Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown maiware - Windows defender disabled. Problems with windows update.


  • This topic is locked This topic is locked
21 replies to this topic

#1 Lcampbell

Lcampbell

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 17 November 2014 - 08:59 PM

Another machine with issues. Booted to safe mode and install malwarebytes. Removed 3 pup programs (including coupon clipper and rocket mp3 - tried to use windows uninstall to remove some of them after malwarebytes cleaned up) (over 100 files were cleaned up). Booted in normal mode. Windows update did not update for about a week. Trend Micro firewall/av not updating. Noticed windows defender message in logs (not starting). Updated mailwarebytes and reran - came up clean. Had to reinstall Trend Micro so updates would work. Ran trend micro scan - Nothing found. Ran malwarebytes rootkit checker - nothing. tried to run windows update. Not all updates worked (especially windows defender update). Tried to get windows defender to work - Failed. Ran windows update - Noticed 1 update for office 2010 not working - hid the update. Ran it again - found 5 updates. 1 installed but the others failed. Rebooted machine. Windows update stated that windows was updated. ---WRONG BEHAVIOR Those 4 updates should still be there-- Suspect some kind of virus but none seem to be obvious--. FRST64 logs included DDS logs included Malware files included Summary.nfo file included. Please advice.


Edited by Lcampbell, 17 November 2014 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 Lcampbell

Lcampbell
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 17 November 2014 - 09:17 PM

Files did not attach first time. Here they are.

Attached Files

  • Attached File  syd.zip   164.09KB   2 downloads


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 AM

Posted 22 November 2014 - 09:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556591 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Lcampbell

Lcampbell
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 23 November 2014 - 01:03 PM

files already attached.



#5 Lcampbell

Lcampbell
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 23 November 2014 - 04:41 PM

Sorry DDS files may have been from another problem. Here is current dds files and frst files.

Attached Files

  • Attached File  syd2.zip   46.19KB   4 downloads


#6 Lcampbell

Lcampbell
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 23 November 2014 - 04:42 PM

Also updated programs ran new scans Windows says updated but found 2 updates 1 update worked but windows defender still failed to update.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:32 AM

Posted 24 November 2014 - 09:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • POST THE LOG FOR MY REVIEW.
     
    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.
    ===
     
    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.
     
    p.s.
    I will not open zip file, post or attach them.


    #8 Lcampbell

    Lcampbell
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:08:32 AM

    Posted 24 November 2014 - 08:26 PM

    First off your mention about not opening zip file make me really wonder about your competency. There is nothing a zip file can do to affect your machine (including unzipping it) that would cause it to install viruses (actually in the old days it was possible with putting special code in the comments on a command line but that would not work in a gui). Running any executable inside could but my files contained no executables, just text files. As mentioned before I have ran malware earlier and removed a a lot of pup files mostly from 3 main programs. It was allowed to quarantine them and any subsequent run came up clean. I included the xml file from malware in a previous zip but it would be hard to read without a xml reader. Here is the log
    Malwarebytes Anti-Malware

    www.malwarebytes.org

     

    Scan Date: 11/24/2014

    Scan Time: 6:01:49 PM

    Logfile: mal.txt

    Administrator: Yes

     

    Version: 2.00.3.1025

    Malware Database: v2014.11.23.10

    Rootkit Database: v2014.11.22.01

    License: Trial

    Malware Protection: Enabled

    Malicious Website Protection: Enabled

    Self-protection: Disabled

     

    OS: Windows 7 Service Pack 1

    CPU: x64

    File System: NTFS

    User: Toshiba

     

    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 388608

    Time Elapsed: 30 min, 31 sec

     

    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Enabled

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled

     

    Processes: 0

    (No malicious items detected)

     

    Modules: 0

    (No malicious items detected)

     

    Registry Keys: 0

    (No malicious items detected)

     

    Registry Values: 0

    (No malicious items detected)

     

    Registry Data: 0

    (No malicious items detected)

     

    Folders: 0

    (No malicious items detected)

     

    Files: 0

    (No malicious items detected)

     

    Physical Sectors: 0

    (No malicious items detected)

     

     

    (end)



    #9 Lcampbell

    Lcampbell
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:08:32 AM

    Posted 24 November 2014 - 08:30 PM

    AdwCleaner mostly came up with piddling stuff. Here is the log after clean. FRST coming but won't be substantially different than the last run.
    # AdwCleaner v4.102 - Report created 24/11/2014 at 18:56:27
    # Updated 23/11/2014 by Xplode
    # Database : 2014-11-23.7 [Local]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Toshiba - TOSHIBA-PC
    # Running from : E:\adwcleaner_4.102.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\Toshiba\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Toshiba\AppData\Roaming\pccustubinstaller
    Folder Deleted : C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm
    File Deleted : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\mvkt2r3j.default\searchplugins\bingp.xml

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKLM\SOFTWARE\PIP

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420


    -\\ Mozilla Firefox v29.0.1 (en-US)


    -\\ Google Chrome v39.0.2171.65

    [C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Chromium v

    [C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [3241 octets] - [24/11/2014 18:51:43]
    AdwCleaner[S0].txt - [3485 octets] - [24/11/2014 18:56:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3545 octets] ##########
     



    #10 Lcampbell

    Lcampbell
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:08:32 AM

    Posted 24 November 2014 - 08:36 PM

    here is frst additional.txt.
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
    Ran by Toshiba at 2014-11-24 19:32:11
    Running from E:\
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Trend Micro Maximum Security (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Trend Micro Maximum Security (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
    ATI Catalyst Install Manager (HKLM\...\{5792CD64-61B4-C448-0D22-3C51DD73AB2A}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
    Bejeweled (HKLM-x32\...\{7C564B2D-DE12-41B9-ADE4-633EF00F0315}) (Version: 1.00.0000 - Valusoft)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.7 - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
    D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
    Dark Tales: Γäó Edgar Allan Poe's The Black Cat Collector's Edition (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe's The Black Cat Collector's Edition) (Version:  - )
    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Diner Dash - Flo on the Go (HKLM-x32\...\Diner Dash - Flo on the Go) (Version:  - PlayFirst, Inc.)
    Diner Dash Hometown Hero (HKLM-x32\...\Diner Dash Hometown Hero) (Version:  - PlayFirst, Inc.)
    Eastville Chronicles The Drama Queen Murder (HKLM-x32\...\{3E604ECA-6A1B-4664-B13B-56E895495E96}) (Version: 1.00.0000 - Valusoft)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Feeding Frenzy 2 Shipwreck Showdown (HKLM-x32\...\BFG-Feeding Frenzy 2 Shipwreck Showdown) (Version:  - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
    HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.1.5 - MP3 Rocket Inc)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    NetZero For Cosmi (HKLM-x32\...\{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}) (Version: 1.0.0 - NetZero, Inc.)
    Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power Resumes (HKLM-x32\...\{B4C2C217-40E0-4D8C-BB60-1A84A7ADCFAB}) (Version: 8.00.0000 - Cosmi Software)
    PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
    QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
    RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    SkypeΓäó 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.2.0 - Toshiba)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.24 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.2.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
    TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
    Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
    Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.0.1129 - Trend Micro Inc.)
    Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
    VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
    VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    17-11-2014 06:30:50 Scheduled Checkpoint
    17-11-2014 13:36:20 Windows Update
    17-11-2014 23:55:24 Windows Update
    23-11-2014 18:31:54 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2012-03-23 10:12 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {07938876-D184-4A6A-BF0C-3C74B944B0D1} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-08-24] (Symantec Corporation)
    Task: {154F5BAD-B0D6-4FCD-B5D3-B4C6D794D43E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3285852076-1852164044-910172756-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
    Task: {185ACC39-F698-4986-AB64-53D04692888B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-16] (Adobe Systems Incorporated)
    Task: {222C7801-F865-4C26-9E92-6F687EFFB88E} - System32\Tasks\{80340FCA-3A3F-4C47-9FC5-953DE23E36D6} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
    Task: {298541A5-6654-4105-B6EF-0A37B865B5C1} - System32\Tasks\ReclaimerUpdateFiles_Toshiba => C:\Users\Toshiba\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
    Task: {2EB4B21F-D46E-40C7-8848-44BE23637076} - System32\Tasks\{5557E69E-EC44-406A-A416-A0D13D9FB77F} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2014-09-19] (Microsoft Corporation)
    Task: {3FE73D4C-5C5A-4A87-8DC8-BACB56CBB7D5} - System32\Tasks\{AA9C58D1-7EDB-4F67-8F8C-5C273F5CFEB5} => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [2014-07-20] (Trend Micro Inc.)
    Task: {457A1621-B6A3-4FE9-B69D-9AD4C5AB2F7A} - System32\Tasks\RNUpgradeHelperLogonPrompt_Toshiba => C:\Users\Toshiba\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
    Task: {48183910-7E0F-4004-AE8A-074EF381180C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {496A9140-5402-4641-9BDE-EF9055FA6439} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22] (Google Inc.)
    Task: {5FAD02B4-301A-4647-A1E7-92458917371B} - System32\Tasks\RNUpgradeHelperResumePrompt_Toshiba => C:\Users\Toshiba\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
    Task: {6E4295FA-E346-4D79-81AF-E457D0AF23FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {734E4A72-F3A4-408E-B7A0-5FAE1DF192AD} - System32\Tasks\ReclaimerUpdateXML_Toshiba => C:\Users\Toshiba\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
    Task: {8E832777-4030-470D-B548-B3DF10CD8FCD} - System32\Tasks\{6B907AB5-DBAC-439B-A55B-236AC179D911} => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [2014-07-20] (Trend Micro Inc.)
    Task: {95171A46-1F8A-4A2E-AEEC-CE992BCDE45B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3285852076-1852164044-910172756-1000Core => C:\Users\Toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21] (Facebook Inc.)
    Task: {95BA4F1D-7398-4B9B-BA54-30DE743C93CF} - System32\Tasks\{9DDB9B58-C688-43D6-B023-75C0C3121459} => C:\Program Files (x86)\PlayFirst\Diner Dash Hometown Hero\Diner Dash - Hometown Hero.exe [2010-05-24] ()
    Task: {A0085572-AE75-4E07-AF38-BE03EE99A9A8} - System32\Tasks\{CD7DADD2-6589-435D-B619-DFE52A0EA5C4} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2014-09-19] (Microsoft Corporation)
    Task: {AD6BBA92-4F3E-47F1-A931-BF0A3E6FB459} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3285852076-1852164044-910172756-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
    Task: {BE954867-2B47-4D4D-A7A7-DB63F8843EF1} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2014-10-09] (Trend Micro Inc.)
    Task: {C6E9009B-8A59-46EA-831D-02691D18492C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3285852076-1852164044-910172756-1000UA => C:\Users\Toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21] (Facebook Inc.)
    Task: {C8C8D1A5-15AF-4CE2-8274-791564A9F90E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3285852076-1852164044-910172756-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
    Task: {E66CB765-7972-44F6-ABAB-F429AA9B5A3C} - System32\Tasks\{F090A6AC-3AD6-4532-BD06-D65D444BB670} => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [2014-07-20] (Trend Micro Inc.)
    Task: {E66F4015-F1D0-43A8-AA64-CFCFB4537F1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22] (Google Inc.)
    Task: {E8053FFB-CDB9-43F2-8CF6-873BA586417D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3285852076-1852164044-910172756-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3285852076-1852164044-910172756-1000Core.job => C:\Users\Toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3285852076-1852164044-910172756-1000UA.job => C:\Users\Toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\ReclaimerUpdateFiles_Toshiba.job => C:\Users\Toshiba\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
    Task: C:\windows\Tasks\ReclaimerUpdateXML_Toshiba.job => C:\Users\Toshiba\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
    Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Toshiba.job => C:\Users\Toshiba\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-11-16 13:10 - 2014-07-09 10:03 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
    2014-11-16 13:10 - 2014-07-09 10:02 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
    2014-11-16 13:10 - 2014-07-09 10:03 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
    2014-11-16 13:10 - 2014-07-09 10:03 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
    2014-11-16 13:10 - 2014-07-09 10:02 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
    2014-11-16 13:02 - 2014-07-20 13:04 - 00168584 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
    2014-11-16 13:02 - 2014-07-20 13:05 - 00065560 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
    2014-11-16 13:29 - 2014-10-09 08:51 - 00027208 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
    2014-11-16 13:29 - 2014-10-09 08:51 - 00058096 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
    2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-11-16 13:29 - 2014-10-09 08:51 - 00097736 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:3BCA993F
    AlternateDataStreams: C:\ProgramData\TEMP:864881BF

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3285852076-1852164044-910172756-500 - Administrator - Disabled)
    Guest (S-1-5-21-3285852076-1852164044-910172756-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3285852076-1852164044-910172756-1002 - Limited - Enabled)
    Toshiba (S-1-5-21-3285852076-1852164044-910172756-1000 - Administrator - Enabled) => C:\Users\Toshiba

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/24/2014 05:37:01 PM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (11/24/2014 05:36:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 74172672

    Error: (11/24/2014 05:36:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 74172672

    Error: (11/24/2014 05:36:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/23/2014 07:42:06 PM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (11/23/2014 07:00:04 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (11/17/2014 05:58:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 17.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1174

    Start Time: 01d002c1c47b865d

    Termination Time: 0

    Application Path: E:\FRST64.exe

    Report Id: 71ca175b-6eb5-11e4-8456-60eb690f3e4c

    Error: (11/17/2014 04:42:05 PM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (11/17/2014 01:42:05 PM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (11/17/2014 10:42:07 AM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s


    System errors:
    =============
    Error: (11/24/2014 07:04:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Platinum Host Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/24/2014 07:00:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (11/24/2014 06:59:36 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

    Error: (11/24/2014 06:59:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Defender service terminated with the following error:
    %%126

    Error: (11/24/2014 06:59:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (11/24/2014 06:57:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (11/24/2014 06:56:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/24/2014 06:56:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/24/2014 06:56:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (11/24/2014 06:56:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Skype Click to Call Updater service terminated unexpectedly.  It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (11/24/2014 05:37:01 PM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (11/24/2014 05:36:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 74172672

    Error: (11/24/2014 05:36:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 74172672

    Error: (11/24/2014 05:36:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/23/2014 07:42:06 PM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (11/23/2014 07:00:04 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

    Error: (11/17/2014 05:58:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: FRST64.exe17.11.2014.0117401d002c1c47b865d0E:\FRST64.exe71ca175b-6eb5-11e4-8456-60eb690f3e4c

    Error: (11/17/2014 04:42:05 PM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (11/17/2014 01:42:05 PM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (11/17/2014 10:42:07 AM) (Source: Google Update) (EventID: 20) (User: Toshiba-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s


    CodeIntegrity Errors:
    ===================================
      Date: 2012-03-20 13:34:48.140
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2012-03-20 13:34:48.077
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2012-03-20 13:34:47.999
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2012-03-20 13:34:47.921
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2012-03-20 12:46:23.818
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2012-03-20 12:46:23.740
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD Athlon™ II P340 Dual-Core Processor
    Percentage of memory in use: 36%
    Total physical RAM: 2810.9 MB
    Available physical RAM: 1794.14 MB
    Total Pagefile: 5619.98 MB
    Available Pagefile: 4082.89 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (Local Disk) (Fixed) (Total:286.57 GB) (Free:202.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: () (Removable) (Total:1.87 GB) (Free:1.8 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 504D76FE)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=286.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.1 GB) - (Type=17)

    ========================================================
    Disk: 1 (Size: 1.9 GB) (Disk ID: 71BE3A93)
    Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

    ==================== End Of Log ============================
     


    and here is frst log.
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
    Ran by Toshiba (administrator) on TOSHIBA-PC on 24-11-2014 19:31:23
    Running from E:\
    Loaded Profile: Toshiba (Available profiles: Toshiba)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [1983920 2014-11-03] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.)
    HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-10-09] (Trend Micro Inc.)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2013-01-26] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKU\S-1-5-21-3285852076-1852164044-910172756-1000\...\Run: [Facebook Update] => C:\Users\Toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-21] (Facebook Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3285852076-1852164044-910172756-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3285852076-1852164044-910172756-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKU\S-1-5-21-3285852076-1852164044-910172756-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {C4E239AE-A0D9-486C-ACE2-268D42B296A3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {C4E239AE-A0D9-486C-ACE2-268D42B296A3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    SearchScopes: HKLM-x32 -> DefaultScope {A9019058-2C88-4AED-9E46-89C410F588C1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {A9019058-2C88-4AED-9E46-89C410F588C1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    SearchScopes: HKU\S-1-5-21-3285852076-1852164044-910172756-1000 -> DefaultScope {E8A6FB6E-E3EE-4A82-8E2F-BD813CBD2902} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_en
    SearchScopes: HKU\S-1-5-21-3285852076-1852164044-910172756-1000 -> AB3E8BB73A8C4D3A858B3BDD6CA91D5E URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    SearchScopes: HKU\S-1-5-21-3285852076-1852164044-910172756-1000 -> {E8A6FB6E-E3EE-4A82-8E2F-BD813CBD2902} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_en
    BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
    BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
    BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
    Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
    Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
    Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)
    Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
    Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
    Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.17.49.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\mvkt2r3j.default
    FF SearchEngineOrder.3: Bing
    FF Homepage: hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
    FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3285852076-1852164044-910172756-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Toshiba\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Extension: MP3 Rocket Downloader - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\mvkt2r3j.default\Extensions\mp3rocketdownloader@mp3rocket.me.xpi [2012-12-20]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
    FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
    FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2014-11-16]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-16]
    FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
    FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-26]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
    FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2014-09-26]
    FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
    FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
    FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-11-16]
    FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
    FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-11-16]
    FF HKU\S-1-5-21-3285852076-1852164044-910172756-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-22]
    CHR Extension: (Google Drive) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-22]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
    CHR Extension: (YouTube) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-22]
    CHR Extension: (Google Search) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-22]
    CHR Extension: (RealDownloader) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-22]
    CHR Extension: (Google Wallet) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-22]
    CHR Extension: (Trend Micro Toolbar) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-10-22]
    CHR Extension: (Gmail) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-22]
    CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-24] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
    R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-10-09] (Trend Micro Inc.)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
    R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [319952 2014-11-03] (Trend Micro Inc.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
    R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
    S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [67408 2014-11-03] (Trend Micro Inc.)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-24] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
    R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
    R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.)
    R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.)
    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.)
    R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.)
    R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.)
    R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.)
    R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    U2 TMAgent; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-24 18:25 - 2014-11-24 18:56 - 00000000 ____D () C:\AdwCleaner
    2014-11-23 13:37 - 2014-11-23 13:37 - 00001793 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-11-23 13:37 - 2014-11-23 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-11-23 13:36 - 2014-11-23 13:37 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-11-23 13:36 - 2014-11-23 13:37 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-23 13:36 - 2014-11-23 13:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-11-23 13:36 - 2014-11-23 13:36 - 00000000 ____D () C:\Program Files\iPod
    2014-11-23 13:34 - 2014-11-23 13:34 - 00001116 _____ () C:\Users\Public\Desktop\MP3 Rocket 7.1.5.lnk
    2014-11-23 13:34 - 2014-11-23 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
    2014-11-23 13:20 - 2014-11-23 13:33 - 29471144 _____ (Oracle Corporation) C:\Users\Toshiba\Desktop\jre-7u72-windows-i586.exe
    2014-11-23 13:11 - 2014-11-23 13:19 - 17843448 _____ () C:\Users\Toshiba\Downloads\mp3rocket_s.exe
    2014-11-23 13:03 - 2014-11-23 13:03 - 00664568 _____ (MP3 Rocket Inc.) C:\Users\Toshiba\Downloads\MP3Rocket_Setup.exe
    2014-11-23 12:31 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-23 12:31 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-11-23 12:31 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-23 12:31 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-11-17 17:56 - 2014-11-17 17:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-17 17:56 - 2014-11-17 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-17 17:56 - 2014-11-17 17:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-17 17:56 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-11-17 17:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-11-17 06:43 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-11-17 06:43 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
    2014-11-17 06:42 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2014-11-17 06:42 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
    2014-11-16 23:39 - 2014-11-24 18:59 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-16 23:39 - 2014-11-17 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-11-16 23:37 - 2014-11-17 22:07 - 00000000 ____D () C:\Users\Toshiba\Desktop\mbar
    2014-11-16 23:37 - 2014-11-17 21:01 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-11-16 23:21 - 2014-11-16 23:21 - 00002756 _____ () C:\Users\Toshiba\Downloads\FSS.txt
    2014-11-16 23:19 - 2014-11-16 23:19 - 00854414 _____ () C:\Users\Toshiba\Downloads\SecurityCheck.exe
    2014-11-16 23:19 - 2014-11-16 23:19 - 00415232 _____ (Farbar) C:\Users\Toshiba\Downloads\FSS.exe
    2014-11-16 14:03 - 2014-11-16 19:40 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
    2014-11-16 14:03 - 2014-11-16 14:03 - 00000873 _____ () C:\Users\Public\Desktop\MyDefrag.lnk
    2014-11-16 14:03 - 2014-11-16 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
    2014-11-16 14:03 - 2010-05-21 12:11 - 01147392 _____ (J.C. Kessels) C:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
    2014-11-16 14:03 - 2010-05-21 12:11 - 00485376 _____ (J.C. Kessels) C:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
    2014-11-16 14:02 - 2014-11-16 14:02 - 02082630 _____ (J.C. Kessels ) C:\Users\Toshiba\Downloads\MyDefrag-v4.3.1.exe
    2014-11-16 14:00 - 2014-11-16 14:00 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\Trend Micro
    2014-11-16 13:18 - 2014-11-16 13:18 - 00000000 ___HD () C:\TMRescueDisk
    2014-11-16 13:15 - 2014-11-16 13:15 - 00001451 _____ () C:\Users\Toshiba\Desktop\Trend Micro Maximum Security.lnk
    2014-11-16 13:15 - 2014-11-16 13:15 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security
    2014-11-16 13:14 - 2014-07-14 01:39 - 00305832 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
    2014-11-16 13:14 - 2014-07-14 01:39 - 00121944 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmactmon.sys
    2014-11-16 13:14 - 2014-07-14 01:39 - 00093664 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmevtmgr.sys
    2014-11-16 13:14 - 2014-07-09 10:03 - 00407864 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmnciesc.sys
    2014-11-16 13:14 - 2014-07-09 10:02 - 00106296 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmeevw.sys
    2014-11-16 13:14 - 2014-07-09 10:02 - 00050976 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMEBC64.sys
    2014-11-16 13:14 - 2014-06-30 05:06 - 00106296 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmusa.sys
    2014-11-16 13:11 - 2014-11-16 13:11 - 00000059 _____ () C:\windows\system32\SupportTool.exe.bat
    2014-11-16 13:09 - 2014-11-16 13:09 - 00000126 _____ () C:\detectreport.xml
    2014-11-16 13:09 - 2014-11-16 13:09 - 00000088 _____ () C:\action.xml
    2014-11-16 12:19 - 2014-11-16 12:48 - 253591888 _____ (Trend Micro Inc.) C:\Users\Toshiba\Downloads\TTi_8.0_HE_Full.exe
    2014-11-16 11:58 - 2014-11-16 11:59 - 00048349 _____ () C:\TMPatch.log
    2014-11-16 11:53 - 2014-11-16 11:54 - 09871048 _____ (Trend Micro Inc. ) C:\Users\Toshiba\Downloads\Ti_80_win_global_en_Update_hfb1210.exe
    2014-11-16 11:17 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
    2014-11-16 11:17 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-11-16 11:17 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-11-16 11:17 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
    2014-11-16 11:17 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
    2014-11-16 11:17 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
    2014-11-16 11:17 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
    2014-11-16 11:17 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
    2014-11-16 11:17 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
    2014-11-16 11:17 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
    2014-11-16 11:17 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2014-11-16 11:17 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
    2014-11-16 11:17 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
    2014-11-16 11:17 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
    2014-11-16 11:17 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
    2014-11-16 11:17 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
    2014-11-16 11:07 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
    2014-11-16 11:07 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
    2014-11-16 11:07 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
    2014-11-16 11:07 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
    2014-11-16 10:14 - 2014-11-16 10:14 - 00000000 ____D () C:\d0bd388efd91b3ab48
    2014-11-15 23:07 - 2014-11-24 19:31 - 00000000 ____D () C:\FRST
    2014-11-13 11:54 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-13 11:54 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-13 11:54 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-13 11:54 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-13 11:54 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-11-13 11:54 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-13 11:54 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-13 11:54 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-13 11:54 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-11-13 11:54 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-11-13 11:54 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-13 11:54 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-13 11:53 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-13 11:53 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-13 11:53 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-11-13 11:53 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-13 11:53 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-11-13 11:53 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-13 11:53 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-13 11:53 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-13 11:53 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-13 11:53 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-13 11:53 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-13 11:53 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-13 11:53 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-13 11:53 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-13 11:53 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-13 11:53 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-13 11:53 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-11-13 11:53 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-13 11:53 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-13 11:53 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-13 11:53 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-13 11:53 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-13 11:53 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-13 11:53 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-13 11:53 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-13 11:53 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-13 11:53 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-13 11:53 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-13 11:53 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-13 11:53 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-13 11:53 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-13 11:53 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-13 11:53 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-13 11:53 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-13 11:53 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-13 11:53 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-13 11:53 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-13 11:53 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-13 11:53 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-13 11:53 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-11-13 11:53 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-13 11:53 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-13 11:53 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-13 11:53 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-13 11:53 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-13 11:53 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-13 11:53 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-13 11:53 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-13 11:53 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-11-13 11:53 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-13 11:53 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-13 11:53 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-13 11:53 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-13 11:53 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-13 11:53 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-13 11:53 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-13 11:52 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-13 11:52 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-13 11:52 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-13 11:52 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-13 11:52 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-13 11:52 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-13 11:52 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-13 11:52 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-13 11:52 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-13 11:52 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-13 11:52 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-13 11:52 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-13 11:52 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2014-11-13 11:52 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-11-13 11:52 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2014-11-13 11:52 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-11-13 11:52 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-11-13 11:52 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2014-11-13 11:52 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-13 11:52 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-11-13 11:52 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2014-11-13 11:52 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2014-11-13 11:52 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2014-11-13 11:52 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-13 11:52 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-11-13 11:52 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-13 11:52 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-11-13 11:52 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
    2014-11-13 11:52 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
    2014-11-13 11:51 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-13 11:51 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-13 11:51 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-13 11:51 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-13 11:16 - 2014-11-13 11:16 - 00000000 ____D () C:\Program Files (x86)\GUMAEC5.tmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-24 19:19 - 2013-03-22 22:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-11-24 19:11 - 2014-05-22 22:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-24 19:06 - 2009-07-13 22:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-24 19:06 - 2009-07-13 22:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-24 19:05 - 2011-06-10 15:22 - 01887946 _____ () C:\windows\WindowsUpdate.log
    2014-11-24 18:59 - 2014-05-22 22:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-24 18:59 - 2012-03-23 12:04 - 00022174 _____ () C:\windows\setupact.log
    2014-11-24 18:59 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-11-24 18:58 - 2012-06-26 11:39 - 03025656 _____ () C:\windows\PFRO.log
    2014-11-24 18:28 - 2009-07-13 23:13 - 00819680 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-11-24 17:54 - 2014-09-26 12:46 - 00000010 _____ () C:\Users\Toshiba\AppData\Local\sponge.last.runtime.cache
    2014-11-24 17:49 - 2013-06-17 19:10 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Toshiba.job
    2014-11-24 17:42 - 2012-10-21 15:37 - 00000914 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3285852076-1852164044-910172756-1000Core.job
    2014-11-24 17:37 - 2012-10-21 15:37 - 00000936 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3285852076-1852164044-910172756-1000UA.job
    2014-11-24 17:36 - 2013-06-17 19:10 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Toshiba.job
    2014-11-23 16:10 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
    2014-11-23 13:41 - 2014-05-22 22:50 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-11-23 13:36 - 2014-01-25 20:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-11-23 13:36 - 2013-02-12 21:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-11-23 13:34 - 2013-01-26 10:02 - 00000000 ____D () C:\Program Files (x86)\MP3 Rocket
    2014-11-23 13:20 - 2013-01-26 10:02 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\MP3Rocket
    2014-11-23 12:40 - 2013-01-26 10:04 - 00000000 ____D () C:\Users\Toshiba\Incomplete
    2014-11-16 23:15 - 2014-09-26 10:37 - 00003540 _____ () C:\windows\System32\Tasks\Trend Micro Inspect of Platinum
    2014-11-16 13:27 - 2012-06-26 11:56 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\Trend Micro
    2014-11-16 13:23 - 2011-07-14 14:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-16 13:22 - 2011-06-11 14:30 - 00000000 ____D () C:\ProgramData\Trend Micro
    2014-11-16 13:10 - 2014-09-26 10:31 - 00000000 ____D () C:\Program Files\Trend Micro
    2014-11-16 11:29 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-11-16 11:24 - 2014-05-22 22:38 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-16 11:24 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-11-16 10:46 - 2009-07-13 22:45 - 00408848 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-16 10:14 - 2013-08-19 21:08 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-16 10:14 - 2011-06-10 14:28 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-16 10:06 - 2014-05-22 22:49 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-16 10:06 - 2014-05-22 22:49 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-16 09:58 - 2013-03-22 22:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-16 09:58 - 2013-03-22 22:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-16 09:58 - 2011-06-10 14:56 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-15 23:32 - 2014-09-26 10:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-11-15 22:50 - 2012-03-20 09:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-04 14:30 - 2011-06-10 14:20 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-11-03 00:47 - 2014-09-26 10:58 - 00067408 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\kbfilter.sys
    2014-11-03 00:47 - 2014-09-26 10:58 - 00067408 _____ (Trend Micro Inc.) C:\kbfilter.sys
    2014-11-03 00:47 - 2014-09-26 10:58 - 00007799 _____ () C:\kbfilter.cat
    2014-11-03 00:47 - 2014-09-26 10:58 - 00000098 _____ () C:\install.bat
    2014-11-03 00:47 - 2014-09-26 10:58 - 00000081 _____ () C:\uninstall.bat

    Files to move or delete:
    ====================
    C:\ProgramData\1rOGra2.dat


    Some content of TEMP:
    ====================
    C:\Users\Toshiba\AppData\Local\Temp\Quarantine.exe
    C:\Users\Toshiba\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-17 00:23

    ==================== End Of Log ============================
     



    #11 nasdaq

    nasdaq

    • Malware Response Team
    • 39,497 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:04:32 AM

    Posted 25 November 2014 - 10:23 AM

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
     
    HKU\S-1-5-21-3285852076-1852164044-910172756-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKU\S-1-5-21-3285852076-1852164044-910172756-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR Extension: (Google Wallet) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-22]
    CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
    S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    U2 TMAgent; No ImagePath
     
    End
    
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log Fixlog.txt please post it to your reply.
    ===
     
    How is the computer running now?


    #12 Lcampbell

    Lcampbell
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:08:32 AM

    Posted 25 November 2014 - 06:35 PM

    Not everything took.(no programs were running except a command line and FRST and started programs definatly not a web browser). Windows update now says that everything is updated and a search no longer finds the windows defender update. Services no longer shows windows defender. Attempting to start it gives: The specified service does not exist as an installed service (Error code: 0x80070424). Frst log follows:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
    Ran by Toshiba at 2014-11-25 17:04:34 Run:1
    Running from E:\
    Loaded Profiles: Toshiba &  (Available profiles: Toshiba)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start

    HKU\S-1-5-21-3285852076-1852164044-910172756-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKU\S-1-5-21-3285852076-1852164044-910172756-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR Extension: (Google Wallet) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-22]
    CHR
    HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
    S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    U2 TMAgent; No ImagePath

    End

    *****************

    HKU\S-1-5-21-3285852076-1852164044-910172756-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    "HKU\S-1-5-21-3285852076-1852164044-910172756-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
    Firefox Keyword.URL deleted successfully.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
    CHR => Error: No automatic fix found for this entry.
    HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [] => Error: No automatic fix found for this entry.
    Amsp => Unable to stop service
    Amsp => Error deleting Service
    WinDefend => Service deleted successfully.
    catchme => Service deleted successfully.
    TMAgent => Service deleted successfully.

    ==== End of Fixlog ====
     



    #13 nasdaq

    nasdaq

    • Malware Response Team
    • 39,497 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:04:32 AM

    Posted 26 November 2014 - 08:39 AM

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Trend Micro Maximum Security (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}
    Trend micro is disabling Windows Defender. It's not recommended that both work simultaneously.
     
    ===
     
     
    Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
     
    What issues remains with this computer?
     
    ======


    #14 Lcampbell

    Lcampbell
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:08:32 AM

    Posted 26 November 2014 - 10:00 AM

    Ah but the last step disabled windows defender (by removing it from services). - A bit of background; I have worked with computers since college (about 40 years at the University of Nebraska) Currently in networking. This machine is not mine but belongs to a friend of mine. I ran the security check and it noted that java was out of data (way out of date I would say). I updated but it would not verify however I had not yet rebooted which may fix the problem. I am at work at this time and not around the laptop. I set the machine to defragment the disk after again removing it from the network again. I will let you know if I have an issue with Java (the old java was removed). Here is the results of the check (It looks like I should update firefox too but it appeared that she used chrome however I am not sure.)
    Results of screen317's Security Check version 0.99.90
    Windows 7 Service Pack 1 x64
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Trend Micro Maximum Security
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java™ 6 Update 31
    Java version out of Date!
    Adobe Flash Player 15.0.0.223
    Adobe Reader XI
    Mozilla Firefox 29.0.1 Firefox out of Date!
    Google Chrome (39.0.2171.65)
    Google Chrome (39.0.2171.71)
    Google Chrome (chrome.exe..)
    Google Chrome (master_preferences...)
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    Trend Micro AMSP coreServiceShell.exe
    Trend Micro UniClient UiFrmWrk uiWatchDog.exe
    Trend Micro AMSP coreFrameworkHost.exe
    Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
    Trend Micro Titanium plugin Pt\PtSessionAgent.exe
    Trend Micro Titanium plugin Pt\PtSvcHost.exe
    Trend Micro Titanium plugin Pt\PtWatchDog.exe
    Trend Micro TMIDS PwmSvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````


    #15 Lcampbell

    Lcampbell
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:08:32 AM

    Posted 26 November 2014 - 10:11 AM

    (as for defender yes I realize that it probably should not run with trend and will probably not be used as I doubt if trend will be removed without using something better so it is not a big issue other than I wanted to make sure that windows update is working.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users