Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Need help with WIN 8.1 x64 Programs and Features locked

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
Rob7937
Newbie


Joined: 20 Aug 2015
Last Visit: 21 Aug 2015
Posts: 4
Location: Out in the wilds

PostPosted: Thu Aug 20, 2015 5:48 am    Post subject: Need help with WIN 8.1 x64 Programs and Features locked Reply with quote

Please help me with this weird issue on my WIN 8.1 X64 Surface Pro 2. I can not open Programs and Features in WIN 8.1 x64. Fully updated. TrendMicro, SAntiSpyware, and MalwareBytes all come up clean. I am convinced oit is a malware/virus as I remember this from years ago with older MS software. HJT needed to be run as Admin as the first time it gave a "Hosts" issue warning. Any ideas greatly appreciated. This issue was noticed within the last 2 weeks. Thank you so much!

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:16:14 AM, on 20-Aug-15
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 40.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe
C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Users\Robert\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\Robert\AppData\Roaming\PolarisOfficeLink\POLink.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Robert\AppData\Roaming\PolarisOfficeLink\POLinkSync.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
I:\Program Files (x86)\Steam\Steam.exe
I:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\Robert\AppData\Roaming\PolarisOfficeLink\POLinkUpdater.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
I:\Program Files (x86)\Mozilla Firefox\firefox.exe
I:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
E:\Special Virus Blockers-MGeeks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Trend Micro Password Manager BHO - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O2 - BHO: Homepage Print 2BHO - {EFC91ACA-519F-428D-8472-81E158609D25} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
O3 - Toolbar: Homepage Print 2 - {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
O3 - Toolbar: Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Privatefirewall] I:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
O4 - HKCU\..\Run: [PrinterProDesktop] C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe /autorun
O4 - HKCU\..\Run: [{5F9E7405-B335-47cf-8F9A-74FD2576E4A9}] C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [Steam] "I:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BingSvc] C:\Users\Robert\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "I:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Polaris Office Sync] C:\Users\Robert\AppData\Roaming\PolarisOfficeLink\POLinkLauncher.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed (User 'Default user')
O4 - Startup: Controller Companion.lnk = I:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - I:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - I:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - I:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
O23 - Service: Trend Micro Password Manager Central Control Service (PwmSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - I:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15915 bytes
---------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Robert (administrator) on ROBERTPC (18-08-2015 16:54:44)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) I:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Robert\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-12-16] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2047216 2015-06-29] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => I:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-17] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-17] (Trend Micro Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-07] (CyberLink Corp.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [PrinterProDesktop] => C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe [2132992 2012-02-02] ()
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [{5F9E7405-B335-47cf-8F9A-74FD2576E4A9}] => C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe [935744 2013-10-10] (CORPUS CORPORATION)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [Steam] => I:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-13] (Valve Corporation)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [SUPERAntiSpyware] => I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-02] (SUPERAntiSpyware)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [BingSvc] => C:\Users\Robert\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] ( 2015 Microsoft Corporation)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [CCleaner Monitoring] => I:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [Polaris Office Sync] => C:\Users\Robert\AppData\Roaming\PolarisOfficeLink\POLinkLauncher.exe [805112 2015-08-13] (Infraware)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Controller Companion.lnk [2015-05-30]
ShortcutTarget: Controller Companion.lnk -> I:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe (Koga Tech Ltd)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-10-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-07-11]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 0POLinkIconDone] -> {4931EE43-90CB-4D46-A50F-474D7C5D97BE} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 1POLinkIconFailed] -> {828F1FF1-021C-4EC0-A4F8-B1BFF6390DD3} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 2POLinkIconIng] -> {8AE3CBEA-8E21-4883-BFD0-925F5513F190} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 3POLinkIconProhibited] -> {DED0F1AF-0505-4FB7-83AA-C2E51FA0721F} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/th-th/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> I:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg.dll [2015-06-25] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe64.dll [2015-07-03] (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-28] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg32.dll [2015-06-25] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe32.dll [2015-07-03] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-28] (Oracle Corporation)
BHO-x32: Homepage Print 2BHO -> {EFC91ACA-519F-428D-8472-81E158609D25} -> C:\Program Files (x86)\Homepage Print 2\IEBand.dll [2013-10-10] (CORPUS CORPORATION)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Homepage Print 2 - {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll [2013-10-10] (CORPUS CORPORATION)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe64.dll [2015-07-03] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe32.dll [2015-07-03] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg.dll [2015-06-25] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg32.dll [2015-06-25] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{3EE2EEA6-C378-42A8-B2B7-656020EB611D}: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ybn3i7gq.default-1437886874092
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF user.js: detected! => C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ybn3i7gq.default-1437886874092\user.js [2015-08-11]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\firefoxextension [2015-08-18]
FF HKLM-x32\...\Firefox\Extensions: [HomePagePrint2@corpus.co.jp] - C:\Program Files (x86)\Homepage Print 2\Firefox
FF Extension: Homepage Print 2 - C:\Program Files (x86)\Homepage Print 2\Firefox [2014-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2015-02-10]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-08-18]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-08-18]
FF HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
StartMenuInternet: FIREFOX.EXE - I:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-17]
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-17]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-17]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-17]
CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-17]
CHR Extension: (Google Sheets) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-17]
CHR Extension: (MSN Homepage) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-08-17]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-08-18]
CHR Extension: (Trend Micro Password Manager) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-17]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; I:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-31] (Intel Corporation)
S2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-17] (Trend Micro Inc.)
S2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-12-16] (Copyright 2013 SAMSUNG)
S2 ss_conn_service; I:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 AvastVBoxSvc; "I:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
S1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-17] (REALiX(tm))
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2015-01-30] (Trend Micro Inc.)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-13] (Intel Corporation)
S3 mwlu97w8; C:\Windows\system32\DRIVERS\mwlu97w8x64.sys [1602560 2014-05-28] (Marvell Semiconductors, Inc.)
S1 SASDIFSV; I:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; I:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [42048 2014-05-21] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [29752 2013-08-07] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [37992 2013-08-09] (Microsoft Corporation)
R3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [37944 2013-08-07] (Microsoft Corporation)
S1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [134280 2015-07-22] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [326896 2015-07-22] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [100320 2015-07-22] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
S1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [91536 2015-06-29] (Trend Micro Inc.)
S2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [116528 2015-06-26] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-18] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-07] (CyberLink Corp.)
U2 TMAgent; no ImagePath
S2 VBoxAswDrv; \??\I:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 16:54 - 2015-08-18 16:54 - 00027853 _____ C:\Users\Robert\Desktop\FRST.txt
2015-08-18 16:54 - 2015-08-18 16:54 - 00000000 ___DC C:\FRST
2015-08-18 16:53 - 2015-08-18 16:53 - 00001494 _____ C:\windows\PFRO.log
2015-08-18 16:51 - 2015-08-18 16:26 - 02173440 _____ (Farbar) C:\Users\Robert\Desktop\FRST64(1).exe
2015-08-18 16:29 - 2015-08-18 16:51 - 00000000 ____D C:\Users\Robert\Desktop\mbar
2015-08-18 16:29 - 2015-08-18 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-18 16:29 - 2015-08-18 16:29 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 16:29 - 2015-08-18 16:29 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-18 13:06 - 2015-08-18 13:06 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-18 11:44 - 2015-08-18 12:04 - 00000000 ____D C:\Users\Robert\AppData\Local\CrashDumps
2015-08-18 11:24 - 2015-08-18 11:34 - 00000000 ___DC C:\MGtools
2015-08-18 11:24 - 2015-08-18 06:07 - 01992576 ____C C:\MGtools.exe
2015-08-18 10:55 - 2015-08-18 10:55 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-18 10:53 - 2015-08-18 11:06 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-18 09:54 - 2015-08-18 10:20 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-18 09:54 - 2015-08-18 09:54 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-08-18 06:50 - 2015-08-18 06:50 - 00000000 __HDC C:\TMRescueDisk
2015-08-18 06:45 - 2015-08-18 06:45 - 00001472 _____ C:\Users\Robert\Desktop\Trend Micro Internet Security.lnk
2015-08-18 06:45 - 2015-08-18 06:45 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security
2015-08-18 06:45 - 2015-07-22 08:32 - 00100320 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmevtmgr.sys
2015-08-18 06:45 - 2015-07-22 08:28 - 00326896 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2015-08-18 06:45 - 2015-07-22 08:28 - 00134280 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmactmon.sys
2015-08-18 06:45 - 2015-06-29 09:38 - 00091536 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMUMH.sys
2015-08-18 06:45 - 2015-06-26 17:20 - 00116528 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmusa.sys
2015-08-18 06:45 - 2015-06-23 09:49 - 00039056 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmel.sys
2015-08-18 06:45 - 2015-06-11 15:54 - 00059712 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMEBC64.sys
2015-08-18 06:45 - 2015-06-08 12:54 - 00116576 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmeevw.sys
2015-08-18 06:45 - 2015-05-28 17:26 - 00416608 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmnciesc.sys
2015-08-18 06:29 - 2015-08-18 06:29 - 00000197 _____ C:\windows\system32\2015-08-17-23-29-44.034-AvastVBoxSVC.exe-4644.log
2015-08-18 05:35 - 2015-08-18 06:24 - 00000000 ____D C:\ProgramData\Emsisoft
2015-08-17 21:33 - 2015-08-17 21:33 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-08-17 20:52 - 2015-08-17 21:30 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Nico Mak Computing
2015-08-17 12:16 - 2015-08-17 14:14 - 00002400 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_Robert
2015-08-17 12:16 - 2015-08-17 14:14 - 00000298 _____ C:\windows\Tasks\Uninstaller_SkipUac_Robert.job
2015-08-17 12:16 - 2015-08-17 12:16 - 00000000 ____D C:\windows\Tasks\ImCleanDisabled
2015-08-17 12:16 - 2015-08-17 12:16 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-08-17 12:16 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\windows\system32\IObitSmartDefragExtension.dll
2015-08-17 12:16 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\windows\system32\SmartDefragBootTime.exe
2015-08-17 12:15 - 2015-08-17 12:15 - 00026528 _____ (REALiX(tm)) C:\windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-08-17 12:10 - 2015-08-18 03:48 - 00000000 ____D C:\Users\Robert\AppData\Roaming\ProductData
2015-08-17 12:10 - 2015-08-17 12:55 - 00000000 ____D C:\ProgramData\ProductData
2015-08-17 12:09 - 2015-08-18 13:54 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-17 12:09 - 2015-08-17 14:09 - 00000000 ____D C:\Users\Robert\AppData\Roaming\IObit
2015-08-17 12:09 - 2015-08-17 12:55 - 00000000 ____D C:\ProgramData\IObit
2015-08-17 11:50 - 2015-08-17 11:50 - 00000835 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-17 11:50 - 2015-08-17 11:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-17 06:54 - 2015-08-17 07:02 - 00000995 _____ C:\windows\system32\pcc.log
2015-08-17 06:51 - 2015-08-17 13:00 - 00227377 ____C C:\TMPatch.log
2015-08-17 06:45 - 2015-08-18 06:45 - 00000059 _____ C:\windows\system32\SupportTool.exe.bat
2015-08-17 06:45 - 2015-08-17 06:45 - 00000000 ____D C:\windows\SysWOW64\tmumh
2015-08-17 06:45 - 2015-08-17 06:45 - 00000000 ____D C:\windows\system32\tmumh
2015-08-16 23:35 - 2015-08-16 23:35 - 00000938 _____ C:\Users\Robert\Desktop\Revo Uninstaller.lnk
2015-08-16 23:26 - 2015-06-10 05:39 - 00081920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\BTHUSB.SYS
2015-08-16 23:26 - 2015-06-10 05:39 - 00053248 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthenum.sys
2015-08-16 23:26 - 2015-06-10 05:38 - 01201664 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-08-16 23:26 - 2015-05-01 08:13 - 06521800 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2015-08-16 23:26 - 2015-05-01 08:13 - 01488000 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-08-16 23:26 - 2015-05-01 08:13 - 00261376 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2015-08-16 07:37 - 2015-08-18 14:05 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3309137435-1401997441-3551121105-1001
2015-08-16 07:36 - 2015-08-16 07:36 - 00001573 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-16 07:36 - 2015-08-16 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-16 07:33 - 2015-08-16 07:33 - 00000000 ____D C:\Program Files\iPod
2015-08-16 07:33 - 2015-08-16 07:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-14 19:57 - 2015-08-14 19:57 - 00002792 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-08-14 17:42 - 2015-08-18 15:16 - 00004978 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ROBERTPC-Robert RobertPC
2015-08-14 14:11 - 2015-08-16 22:52 - 00000000 ____D C:\ProgramData\panda_url_filtering
2015-08-14 14:10 - 2015-08-17 06:28 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Panda Security
2015-08-14 13:55 - 2015-08-17 07:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-08-14 13:55 - 2015-08-14 13:55 - 00179723 _____ C:\ProgramData\1439535315.bdinstall.bin
2015-08-14 13:55 - 2015-08-14 13:55 - 00037449 _____ C:\ProgramData\1439535310.bdinstall.bin
2015-08-14 12:44 - 2015-08-14 12:44 - 00002330 _____ C:\Users\Robert\Desktop\Chrome App Launcher.lnk
2015-08-14 12:44 - 2015-08-14 12:44 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 09:23 - 2015-07-30 21:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 09:23 - 2015-07-30 20:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 11:24 - 2015-07-19 08:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 11:24 - 2015-07-19 01:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 11:24 - 2015-07-19 01:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 11:24 - 2015-07-19 01:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 11:24 - 2015-07-19 01:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 11:24 - 2015-07-19 01:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-08-12 11:24 - 2015-07-19 01:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 11:24 - 2015-07-19 01:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 11:24 - 2015-07-19 01:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 11:24 - 2015-07-19 01:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 11:24 - 2015-07-19 01:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 11:24 - 2015-07-19 01:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 11:23 - 2015-07-29 06:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 11:23 - 2015-07-28 21:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 11:23 - 2015-07-17 04:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-12 11:23 - 2015-07-17 03:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 11:23 - 2015-07-17 03:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 11:23 - 2015-07-17 03:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 11:23 - 2015-07-17 03:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 11:23 - 2015-07-17 03:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 11:23 - 2015-07-17 03:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 11:23 - 2015-07-17 03:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-12 11:23 - 2015-07-17 02:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-08-12 11:23 - 2015-07-17 02:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 11:23 - 2015-07-17 02:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 11:23 - 2015-07-17 02:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 11:23 - 2015-07-17 02:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-12 11:23 - 2015-07-17 02:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 11:23 - 2015-07-17 02:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 11:23 - 2015-07-17 02:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-08-12 11:23 - 2015-07-17 02:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 11:23 - 2015-07-17 02:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 11:23 - 2015-07-17 02:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 11:23 - 2015-07-17 02:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-08-12 11:23 - 2015-07-17 02:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-12 11:23 - 2015-07-17 02:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 11:23 - 2015-07-17 02:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 11:23 - 2015-07-17 02:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 11:23 - 2015-07-17 02:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 11:23 - 2015-07-17 02:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 11:23 - 2015-07-17 01:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-08-12 11:23 - 2015-07-17 01:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 11:23 - 2015-07-17 01:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 11:23 - 2015-07-17 01:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 11:23 - 2015-07-17 01:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 11:23 - 2015-07-16 07:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 11:23 - 2015-07-16 07:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 11:23 - 2015-07-16 07:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 11:23 - 2015-07-16 07:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 11:23 - 2015-07-11 00:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 11:23 - 2015-07-07 16:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-12 11:23 - 2015-07-07 16:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-08-12 11:23 - 2015-07-07 16:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-12 11:23 - 2015-07-02 05:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 11:23 - 2015-07-02 05:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 11:23 - 2015-07-02 04:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 11:23 - 2015-07-02 04:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 11:23 - 2015-06-13 00:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2015-08-12 11:23 - 2015-06-12 23:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 11:23 - 2015-06-10 01:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml
2015-08-12 11:22 - 2015-07-29 21:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 11:22 - 2015-07-29 21:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 11:22 - 2015-07-29 21:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 11:22 - 2015-07-25 01:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 11:22 - 2015-07-25 01:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 11:22 - 2015-07-25 01:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 11:22 - 2015-07-25 00:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 11:22 - 2015-07-25 00:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 11:22 - 2015-07-15 04:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-08-12 11:22 - 2015-07-15 04:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2015-08-12 11:22 - 2015-07-15 04:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2015-08-12 11:22 - 2015-07-14 10:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 11:22 - 2015-07-14 10:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 11:22 - 2015-07-14 02:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 11:22 - 2015-07-14 02:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 11:22 - 2015-07-11 01:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 11:22 - 2015-07-11 00:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 11:22 - 2015-07-11 00:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 11:22 - 2015-07-11 00:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 11:22 - 2015-07-10 23:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 11:22 - 2015-07-10 23:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 11:22 - 2015-07-10 00:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 11:22 - 2015-07-10 00:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 11:22 - 2015-07-09 23:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 11:22 - 2015-06-12 03:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-08-12 11:22 - 2015-06-12 03:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-08-11 12:34 - 2015-08-18 12:39 - 00000000 ____D C:\windows\pss
2015-08-11 11:15 - 2015-08-18 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-07 14:08 - 2015-08-07 14:12 - 00000000 ____D C:\Program Files (x86)\CaUtThePrice
2015-08-07 14:06 - 2015-08-11 08:28 - 00000000 ____D C:\ProgramData\{6eb38944-066f-5c6d-6eb3-389440662510}
2015-08-02 21:26 - 2015-08-02 21:26 - 00000000 ____D C:\ProgramData\Licenses
2015-08-02 21:25 - 2009-02-12 15:11 - 00026024 _____ (EldoS Corporation) C:\windows\system32\Drivers\rsdrvx64.sys
2015-08-02 18:48 - 2015-08-02 18:48 - 00000887 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2015-08-02 18:43 - 2015-08-02 18:43 - 00000783 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-08-02 18:40 - 2015-08-18 12:03 - 00000000 ____D C:\Users\Robert\AppData\Local\Samsung
2015-08-02 18:40 - 2015-08-02 18:40 - 00000000 ____D C:\Users\Robert\Documents\samsung
2015-08-02 18:40 - 2015-08-02 18:40 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-08-02 18:38 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\windows\SysWOW64\Redemption.dll
2015-08-02 18:38 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\windows\SysWOW64\secman.dll
2015-08-02 09:15 - 2015-08-02 09:15 - 00207255 _____ C:\ProgramData\1438480460.bdinstall.bin
2015-08-02 08:54 - 2015-08-16 23:07 - 00000000 ____D C:\Users\Robert\AppData\Roaming\QuickScan
2015-08-02 08:26 - 2015-08-02 08:26 - 00000197 _____ C:\windows\system32\2015-08-02-01-26-13.045-AvastVBoxSVC.exe-3136.log
2015-08-02 08:11 - 2015-08-02 08:11 - 00000197 _____ C:\windows\system32\2015-08-02-01-11-10.073-AvastVBoxSVC.exe-3480.log
2015-08-02 05:53 - 2015-08-02 05:53 - 00000197 _____ C:\windows\system32\2015-08-01-22-53-30.001-AvastVBoxSVC.exe-6172.log
2015-07-28 17:49 - 2015-07-28 17:49 - 00000197 _____ C:\windows\system32\2015-07-28-10-49-15.090-AvastVBoxSVC.exe-6372.log
2015-07-28 15:16 - 2015-08-18 16:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-28 15:11 - 2015-08-14 12:36 - 00000000 ____D C:\Users\Public\Foxit Software
2015-07-28 15:11 - 2015-07-28 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-07-24 22:02 - 2015-07-24 22:02 - 06609608 _____ (Piriform Ltd) C:\Users\Robert\Downloads\ccsetup508.exe
2015-07-22 11:18 - 2015-07-22 11:18 - 00000000 ____D C:\windows\SysWOW64\vbox
2015-07-22 11:18 - 2015-07-22 11:18 - 00000000 ____D C:\windows\system32\vbox
2015-07-22 10:59 - 2015-08-18 13:06 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-21 23:41 - 2015-07-21 23:41 - 00002259 _____ C:\windows\epplauncher.mif
2015-07-21 22:38 - 2015-08-17 13:00 - 13694111 ____C C:\SetACL.log
2015-07-21 22:38 - 2015-08-17 13:00 - 01039850 ____C C:\TiPerm.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 16:53 - 2013-08-22 21:45 - 00000006 ____H C:\windows\Tasks\SA
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Fri Aug 21, 2015 2:37 am    Post subject: Reply with quote

Duplicate post therefore closed.
http://spywarewarrior.com/viewtopic.php?t=35356
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group