ Updater (HKLM-x32\...\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}) (Version: 1.4.3.0 - W3i, LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lime PRO 3.0.1.0 (HKLM-x32\...\{D76918D7-995F-41F3-AEF0-30E8260052C2}_is1) (Version: 3.0.1.0 - Lime PRO)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office XP Small Business (HKLM-x32\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
PdaNet for Android 3.00 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA Hardware Setup (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Supervisor Password (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1466305756-587938971-1798298321-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

02-10-2014 07:00:18 Windows Update
03-10-2014 00:58:30 Restore Operation
14-10-2014 03:09:28 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {030E166F-E0E0-41DC-A5B7-4C7F5D3CE463} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {06AE4FA6-A117-4607-901C-6E3A64D81E9E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1466305756-587938971-1798298321-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3281BD61-2842-4CD6-8B5F-9BC1CFFD6EFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21] (Google Inc.)
Task: {3BAC9084-389D-4441-A791-9D68C011850A} - \DSite No Task File <==== ATTENTION
Task: {3FE70219-7D2B-470F-BEB0-52FB55D090CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21] (Google Inc.)
Task: {41372D34-5F07-404F-8852-01EC0C09967B} - System32\Tasks\RocketTab => C:\windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {4B6F8C13-10E4-4AB7-8CB6-3B3C45E1BF3C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1466305756-587938971-1798298321-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8B113330-D610-4BFC-936B-14AE4F09C5F4} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-10-02] () <==== ATTENTION
Task: {923D2313-7CF9-4D88-ADC3-4D3B48894BDF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000Core => C:\Users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {A2D82171-C63A-4CB5-B4AE-1A6ADCD996F1} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {A4D82449-5B8F-4A56-B1E3-0F4CDC4C443E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000UA => C:\Users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BA55E2DF-1261-44DE-9124-582546929872} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C07D8A95-7582-4176-B302-8A4004ED4A01} - \FindLyrics Update No Task File <==== ATTENTION
Task: {E0D42D34-E55B-4F9B-B4A5-11152557F24E} - System32\Tasks\Final Media Player Update Checker => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-11] (Bitberry Software)
Task: {E8DF9F50-1A9A-40CA-86F0-9681F0B4DF6D} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EE56AE8B-E83E-4BEE-ACBF-380FA34E0548} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000Core.job => C:\Users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000UA.job => C:\Users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\Final Media Player Update Checker.job => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-05 20:24 - 2012-04-26 15:51 - 00040448 _____ () C:\windows\System32\pdf995mon64.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-12-17 18:14 - 2012-12-17 18:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-10-02 02:33 - 2014-10-02 02:33 - 01424104 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2011-04-04 22:18 - 2011-04-04 22:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 18:19 - 2010-12-15 18:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2010-12-08 18:42 - 2010-12-08 18:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 11:31 - 2014-03-24 11:31 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-24 11:34 - 2014-03-24 11:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-03-24 11:36 - 2014-03-24 11:36 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-06-25 20:58 - 2014-04-28 16:32 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2013-12-15 09:12 - 2013-12-15 09:12 - 00138048 _____ () C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D346F792

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1466305756-587938971-1798298321-500 - Administrator - Disabled)
Fishbeer (S-1-5-21-1466305756-587938971-1798298321-1000 - Administrator - Enabled) => C:\Users\Fishbeer
Guest (S-1-5-21-1466305756-587938971-1798298321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1466305756-587938971-1798298321-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2014 02:31:28 PM) (Source: Google Update) (EventID: 20) (User: Fishbeer-PC)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, named proxy=http=127.0.0.1:49191;https=127.0.0.1:49191, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x800421f6. Http status code 502.
trying WinHTTP.
Send request returned 0x800421f6. Http status code 502.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=ht

Error: (10/15/2014 06:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15663

Error: (10/15/2014 06:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15663

Error: (10/15/2014 06:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2014 11:19:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44643726

Error: (10/14/2014 11:19:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44643726

Error: (10/14/2014 11:19:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2014 10:55:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15850

Error: (10/14/2014 10:55:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15850

Error: (10/14/2014 04:55:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (10/15/2014 00:27:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 11:01:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:59:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Comcast AntiSpyware service failed to start due to the following error:
%%2

Error: (10/13/2014 07:45:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (10/12/2014 02:15:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/12/2014 02:13:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Comcast AntiSpyware service failed to start due to the following error:
%%2

Error: (10/12/2014 10:23:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/09/2014 08:34:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/07/2014 08:52:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/05/2014 01:16:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (10/15/2014 02:31:28 PM) (Source: Google Update) (EventID: 20) (User: Fishbeer-PC)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, named proxy=http=127.0.0.1:49191;https=127.0.0.1:49191, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x800421f6. Http status code 502.
trying WinHTTP.
Send request returned 0x800421f6. Http status code 502.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=ht

Error: (10/15/2014 06:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15663

Error: (10/15/2014 06:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15663

Error: (10/15/2014 06:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2014 11:19:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44643726

Error: (10/14/2014 11:19:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44643726

Error: (10/14/2014 11:19:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2014 10:55:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15850

Error: (10/14/2014 10:55:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15850

Error: (10/14/2014 04:55:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 62%
Total physical RAM: 4043.86 MB
Available physical RAM: 1515.88 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 3927.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI106139W0E) (Fixed) (Total:282.9 GB) (Free:41.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Sr Soccer Pix) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 4E59E2AF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End Of Log ============================



#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:02 PM

Posted 15 October 2014 - 02:59 PM

Hi :)



51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 Jphil8774

Jphil8774
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 16 October 2014 - 08:35 PM

Here is the requested ComboFix Log - Thank you

 

ComboFix 14-10-15.01 - Fishbeer 10/16/2014  21:04:17.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2340 [GMT -4:00]
Running from: c:\users\Fishbeer\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Wajam
c:\program files (x86)\Wajam\Wajam Internet Enhancer\FiddlerCore.dll
c:\program files (x86)\Wajam\Wajam Internet Enhancer\Newtonsoft.Json.dll
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-17 to 2014-10-17  )))))))))))))))))))))))))))))))
.
.
2014-10-17 01:20 . 2014-10-17 01:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-13 22:58 . 2014-10-13 23:01 -------- d-----w- C:\FRST
2014-09-28 18:27 . 2014-10-16 03:38 -------- d-----w- c:\program files (x86)\Search Extensions
2014-09-24 02:09 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 02:09 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 01:34 . 2011-07-03 22:03 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-05 02:10 . 2014-09-11 00:36 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-05 02:05 . 2014-09-11 00:36 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-30 00:41 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 01:54 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 01:54 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 01:54 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-13 01:46 374968 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-13 01:46 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-13 01:46 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-13 01:46 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-13 01:46 2793984 ----a-w- c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-13 01:46 5833728 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-13 01:46 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-13 01:46 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-13 01:46 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-13 01:46 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-13 01:46 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-13 01:46 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-13 01:46 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-13 01:46 596480 ----a-w- c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-13 01:46 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-13 01:46 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-13 01:46 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-13 01:46 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-13 01:46 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-13 01:46 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-13 01:46 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-13 01:46 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-13 01:46 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-13 01:46 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-13 01:46 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-13 01:46 195584 ----a-w- c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-13 01:46 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-13 01:46 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-13 01:46 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-13 01:46 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-13 01:46 727040 ----a-w- c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-13 01:46 707072 ----a-w- c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-13 01:46 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-13 01:46 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-13 01:46 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-13 01:46 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-13 01:46 2310656 ----a-w- c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-13 01:46 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-13 01:46 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-13 01:46 1447424 ----a-w- c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-13 01:46 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-13 01:46 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-08-01 11:53 . 2014-09-11 00:36 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 00:36 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-23 05:13 . 2014-08-13 05:25 593112 ----a-w- c:\windows\system32\drivers\N360x64\1505000.013\symnets.sys
2014-07-23 05:13 . 2014-08-13 05:25 1148120 ----a-w- c:\windows\system32\drivers\N360x64\1505000.013\symefa64.sys
2014-07-23 04:50 . 2014-08-13 05:25 875736 ----a-w- c:\windows\system32\drivers\N360x64\1505000.013\srtsp64.sys
2014-06-24 01:27 . 2014-06-24 01:27 6010880 ----a-w- c:\program files (x86)\GUT88A1.tmp
2013-10-10 00:58 . 2013-10-10 00:58 50053120 ----a-w- c:\program files (x86)\GUT916E.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SanDiskSecureAccess_Manager.exe"="c:\users\Fishbeer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2012-11-08 30705792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2014-9-22 2548016]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141010.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141010.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1505000.013\SYMNETS.SYS [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-05 02:33 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000Core.job
- c:\users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-12 11:03]
.
2014-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000UA.job
- c:\users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-12 11:03]
.
2014-10-17 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-08-22 19:24]
.
2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 07:46]
.
2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 07:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=c001b2y
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49270;https=127.0.0.1:49270
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQBXGixp7StYWCwmSrLmLQ6iO2wdNtoG2pCV0MXccGRPbyA6Xa1FN1inBdNGYppQDVNbfb4d0SjXkHrx2tNu-vxpOOWxIn4oCcoigUMyWxsjndBg6pofIPo-I_1gaFq5tZLzyeFHl_PImsVPIK6UeLo9FUI7g,,&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Fishbeer\AppData\Roaming\Mozilla\Firefox\Profiles\ua8msrc0.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe
Wow6432Node-HKCU-Run-ComcastAntispyClient - c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-iLivid - c:\users\Fishbeer\AppData\Local\iLivid\iLivid.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19;c:\program files (x86)\Norton Security Suite\Engine64\21.5.0.19"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-10-16  21:31:39 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-17 01:31
.
Pre-Run: 46,468,730,880 bytes free
Post-Run: 47,863,697,408 bytes free
.
- - End Of File - - C466A815D39BD70BCAC3EBD517F66AE2
 



#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:02 PM

Posted 17 October 2014 - 01:08 AM

Hi :)



51a5bf3d99e8a-ComboFixlogo16.png Fix with ComboFix

Let's prepare a Script for ComboFix to mark some things for being deleted.
  • Press the WindowsKey.png + R on your keyboard at the same time.
  • A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
  • In the shown window paste in the following script:
    DDS::
    uInternet Settings,ProxyOverride = <-loopback>
    uInternet Settings,ProxyServer = http=127.0.0.1:49270;https=127.0.0.1:49270
    uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQBXGixp7StYWCwmSrLmLQ6iO2wdNtoG2pCV0MXccGRPbyA6Xa1FN1inBdNGYppQDVNbfb4d0SjXkHrx2tNu-vxpOOWxIn4oCcoigUMyWxsjndBg6pofIPo-I_1gaFq5tZLzyeFHl_PImsVPIK6UeLo9FUI7g,,&q={searchTerms}
    
    File::
    c:\program files (x86)\GUT88A1.tmp
    c:\program files (x86)\GUT916E.tmp
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk 
    
    Folder::
    c:\programdata\Best Buy pc app
    c:\program files (x86)\Search Extensions
    
    ClearJavaCache::
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google]
    [-HKEY_CURRENT_USER\SOFTWARE\Policies\Google]
    
  • Go to File menu and select Save as.
  • Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
  • Name the file CFScript and select Save.
Your CFScript.txt file should appear on your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Now drag your CFScript file and drop it onto the 51a5bf3d99e8a-ComboFixlogo16.png icon:
    CFScript.gif
  • This will start ComboFix. Let it run uninterrupted!
  • A reboot may be needed during this run. Allow it.
  • When finished, it shall produce a log for you at C:\ComboFix.txt and display it.
Please include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Do not forget to turn on your previously switched-off protection software!


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 Jphil8774

Jphil8774
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 17 October 2014 - 08:52 PM

Here is the requested log - thanks

 

ComboFix 14-10-15.01 - Fishbeer 10/17/2014  20:54:40.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2421 [GMT -4:00]
Running from: c:\users\Fishbeer\Desktop\ComboFix.exe
Command switches used :: c:\users\Fishbeer\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\GUT88A1.tmp"
"c:\program files (x86)\GUT916E.tmp"
"c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GUT88A1.tmp
c:\program files (x86)\GUT916E.tmp
c:\program files (x86)\Search Extensions
c:\program files (x86)\Search Extensions\certmanager.exe
c:\program files (x86)\Search Extensions\Client.exe
c:\program files (x86)\Search Extensions\makecert.exe
c:\program files (x86)\Search Extensions\Resources\certutil.exe
c:\program files (x86)\Search Extensions\Resources\libnspr4.dll
c:\program files (x86)\Search Extensions\Resources\libplc4.dll
c:\program files (x86)\Search Extensions\Resources\libplds4.dll
c:\program files (x86)\Search Extensions\Resources\nss3.dll
c:\program files (x86)\Search Extensions\Resources\smime3.dll
c:\program files (x86)\Search Extensions\Resources\softokn3.dll
c:\program files (x86)\Search Extensions\TrustedRoot.cer
c:\program files (x86)\Search Extensions\uninstall.exe
c:\programdata\Best Buy pc app
c:\programdata\Best Buy pc app\3.2.0420.05\AppIcon.ico.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\AppMeasurement_DotNET_Strong.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Best Buy pc app.exe.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Best Buy pc app.exe.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Best Buy pc app.exe.manifest
c:\programdata\Best Buy pc app\3.2.0420.05\BestBuySoftwareInstaller.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Common.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Common.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\CommunicationNet.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Controls.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\FluidKit.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Interop.IWshRuntimeLibrary.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Ionic.Zip.Reduced.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Localization.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Microsoft.Practices.Composite.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Microsoft.Practices.Composite.Presentation.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Microsoft.Practices.Composite.UnityExtensions.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Microsoft.Practices.EnterpriseLibrary.Common.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Microsoft.Practices.EnterpriseLibrary.Logging.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Microsoft.Practices.ObjectBuilder2.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Microsoft.Practices.ServiceLocation.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Microsoft.Practices.Unity.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Microsoft.Practices.Unity.Interception.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\pc app Installer.exe.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\pc app Installer.exe.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.Default.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.Default.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.GeekSquad.Common.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.GeekSquad.Common.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.GeekSquad.Controller.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.GeekSquad.ViewModels.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.GeekSquad.ViewModels.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.GeekSquad.Views.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.GeekSquad.Views.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.Home.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.Home.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.Omniture.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.Omniture.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.Update.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImage.Modules.Update.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImageInfrastructure.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\PCImageInfrastructure.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\Localization\en-US\RTFs\About.rtf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\Localization\en-US\RTFs\WelcomeScreen.rtf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\Localization\en-US\Translations.xml.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\arrow_left.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\arrow_right.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\availableAgents.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\BBSI_Logo_Final.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\btn_connectNow.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\busy.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\card-CID-A.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\card-CID-B.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Cart-BtnSm.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\checkMark_12x12.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\CID_40x18.jpg.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Click_button5.wav.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\ESRB_Graphic.JPG.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\ApexNew-BoldItalic.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\ApexNew-Book.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\ApexNew-BookItalic.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\ApexNew-Medium.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\ApexNew-MediumItalic.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-66FullFlyweight.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-67FullBantamwt.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-68FullFeatherwt.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-69FullLiteweight.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-70FullWelterwt.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-90UltmtWelterwt.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-91UltmtMiddlewt.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-92UltmtCruiserwt.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-93UltmtHeviwt.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts\Knockout-94UltmtSumo.ttf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\geek_squad_support_2.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\HelveticaLTStd-Bold.otf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\HelveticaLTStd-Roman.otf.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icon_error.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\icon_good.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\Cart.ico.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\Check.ico.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\Clock.ico.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\Home.ico.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\icon_ESRB_AdultsOnly.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\icon_ESRB_EarlyChildhood.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\icon_ESRB_Everyone.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\icon_ESRB_Everyone10plus.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\icon_ESRB_Mature.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\icon_ESRB_Pending.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\icon_ESRB_Teen.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons\Installed.ico.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\MajorUpdateBG.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\OfficeActivationImage.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\offline.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\OfflineBG.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\online.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\OutsideUS-BG.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\QuickUpdateBG.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\remoteSupportHeader.gif.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\StarEmpty.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\StarFull.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Verisign_69x33.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\VeriSignLogo_76x36.jpg.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\StaticResources\WelcomeBG.png.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\tempCategories.xml.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Resources\TranslationSchema.xsd.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\Restarter.exe.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\SecureDownloadAPI.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\SecureDownloadAPI64.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\SecureDownloadAPIHelper.exe.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\SharpBITS.Base.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\ViewModels.dll.config.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\ViewModels.dll.deploy
c:\programdata\Best Buy pc app\3.2.0420.05\WCFCompression.dll.deploy
c:\programdata\Best Buy pc app\Best Buy pc app Launcher.exe
c:\programdata\Best Buy pc app\Best Buy pc app.application
c:\programdata\Best Buy pc app\Best Buy pc app.lnk
c:\programdata\Best Buy pc app\BestBuyPcAppDetector.ocx
c:\programdata\Best Buy pc app\ClickOnceSetup.exe
c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
c:\programdata\Best Buy pc app\npBestBuyPcAppDetector.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-18 to 2014-10-18  )))))))))))))))))))))))))))))))
.
.
2014-10-18 01:03 . 2014-10-18 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-13 22:58 . 2014-10-13 23:01 -------- d-----w- C:\FRST
2014-09-24 02:09 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 02:09 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 01:34 . 2011-07-03 22:03 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-05 02:10 . 2014-09-11 00:36 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-05 02:05 . 2014-09-11 00:36 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-30 00:41 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 01:54 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 01:54 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 01:54 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-13 01:46 374968 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-13 01:46 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-13 01:46 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-13 01:46 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-13 01:46 2793984 ----a-w- c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-13 01:46 5833728 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-13 01:46 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-13 01:46 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-13 01:46 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-13 01:46 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-13 01:46 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-13 01:46 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-13 01:46 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-13 01:46 596480 ----a-w- c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-13 01:46 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-13 01:46 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-13 01:46 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-13 01:46 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-13 01:46 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-13 01:46 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-13 01:46 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-13 01:46 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-13 01:46 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-13 01:46 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-13 01:46 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-13 01:46 195584 ----a-w- c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-13 01:46 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-13 01:46 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-13 01:46 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-13 01:46 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-13 01:46 727040 ----a-w- c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-13 01:46 707072 ----a-w- c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-13 01:46 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-13 01:46 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-13 01:46 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-13 01:46 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-13 01:46 2310656 ----a-w- c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-13 01:46 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-13 01:46 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-13 01:46 1447424 ----a-w- c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-13 01:46 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-13 01:46 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-08-01 11:53 . 2014-09-11 00:36 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 00:36 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-23 05:13 . 2014-08-13 05:25 593112 ----a-w- c:\windows\system32\drivers\N360x64\1505000.013\symnets.sys
2014-07-23 05:13 . 2014-08-13 05:25 1148120 ----a-w- c:\windows\system32\drivers\N360x64\1505000.013\symefa64.sys
2014-07-23 04:50 . 2014-08-13 05:25 875736 ----a-w- c:\windows\system32\drivers\N360x64\1505000.013\srtsp64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SanDiskSecureAccess_Manager.exe"="c:\users\Fishbeer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2012-11-08 30705792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2014-9-22 2548016]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141010.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141010.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1505000.013\SYMNETS.SYS [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-05 02:33 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000Core.job
- c:\users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-12 11:03]
.
2014-10-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1466305756-587938971-1798298321-1000UA.job
- c:\users\Fishbeer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-12 11:03]
.
2014-10-17 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-08-22 19:24]
.
2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 07:46]
.
2014-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 07:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=c001b2y
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQBXGixp7StYWCwmSrLmLQ6iO2wdNtoG2pCV0MXccGRPbyA6Xa1FN1inBdNGYppQDVNbfb4d0SjXkHrx2tNu-vxpOOWxIn4oCcoigUMyWxsjndBg6pofIPo-I_1gaFq5tZLzyeFHl_PImsVPIK6UeLo9FUI7g,,&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Fishbeer\AppData\Roaming\Mozilla\Firefox\Profiles\ua8msrc0.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application"
AddRemove-RocketTab - c:\program files (x86)\Search Extensions\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19;c:\program files (x86)\Norton Security Suite\Engine64\21.5.0.19"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-17  21:07:37
ComboFix-quarantined-files.txt  2014-10-18 01:07
ComboFix2.txt  2014-10-17 01:31
.
Pre-Run: 46,841,978,880 bytes free
Post-Run: 46,774,673,408 bytes free
.
- - End Of File - - 1BB709116C2EAFEF4FC4E6EC3B33AF6B
 



#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:02 PM

Posted 18 October 2014 - 05:13 AM

Hi :)
 
Alot better. Please update me what issues remain.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:02 PM

Posted 22 October 2014 - 03:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users