WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possible malware slowing PC [Solved]

Started by kangaroo , Apr 12 2016 06:32 AM

malware slow PC

This topic is locked

32 replies to this topic

#1 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 12 April 2016 - 06:32 AM

After the excellent service from Ken545 in removing YT Downloader from my neighbour's laptop, she has now asked me to help with her Surface Pro (Win 8.1 64-bit). She had Trend Micro Maximum Security on it but the licence had expired and she didn't know hope to switch to the 6-device licence she had for the Laptop. I enabled her 6-device licence for TMMS and did both a quick and full scan; both showed no threats.

I then ran aswMBR and FRST64 (see logs below). aswMBR ran as expected but FRST64 did not open but eventually displayed an error dialog (see FRST64-error.png attached); I tried again to run as administrator and this time it worked saving logs but TMMS removed two files: FRST64.exe from the desktop which I restored and a second file (see FRST64 file removed.png for info from TMMS).

Logs:

aswMBR.txt

Run date: 2016-04-12 21:31:08

-----------------------------

21:31:08.734 OS Version: Windows x64 6.2.9200

21:31:08.734 Number of processors: 4 586 0x4501

21:31:08.734 ComputerName: STUREPC UserName: Valda

21:31:11.075 Initialize success

21:31:13.295 VM: initialized successfully

21:31:13.295 VM: Intel CPU supported

21:31:21.188 VM: supported disk I/O storport.sys

21:42:38.319 AVAST engine defs: 16033102

22:03:38.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000033

22:03:38.014 Disk 0 Vendor: SAMSUNG_MZMTE256HMHP-000MV EXT41M0Q Size: 244198MB BusType: 11

22:03:38.030 VM: Disk 0 MBR read successfully

22:03:38.030 Disk 0 MBR scan

22:03:38.045 Disk 0 unknown MBR code

22:03:38.061 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

22:03:38.061 Disk 0 scanning C:\windows\system32\drivers

22:03:38.077 Service scanning

22:03:59.719 Modules scanning

22:03:59.720 Disk 0 trace - called modules:

22:03:59.751 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys

22:03:59.751 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00012c285a0]

22:03:59.751 3 CLASSPNP.SYS[fffff801d0305f40] -> nt!IofCallDriver -> [0xffffe000122396d0]

22:03:59.767 5 ACPI.sys[fffff801cf603c21] -> nt!IofCallDriver -> [0xffffe00012239d20]

22:03:59.767 7 ACPI.sys[fffff801cf603c21] -> nt!IofCallDriver -> \Device\00000033[0xffffe0001223d190]

22:04:00.439 AVAST engine scan C:\windows

22:04:00.439 AVAST engine scan C:\windows\system32

22:04:00.439 AVAST engine scan C:\windows\system32\drivers

22:04:00.454 AVAST engine scan C:\Users\Valda

22:04:00.454 AVAST engine scan C:\ProgramData

22:04:00.454 Disk 0 statistics 205/0/5 @ 3.20 MB/s

22:04:00.454 Scan finished successfully

22:05:22.444 Disk 0 MBR has been saved successfully to "C:\Users\Valda\Desktop\MBR.dat"

22:05:22.444 The log file has been saved successfully to "C:\Users\Valda\Desktop\aswMBR.txt"

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01

Ran by Valda (administrator) on STUREPC (12-04-2016 22:12:29)

Running from C:\Users\Valda\Desktop

Loaded Profiles: Valda (Available Profiles: Valda)

Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

() C:\ProgramData\MobileBrServ\mbbService.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-17] (Trend Micro Inc.)

HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-17] (Trend Micro Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun

HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)

HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\MountPoints2: {77a2b8f6-56d4-11e5-8266-6002925e5880} - "D:\AutoRun.exe"

HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\MountPoints2: {77a2b910-56d4-11e5-8266-6002925e5880} - "D:\AutoRun.exe"

HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\MountPoints2: {ca427560-b423-11e5-8267-6002925e5880} - "D:\AutoRun.exe"

HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372424 2015-12-17] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

Startup: C:\Users\Valda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8620.lnk [2016-04-12]

ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8620.lnk -> C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1

Tcpip\..\Interfaces\{5BCEC38B-4DDA-4501-8A10-01BACBEE172A}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Tcpip\..\Interfaces\{F68A57C1-57AD-47B1-BABA-79B41429FB48}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130852025873370223&GUID=6350350D-9807-4948-ACDE-B0B6DE484FEC

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130852025873373367&GUID=6350350D-9807-4948-ACDE-B0B6DE484FEC

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&q={searchTerms}

HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ninemsn.com.au/set-homepage

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-3839685571-330548617-1467194599-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-3839685571-330548617-1467194599-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&ts=1436861162&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3839685571-330548617-1467194599-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&ts=1436861162&type=default&q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-11] (Microsoft Corporation)

BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)

BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)

BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File

BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-17] (Trend Micro Inc.)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-11] (Microsoft Corporation)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)

BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll => No File

BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)

Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-11] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-11] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-11] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-11] (Microsoft Corporation)

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-17] (Trend Micro Inc.)

Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)

Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)

Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)

Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-11] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)

FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension

FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2016-04-12]

FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension

FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-13]

FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension

FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-04-12]

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.com.au/","hxxp://search.gboxapp.com/?aff=p"

CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?partner=acer&src=omnibox&q={searchTerms}

CHR DefaultSearchKeyword: Default -> homepage-web.com

CHR DefaultSuggestURL: Default -> hxxps://secure-suggest.homepage-web.com/suggest?format=json&locale={language}&q={searchTerms}

CHR Profile: C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-11]

CHR Extension: (Google Docs) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-11]

CHR Extension: (Google Drive) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-11]

CHR Extension: (YouTube) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-11]

CHR Extension: (Google Sheets) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-11]

CHR Extension: (Google Docs Offline) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-12]

CHR Extension: (Google Keep - notes and lists) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-12]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]

CHR Extension: (Trend Micro Toolbar) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-04-11]

CHR Extension: (Gmail) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-11]

CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-03-24] (Microsoft Corporation)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28736 2016-03-16] (Hewlett-Packard Company)

R2 Optus 4G Modem HL; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()

S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202272 2016-03-23] (Microsoft Corporation) [File not signed]

R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-17] (Trend Micro Inc.)

R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [1567288 2016-03-19] (Trend Micro Inc.)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-19] (ASIX Electronics Corp.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2014-07-17] (Intel Corporation)

R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2014-07-17] (Intel Corporation)

R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-07-17] (Intel Corporation)

R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1016328 2015-11-23] (Marvell Semiconductors Inc.)

R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-07-17] (Microsoft Corporation)

R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)

R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-07-17] (Microsoft Corporation)

R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)

R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)

R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation)

S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-07-17] (Microsoft Corporation)

S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-07-17] (Microsoft Corporation)

R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)

R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)

R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)

R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)

S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)

R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)

R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)

R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [91536 2015-06-29] (Trend Micro Inc.)

R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [116528 2015-06-26] (Trend Micro Inc.)

R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()

R1 wafd_vw_1_10_0_20; C:\Windows\System32\drivers\wafd_vw_1_10_0_20.sys [57728 2015-07-07] (WA)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [420360 2015-11-23] (Microsoft Corporation)

S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]

S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]

S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]

S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]

S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]

U3 aswMBR; \??\C:\Users\Valda\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\Valda\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 22:12 - 2016-04-12 22:12 - 00023840 _____ C:\Users\Valda\Desktop\FRST.txt

2016-04-12 22:11 - 2016-04-12 22:12 - 00000000 ____D C:\FRST

2016-04-12 22:05 - 2016-04-12 22:05 - 00002083 _____ C:\Users\Valda\Desktop\aswMBR.txt

2016-04-12 22:05 - 2016-04-12 22:05 - 00000512 _____ C:\Users\Valda\Desktop\MBR.dat

2016-04-12 21:29 - 2016-04-12 21:29 - 02375168 _____ (Farbar) C:\Users\Valda\Desktop\FRST64.exe

2016-04-12 20:55 - 2016-04-12 20:57 - 05198336 _____ (AVAST Software) C:\Users\Valda\Desktop\aswMBR.exe

2016-04-12 20:19 - 2016-04-12 20:19 - 00027680 _____ C:\Users\Valda\Desktop\Trend Micro Maximum Security.pdf

2016-04-12 20:19 - 2016-04-12 20:19 - 00000000 ____D C:\Users\Valda\AppData\Local\CutePDF Writer

2016-04-12 19:47 - 2016-04-12 20:48 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Skype

2016-04-12 19:47 - 2016-04-12 19:47 - 00000000 ____D C:\Users\Valda\AppData\Local\Skype

2016-04-12 19:46 - 2016-04-12 19:46 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk

2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\ProgramData\Skype

2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-04-12 19:45 - 2015-01-06 13:01 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys

2016-04-12 19:45 - 2015-01-06 12:59 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys

2016-04-12 19:45 - 2015-01-06 11:12 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\rascfg.dll

2016-04-12 19:45 - 2015-01-06 11:02 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\rascfg.dll

2016-04-12 19:45 - 2014-11-16 05:05 - 00801584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll

2016-04-12 19:45 - 2014-11-15 16:29 - 00962216 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll

2016-04-12 19:45 - 2014-11-14 16:57 - 01027584 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll

2016-04-12 19:45 - 2014-11-14 15:03 - 00885760 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll

2016-04-12 19:45 - 2014-11-10 12:57 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys

2016-04-12 19:45 - 2014-11-10 11:20 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vpnike.dll

2016-04-12 19:45 - 2014-11-10 11:08 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\rasapi32.dll

2016-04-12 19:45 - 2014-11-10 10:57 - 00624640 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasapi32.dll

2016-04-12 19:45 - 2014-11-08 14:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndistapi.sys

2016-04-12 19:45 - 2014-11-08 13:58 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys

2016-04-12 19:45 - 2014-11-08 13:56 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\kmddsp.tsp

2016-04-12 19:45 - 2014-11-08 13:56 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\rasmxs.dll

2016-04-12 19:45 - 2014-11-08 13:56 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\rasser.dll

2016-04-12 19:45 - 2014-11-08 13:24 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\rasdiag.dll

2016-04-12 19:45 - 2014-11-08 13:13 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kmddsp.tsp

2016-04-12 19:45 - 2014-11-08 13:13 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasmxs.dll

2016-04-12 19:45 - 2014-11-08 13:13 - 00022528 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasser.dll

2016-04-12 19:45 - 2014-11-08 12:48 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasdiag.dll

2016-04-12 19:45 - 2014-11-08 12:38 - 00166912 _____ (Microsoft Corporation) C:\windows\system32\AppxAllUserStore.dll

2016-04-12 19:45 - 2014-11-08 12:17 - 00143360 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxAllUserStore.dll

2016-04-12 19:45 - 2014-11-08 12:03 - 00733696 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll

2016-04-12 19:45 - 2014-11-08 11:58 - 04837376 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll

2016-04-12 19:45 - 2014-11-08 11:49 - 01154048 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe

2016-04-12 19:45 - 2014-11-07 13:58 - 00952896 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll

2016-04-12 19:45 - 2014-11-07 13:20 - 00786120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll

2016-04-12 19:45 - 2014-11-05 12:12 - 00211968 _____ (Microsoft Corporation) C:\windows\system32\QSHVHOST.DLL

2016-04-12 19:45 - 2014-11-05 12:12 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\QSVRMGMT.DLL

2016-04-12 19:45 - 2014-11-05 12:06 - 00514048 _____ (Microsoft Corporation) C:\windows\system32\DevicePairing.dll

2016-04-12 19:45 - 2014-11-05 11:44 - 00657920 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll

2016-04-12 19:45 - 2014-11-05 11:43 - 00252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll

2016-04-12 19:45 - 2014-11-05 11:39 - 00155648 _____ (Microsoft Corporation) C:\windows\SysWOW64\QSHVHOST.DLL

2016-04-12 19:45 - 2014-11-05 11:39 - 00094208 _____ (Microsoft Corporation) C:\windows\SysWOW64\QSVRMGMT.DLL

2016-04-12 19:45 - 2014-11-05 11:33 - 00465408 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll

2016-04-12 19:45 - 2014-11-05 11:21 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll

2016-04-12 19:45 - 2014-11-05 11:20 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll

2016-04-12 19:45 - 2014-11-05 11:14 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll

2016-04-12 19:45 - 2014-11-05 11:06 - 00555520 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll

2016-04-12 19:45 - 2014-11-05 05:33 - 00058176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys

2016-04-12 19:45 - 2014-11-04 16:27 - 00128512 _____ (Microsoft Corporation) C:\windows\splwow64.exe

2016-04-12 19:45 - 2014-11-04 15:01 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe

2016-04-12 19:45 - 2014-10-29 13:05 - 00551232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys

2016-04-12 19:45 - 2014-10-29 11:55 - 00242176 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll

2016-04-12 19:45 - 2014-10-29 11:13 - 00169984 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll

2016-04-12 19:45 - 2014-10-21 11:59 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\eventcls.dll

2016-04-12 19:45 - 2014-10-21 11:19 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\eventcls.dll

2016-04-12 19:45 - 2014-10-21 10:50 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll

2016-04-12 19:45 - 2014-10-21 10:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll

2016-04-12 19:45 - 2014-10-21 10:31 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll

2016-04-12 19:45 - 2014-10-21 10:30 - 01454080 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe

2016-04-12 19:45 - 2014-10-21 10:20 - 01142272 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll

2016-04-12 19:45 - 2014-10-17 14:56 - 00039744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys

2016-04-12 19:45 - 2014-10-17 13:35 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys

2016-04-12 19:44 - 2016-02-01 05:17 - 00118624 _____ (Microsoft Corporation) C:\windows\system32\consent.exe

2016-04-12 19:44 - 2016-02-01 04:07 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll

2016-04-12 19:44 - 2016-02-01 03:42 - 03320832 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2016-04-12 19:44 - 2016-02-01 03:14 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll

2016-04-12 19:44 - 2016-02-01 02:24 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll

2016-04-12 19:44 - 2016-02-01 02:20 - 02464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll

2016-04-12 19:44 - 2015-12-17 03:11 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll

2016-04-12 19:44 - 2015-12-17 02:51 - 00868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll

2016-04-12 19:44 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll

2016-04-12 19:44 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZST.DLL

2016-04-12 19:44 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL

2016-04-12 19:44 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL

2016-04-12 19:44 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll

2016-04-12 19:44 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZST.DLL

2016-04-12 19:44 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL

2016-04-12 19:44 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL

2016-04-12 19:44 - 2015-10-23 02:21 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll

2016-04-12 19:44 - 2015-10-23 01:58 - 00200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll

2016-04-12 19:44 - 2015-10-23 00:08 - 00513456 _____ C:\windows\SysWOW64\locale.nls

2016-04-12 19:44 - 2015-10-23 00:08 - 00513456 _____ C:\windows\system32\locale.nls

2016-04-12 19:44 - 2015-06-10 08:39 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BTHUSB.SYS

2016-04-12 19:44 - 2015-06-10 08:39 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthenum.sys

2016-04-12 19:44 - 2015-06-10 08:38 - 01201664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys

2016-04-12 19:44 - 2015-05-01 11:13 - 06521800 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe

2016-04-12 19:44 - 2015-05-01 11:13 - 01488000 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll

2016-04-12 19:44 - 2015-05-01 11:13 - 00261376 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll

2016-04-12 19:44 - 2014-11-18 06:17 - 00672984 _____ (Microsoft Corporation) C:\windows\system32\MDMAgent.exe

2016-04-12 19:44 - 2014-11-18 06:17 - 00273240 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe

2016-04-12 19:44 - 2014-11-14 16:54 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\SystemSettings.Handlers.dll

2016-04-12 19:44 - 2014-11-14 16:46 - 02171904 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll

2016-04-12 13:53 - 2016-04-12 13:53 - 00000000 ____D C:\Users\Valda\AppData\Local\GWX

2016-04-11 17:00 - 2016-04-11 17:00 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

2016-04-11 16:59 - 2016-04-11 16:59 - 00002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-04-11 16:59 - 2016-04-11 16:59 - 00002242 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-04-11 16:58 - 2016-04-12 22:03 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-04-11 16:58 - 2016-04-12 19:48 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-04-11 16:25 - 2016-04-11 16:25 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk

2016-04-11 16:25 - 2016-04-11 16:25 - 00002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk

2016-04-11 16:25 - 2016-04-11 16:25 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk

2016-04-11 16:25 - 2016-04-11 16:25 - 00002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk

2016-04-11 16:25 - 2016-04-11 16:25 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk

2016-04-11 16:25 - 2016-04-11 16:25 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk

2016-04-11 16:25 - 2016-04-11 16:25 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk

2016-04-11 16:25 - 2016-04-11 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools

2016-04-11 16:25 - 2016-04-11 16:25 - 00000000 ____D C:\Program Files\Microsoft Office 15

2016-04-11 13:14 - 2016-04-11 13:14 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Hewlett-Packard

2016-04-11 12:15 - 2016-04-11 12:15 - 00002210 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk

2016-04-11 12:15 - 2016-04-11 12:15 - 00000000 ____D C:\System.sav

2016-04-11 12:15 - 2016-04-11 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2016-04-11 12:14 - 2016-04-12 15:24 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2016-04-11 12:14 - 2016-04-11 12:15 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information

2016-04-11 12:14 - 2016-04-11 12:14 - 00000000 ____D C:\Users\Valda\AppData\Roaming\hpqLog

2016-04-11 12:09 - 2016-04-11 12:10 - 00000000 ____D C:\Users\Valda\AppData\Local\HP

2016-04-11 12:09 - 2016-04-11 12:09 - 00003610 _____ C:\windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8620

2016-04-11 12:09 - 2016-04-11 12:09 - 00002227 _____ C:\Users\Public\Desktop\HP Officejet Pro 8620.lnk

2016-04-11 12:09 - 2016-04-11 12:09 - 00001179 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8620.lnk

2016-04-11 12:09 - 2016-04-11 12:09 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk

2016-04-11 12:09 - 2016-04-11 12:09 - 00000057 _____ C:\ProgramData\Ament.ini

2016-04-11 12:09 - 2016-04-11 12:09 - 00000000 ____D C:\Users\Valda\AppData\Roaming\HpUpdate

2016-04-11 12:09 - 2016-04-11 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2016-04-11 12:09 - 2016-04-11 12:09 - 00000000 ____D C:\Program Files\HP

2016-04-11 12:09 - 2016-04-11 12:09 - 00000000 ____D C:\Program Files (x86)\HP

2016-04-11 12:09 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPM7012.dll

2016-04-11 11:57 - 2016-04-12 15:24 - 00000000 ____D C:\windows\System32\Tasks\Hewlett-Packard

2016-04-11 11:57 - 2016-04-11 12:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

2016-04-11 11:57 - 2016-04-11 12:00 - 00000000 ____D C:\Users\Valda\Downloads\HP Downloads

2016-04-11 11:57 - 2016-04-11 11:57 - 00000000 ____D C:\Users\Valda\AppData\Local\Hewlett-Packard

2016-04-11 11:49 - 2016-04-11 12:09 - 00000000 ____D C:\ProgramData\HP

2016-03-23 03:22 - 2016-03-23 03:22 - 00635040 _____ (Microsoft Corporation) C:\windows\system32\msvcp140.dll

2016-03-23 03:22 - 2016-03-23 03:22 - 00390320 _____ (Microsoft Corporation) C:\windows\system32\vccorlib140.dll

2016-03-23 03:22 - 2016-03-23 03:22 - 00332968 _____ (Microsoft Corporation) C:\windows\system32\concrt140.dll

2016-03-23 03:22 - 2016-03-23 03:22 - 00088752 _____ (Microsoft Corporation) C:\windows\system32\vcruntime140.dll

2016-03-23 02:28 - 2016-03-23 02:28 - 00439608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp140.dll

2016-03-23 02:28 - 2016-03-23 02:28 - 00266928 _____ (Microsoft Corporation) C:\windows\SysWOW64\vccorlib140.dll

2016-03-23 02:28 - 2016-03-23 02:28 - 00243520 _____ (Microsoft Corporation) C:\windows\SysWOW64\concrt140.dll

2016-03-23 02:28 - 2016-03-23 02:28 - 00085328 _____ (Microsoft Corporation) C:\windows\SysWOW64\vcruntime140.dll

2016-03-14 12:48 - 2016-03-14 12:48 - 00000000 ____D C:\Users\Valda\AppData\Roaming\casualArts

2016-03-14 12:48 - 2016-03-14 12:48 - 00000000 ____D C:\ProgramData\casualArts

2016-03-13 12:43 - 2016-03-13 12:43 - 00000000 ____D C:\Users\Valda\AppData\Local\JollyBear

2016-03-13 12:43 - 2016-03-13 12:43 - 00000000 ____D C:\ProgramData\JollyBear

2016-03-13 12:34 - 2016-03-13 12:34 - 00000000 ____D C:\ProgramData\GameHouse

2016-03-13 12:21 - 2016-04-11 14:26 - 00000000 ____D C:\Users\Valda\AppData\Local\Trend Micro

2016-03-13 12:05 - 2016-03-13 12:05 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Boomzap

2016-03-13 12:00 - 2016-03-13 12:00 - 00002157 _____ C:\Users\Public\Desktop\Play Big City Adventure - Sydney Australia.lnk

2016-03-13 12:00 - 2016-03-13 12:00 - 00002123 _____ C:\Users\Public\Desktop\Play Vacation Adventures - Park Ranger 2.lnk

2016-03-13 12:00 - 2016-03-13 12:00 - 00001304 _____ C:\Users\Public\Desktop\More Great Games.lnk

2016-03-13 12:00 - 2016-03-13 12:00 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vacation Adventures - Park Ranger 2

2016-03-13 12:00 - 2016-03-13 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vacation Adventures - Park Ranger 2

2016-03-13 12:00 - 2016-03-13 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Big City Adventure - Sydney Australia

2016-03-13 12:00 - 2016-03-13 12:00 - 00000000 ____D C:\Program Files (x86)\Vacation Adventures - Park Ranger 2

2016-03-13 12:00 - 2016-03-13 12:00 - 00000000 ____D C:\Program Files (x86)\Big City Adventure - Sydney Australia

2016-03-13 11:24 - 2016-03-13 11:24 - 00002172 _____ C:\Users\Public\Desktop\Play Antique Road Trip - American Dreamin.lnk

2016-03-13 11:22 - 2016-03-13 11:24 - 00000000 ____D C:\Program Files (x86)\Antique Road Trip - American Dreamin

2016-03-13 11:22 - 2016-03-13 11:22 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antique Road Trip - American Dreamin

2016-03-13 11:22 - 2016-03-13 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antique Road Trip - American Dreamin

2016-03-13 11:14 - 2016-01-22 18:01 - 22365992 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2016-03-13 11:14 - 2016-01-22 17:11 - 19794896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

2016-03-13 11:14 - 2016-01-22 15:25 - 14467072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll

2016-03-13 11:14 - 2016-01-22 15:14 - 12879360 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll

2016-03-13 11:13 - 2016-02-21 01:45 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll

2016-03-13 11:13 - 2016-02-21 01:45 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2016-03-13 11:13 - 2016-02-21 01:45 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll

2016-03-13 11:13 - 2016-02-21 01:45 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2016-03-13 11:13 - 2016-02-21 01:45 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll

2016-03-13 11:13 - 2016-02-21 01:45 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll

2016-03-13 11:13 - 2016-02-07 02:58 - 00987648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2016-03-13 11:13 - 2016-02-07 02:32 - 00801792 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2016-03-13 11:13 - 2016-02-06 05:06 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe

2016-03-13 11:13 - 2016-01-09 11:49 - 00218448 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll

2016-03-13 11:13 - 2016-01-09 11:49 - 00192120 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll

2016-03-13 11:13 - 2015-12-21 00:57 - 00839168 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll

2016-03-13 11:13 - 2015-12-21 00:43 - 00696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll

2016-03-13 11:13 - 2015-07-23 00:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll

2016-03-13 11:13 - 2015-07-22 23:52 - 01633792 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll

2016-03-13 11:13 - 2015-07-18 00:15 - 00951296 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll

2016-03-13 11:13 - 2015-07-18 00:10 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll

2016-03-13 11:13 - 2015-07-17 04:58 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\NcdAutoSetup.dll

2016-03-13 11:12 - 2015-12-31 06:49 - 00470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys

2016-03-13 11:11 - 2016-01-07 09:46 - 00148752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll

2016-03-13 11:11 - 2016-01-07 09:45 - 00177712 _____ (Microsoft Corporation) C:\windows\system32\wscapi.dll

2016-03-13 11:11 - 2016-01-07 02:47 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll

2016-03-13 11:11 - 2015-12-21 00:56 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\msra.exe

2016-03-13 11:11 - 2015-11-20 00:33 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll

2016-03-13 11:11 - 2015-11-20 00:26 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll

2016-03-13 11:11 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll

2016-03-13 11:11 - 2014-11-05 11:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll

2016-03-13 11:11 - 2014-11-05 11:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll

2016-03-13 11:09 - 2016-01-25 04:19 - 00419160 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys

2016-03-13 11:09 - 2016-01-25 04:19 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys

2016-03-13 11:09 - 2016-01-25 04:19 - 00331608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys

2016-03-13 11:09 - 2016-01-24 21:57 - 01335296 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll

2016-03-13 11:09 - 2016-01-24 21:45 - 01063424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll

2016-03-13 11:09 - 2016-01-16 02:56 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll

2016-03-13 11:09 - 2016-01-16 02:45 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll

2016-03-13 11:09 - 2016-01-11 05:37 - 00442720 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2016-03-13 11:09 - 2016-01-11 04:39 - 00332640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2016-03-13 11:09 - 2016-01-11 04:15 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys

2016-03-13 11:09 - 2016-01-11 04:15 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys

2016-03-13 11:09 - 2016-01-11 03:43 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll

2016-03-13 11:09 - 2016-01-11 03:09 - 01442304 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2016-03-13 11:09 - 2016-01-11 03:09 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll

2016-03-13 11:09 - 2016-01-11 02:56 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll

2016-03-13 11:09 - 2016-01-11 02:41 - 01707008 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll

2016-03-13 11:09 - 2016-01-11 02:31 - 01344512 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll

2016-03-13 11:09 - 2016-01-09 11:38 - 00091992 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys

2016-03-13 11:09 - 2016-01-07 04:25 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys

2016-03-13 11:09 - 2016-01-06 01:00 - 00570880 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe

2016-03-13 11:09 - 2015-12-31 07:53 - 02017624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys

2016-03-13 11:09 - 2015-10-11 16:34 - 00468824 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS

2016-03-13 11:09 - 2015-10-11 16:34 - 00462168 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys

2016-03-13 11:09 - 2015-10-11 16:34 - 00443224 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys

2016-03-13 11:09 - 2015-10-11 16:34 - 00027992 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys

2016-03-13 11:09 - 2015-10-11 04:41 - 00037376 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys

2016-03-13 11:09 - 2015-10-11 04:41 - 00030208 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys

2016-03-13 11:09 - 2015-10-09 02:11 - 00060928 _____ (Microsoft Corporation) C:\windows\system32\PCPKsp.dll

2016-03-13 11:09 - 2015-10-09 01:50 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\PCPKsp.dll

2016-03-13 11:09 - 2015-10-04 05:41 - 01385280 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll

2016-03-13 11:09 - 2015-10-04 05:41 - 01124384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll

2016-03-13 11:09 - 2015-07-11 05:06 - 00118272 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys

2016-03-13 11:09 - 2015-07-10 02:14 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll

2016-03-13 11:07 - 2016-03-13 11:07 - 00002139 _____ C:\Users\Public\Desktop\Play Delicious - Emilys Honeymoon Cruise.lnk

2016-03-13 11:07 - 2016-03-13 11:07 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Honeymoon Cruise

2016-03-13 11:07 - 2016-03-13 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Honeymoon Cruise

2016-03-13 11:07 - 2016-03-13 11:07 - 00000000 ____D C:\Program Files (x86)\Delicious - Emilys Honeymoon Cruise

2016-03-13 11:07 - 2015-09-05 05:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys

2016-03-13 11:01 - 2015-10-06 04:28 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\wininit.exe

2016-03-13 11:01 - 2015-09-29 22:24 - 00155480 ____C (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys

2016-03-13 11:01 - 2015-09-03 12:18 - 02531400 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll

2016-03-13 11:01 - 2015-09-03 12:17 - 01903848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll

2016-03-13 11:01 - 2015-09-03 04:48 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2016-03-13 11:01 - 2015-09-03 03:09 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2016-03-13 11:01 - 2015-08-29 08:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe

2016-03-13 11:01 - 2015-08-07 02:47 - 04710400 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll

2016-03-13 11:01 - 2015-08-07 02:18 - 04068352 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll

2016-03-13 11:01 - 2015-06-20 03:07 - 02819072 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll

2016-03-13 11:00 - 2015-08-07 03:05 - 00669184 _____ (Microsoft Corporation) C:\windows\system32\hhctrl.ocx

2016-03-13 11:00 - 2015-08-07 02:37 - 00536576 _____ (Microsoft Corporation) C:\windows\SysWOW64\hhctrl.ocx

2016-03-13 10:58 - 2016-04-11 12:44 - 00000010 _____ C:\Users\Valda\AppData\Local\sponge.last.runtime.cache

2016-03-13 10:50 - 2016-03-13 10:50 - 00002113 _____ C:\Users\Public\Desktop\Play Found - A Hidden Object Adventure.lnk

2016-03-13 10:50 - 2016-03-13 10:50 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Found - A Hidden Object Adventure

2016-03-13 10:50 - 2016-03-13 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Found - A Hidden Object Adventure

2016-03-13 10:50 - 2016-03-13 10:50 - 00000000 ____D C:\Program Files (x86)\Found - A Hidden Object Adventure

2016-03-13 10:50 - 2010-06-02 03:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll

2016-03-13 10:50 - 2010-06-02 03:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll

2016-03-13 10:50 - 2010-06-02 03:55 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll

2016-03-13 10:50 - 2010-06-02 03:55 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll

2016-03-13 10:50 - 2010-06-02 03:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll

2016-03-13 10:50 - 2010-06-02 03:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll

2016-03-13 10:50 - 2010-05-26 10:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll

2016-03-13 10:27 - 2016-04-11 12:01 - 00000000 ____D C:\windows\System32\Tasks\Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 22:08 - 2015-02-13 17:54 - 00000000 ____D C:\Users\Valda\AppData\Roaming\ClassicShell

2016-04-12 22:03 - 2016-03-12 11:29 - 00000000 ____D C:\Users\Valda\AppData\Local\DP_Tower

2016-04-12 20:17 - 2013-08-22 23:25 - 00262144 ___SH C:\windows\system32\config\ELAM

2016-04-12 20:06 - 2015-02-13 17:52 - 00003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{467A6866-877C-418F-8D21-8C57A22B92D5}

2016-04-12 19:58 - 2015-02-13 17:46 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3839685571-330548617-1467194599-1001

2016-04-12 19:52 - 2015-02-13 17:32 - 00818732 _____ C:\windows\system32\PerfStringBackup.INI

2016-04-12 19:52 - 2013-08-22 23:36 - 00000000 ____D C:\windows\Inf

2016-04-12 19:48 - 2015-02-13 17:45 - 00000000 ___RD C:\Users\Valda\OneDrive

2016-04-12 19:48 - 2013-08-23 00:45 - 00000006 ____H C:\windows\Tasks\SA.DAT

2016-04-12 19:47 - 2013-08-23 01:36 - 00000000 ____D C:\windows\SysWOW64\setup

2016-04-12 19:47 - 2013-08-23 01:36 - 00000000 ____D C:\windows\system32\setup

2016-04-12 19:47 - 2013-08-23 01:20 - 00000000 ____D C:\windows\CbsTemp

2016-04-12 19:47 - 2013-08-22 23:25 - 00262144 ___SH C:\windows\system32\config\BBI

2016-04-12 19:46 - 2013-08-23 01:36 - 00000000 ____D C:\windows\system32\en-GB

2016-04-12 13:53 - 2013-08-23 01:36 - 00000000 ____D C:\windows\AppReadiness

2016-04-12 05:22 - 2015-08-28 11:32 - 00000000 ___SD C:\windows\SysWOW64\GWX

2016-04-12 05:22 - 2015-08-28 11:32 - 00000000 ___SD C:\windows\system32\GWX

2016-04-12 03:08 - 2014-08-14 16:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2016-04-11 16:59 - 2015-07-15 01:39 - 00000000 ____D C:\Users\Valda\AppData\Local\Google

2016-04-11 16:59 - 2015-07-15 01:39 - 00000000 ____D C:\Program Files (x86)\Google

2016-04-11 16:58 - 2015-07-15 01:39 - 00003884 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-04-11 16:58 - 2015-07-15 01:39 - 00003648 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-04-11 16:31 - 2013-08-23 01:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-04-11 14:58 - 2015-09-09 19:57 - 117643304 _____ (MYOB Technology Pty. Ltd.) C:\Users\Valda\Downloads\MYOB_AccountRight_2015.3.exe

2016-04-11 14:58 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-04-11 14:50 - 2016-03-12 11:29 - 00000000 ____D C:\ProgramData\TMDP_Log

2016-04-11 14:50 - 2013-08-22 23:25 - 00000304 _____ C:\windows\win.ini

2016-04-11 14:26 - 2016-03-12 11:29 - 00000000 ____D C:\ProgramData\Trend Micro

2016-04-11 14:25 - 2013-08-23 00:44 - 00487240 _____ C:\windows\system32\FNTCACHE.DAT

2016-04-11 12:14 - 2015-02-13 17:41 - 00000000 ____D C:\Users\Valda\AppData\Local\Packages

2016-04-11 12:13 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-04-11 11:50 - 2013-08-23 01:36 - 00000000 ____D C:\windows\system32\NDF

2016-03-14 13:05 - 2015-06-27 20:02 - 00000000 ____D C:\ProgramData\TEMP

2016-03-14 04:45 - 2013-08-23 01:36 - 00000000 ____D C:\windows\rescache

2016-03-13 19:20 - 2013-08-23 01:36 - 00000000 ____D C:\windows\LiveKernelReports

2016-03-13 12:34 - 2013-08-22 21:22 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll

2016-03-13 12:34 - 2013-08-22 21:22 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\dpnsvr.exe

2016-03-13 12:34 - 2013-08-22 21:17 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\dpnathlp.dll

2016-03-13 12:34 - 2013-08-22 21:17 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhupnp.dll

2016-03-13 12:34 - 2013-08-22 21:17 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhpast.dll

2016-03-13 12:34 - 2013-08-22 13:56 - 00377856 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnet.dll

2016-03-13 12:34 - 2013-08-22 13:56 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnsvr.exe

2016-03-13 12:34 - 2013-08-22 13:51 - 00059904 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnathlp.dll

2016-03-13 12:34 - 2013-08-22 13:51 - 00009216 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhupnp.dll

2016-03-13 12:34 - 2013-08-22 13:51 - 00009216 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhpast.dll

2016-03-13 12:12 - 2015-02-13 19:17 - 00000000 ___SD C:\windows\system32\CompatTel

2016-03-13 12:12 - 2015-02-13 19:17 - 00000000 ____D C:\windows\system32\appraiser

2016-03-13 12:12 - 2013-08-23 01:36 - 00000000 ___RD C:\windows\ToastData

2016-03-13 12:12 - 2013-08-23 01:36 - 00000000 ____D C:\windows\SysWOW64\en-GB

2016-03-13 12:05 - 2015-06-27 19:59 - 00000000 ____D C:\Users\Valda\AppData\Local\Big Fish

2016-03-13 12:00 - 2015-06-27 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2016-03-13 11:14 - 2015-02-13 18:55 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2016-03-13 11:14 - 2015-02-13 18:55 - 00000000 ____D C:\windows\system32\MRT

2016-03-13 10:50 - 2015-06-27 20:02 - 00000000 ____D C:\ProgramData\Big Fish

2016-03-13 10:32 - 2015-06-27 19:59 - 00000000 ____D C:\BigFishCache

==================== Files in the root of some directories =======

2015-03-17 14:51 - 2015-03-17 14:51 - 0038469 _____ () C:\Users\Valda\AppData\Roaming\Comma Separated Values.ADR

2016-03-12 11:28 - 2016-03-12 11:28 - 0000036 _____ () C:\Users\Valda\AppData\Local\housecall.guid.cache

2016-03-13 10:58 - 2016-04-11 12:44 - 0000010 _____ () C:\Users\Valda\AppData\Local\sponge.last.runtime.cache

2016-04-11 12:09 - 2016-04-11 12:09 - 0000057 _____ () C:\ProgramData\Ament.ini

2014-08-14 16:18 - 2014-08-14 16:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

C:\Users\Valda\AppData\Local\Temp\converter.exe

C:\Users\Valda\AppData\Local\Temp\DRHelper_installFinish.exe

C:\Users\Valda\AppData\Local\Temp\DRHelper_installStart.exe

C:\Users\Valda\AppData\Local\Temp\DRHelper_uninstallComplete.exe

C:\Users\Valda\AppData\Local\Temp\ICSW1.11_0M1T1L1G1V0D0L0M1.11.exe

C:\Users\Valda\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\explorer.exe => File is digitally signed

C:\windows\SysWOW64\explorer.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\SysWOW64\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\SysWOW64\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\SysWOW64\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

Additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01

Ran by Valda (2016-04-12 22:13:07)

Running from C:\Users\Valda\Desktop

Windows 8.1 Pro (X64) (2015-02-13 07:41:07)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3839685571-330548617-1467194599-500 - Administrator - Disabled)

Guest (S-1-5-21-3839685571-330548617-1467194599-501 - Limited - Disabled)

Valda (S-1-5-21-3839685571-330548617-1467194599-1001 - Administrator - Enabled) => C:\Users\Valda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1912: Titanic Mystery (HKLM-x32\...\BFG-1912 - Titanic Mystery) (Version: - )

Antique Road Trip: American Dreamin' (HKLM-x32\...\BFG-Antique Road Trip - American Dreamin) (Version: - )

Big City Adventure: Sydney, Australia (HKLM-x32\...\BFG-Big City Adventure - Sydney Australia) (Version: - )

Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )

Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version: - )

Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)

CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)

Delicious: Emily's Honeymoon Cruise (HKLM-x32\...\BFG-Delicious - Emilys Honeymoon Cruise) (Version: - )

Extended Update (HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION

Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version: - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)

HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)

HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.3.11.29 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6769.2015 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1012 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden

Optus 4G Modem HL (HKLM-x32\...\Optus 4G Modem HL) (Version: 22.001.26.00.74 - Huawei Technologies Co.,Ltd)

Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{99039186-EBEB-4127-BFA2-18B10A05ACE2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)

Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)

Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.5.0.1355 - Trend Micro Inc.)

Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden

Vacation Adventures: Park Ranger 2 (HKLM-x32\...\BFG-Vacation Adventures - Park Ranger 2) (Version: - )

WordAnchor 1.10.0.20 (HKLM-x32\...\WordAnchor_1.10.0.20) (Version: 1.10.0.20 - WordAnchor) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {029D6FA5-8662-44A3-848F-7AFFC87E630C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)

Task: {1EA6B76A-CD2D-4137-8093-CE5A851EEF90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {2B6764C6-7C5B-4A7F-A1DE-C702E3BF72A7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)

Task: {3463B9FF-DEE1-4E5E-91C4-CA9666822102} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-11] (Google Inc.)

Task: {36819323-0C61-48DB-BA9F-398DD4D39A28} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3839685571-330548617-1467194599-1001 => C:\Users\Valda\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-12] (Microsoft Corporation)

Task: {5E223B73-07C4-4A55-9641-C8901DB8805F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {740D893A-5D03-4F90-81E1-D4E5E591AC24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-16] (Hewlett-Packard)

Task: {86B2C34F-DAA3-44C0-ADE1-A0199EC9A83D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)

Task: {8D7B55B3-6637-4A81-9266-EACDB6A2FD74} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

Task: {97D3B127-1402-42C2-A286-85CE04EE4EF8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-11] (Microsoft Corporation)

Task: {9BF1EDB9-3AAF-4663-9A9D-D081140B9424} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)

Task: {C1E88011-79AC-4814-B738-7990EC86750E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)

Task: {EF5A5D6E-9369-4199-B655-0524D45BE4C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-11] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Thanks for your help.

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 April 2016 - 05:29 AM

:welcome:

Looks like its you and I again. This computer has some malware going on. First thing I would do is go to Programs and Features in the Control Panel and uninstall PCKeeper

All our tools and scanners work more efficiently when run from the DESKTOP in lieu of being buried in some folder, so download and run these tools right from the DESKTOP

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner TO YOUR DESKTOP

Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

Please download Junkware Removal Tool TO YOUR DESKTOP

Download the one from Bleeping Computer

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

===============================================================================

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 13 April 2016 - 04:37 PM

Hi Ken545,

Nice to get back to you; I should check some of your TexMex recipes to bring back memories of when I was posted to San Antonio.

Down to this problem.

PCKeeper is not listed in the Control Panel list of programs. If I search for it, the only result is the FRST.txt log. I could not find the PCKeeper folder under Program files (even after I changed the folder options to show hidden). The only place I found a reference was the Kromtech folder in C:\Program Data (see attached snip).

In Task Manager, I couldn't see any reference to PCKeeper in processes but in the StartUp tab PCKeeper is listed and enabled.

What should do? DO I go ahead with the other tools you listed or do I have to get rid of PCKeeper first?

Attached Thumbnails

Edited by kangaroo, 13 April 2016 - 04:38 PM.

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 April 2016 - 05:41 PM

Hey

Kromtech is the company behind PcKeeper, but dont see that in your Programs and Features either so at this point we can worry about that later

istartsurf

WordAnchor These are two more that need to be uninstalled

If they wont uninstall again lets worry about them later, whether you uninstall them or not go ahead and run all 3 programs I posted

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 14 April 2016 - 05:12 AM

Hi Ken,

Thanks for that advice.'

I uninstalled Word Anchor in Control Panel; There was only "istartsurf uninstall" listed in Control Panel and that aborted an uninstall saying files missing (I said no to removing it from the program list). I then used RevoUninstaller to remove it and said it went through to completion and the "istartsurf uninstall" entry was removed from the Control Panel program list.

I ran the three utilities from your first reply. Here is the AdwCleaner log (I inadvertently saved the S1 log before I did the Clean and then the C1 log after the Clean):

First the S1 log:

# AdwCleaner v5.110 - Logfile created 14/04/2016 at 17:04:07

# Updated 10/04/2016 by Xplode

# Database : 2016-04-11.4 [Server]

# Operating system : Windows 8.1 Pro (X64)

# Username : Valda - STUREPC

# Running from : C:\Users\Valda\Desktop\AdwCleaner.exe

# Option : Scan

# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : wafd_vw_1_10_0_20

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\DriverRestore

Folder Found : C:\ProgramData\IHProtectUpDate

Folder Found : C:\ProgramData\Kromtech

Folder Found : C:\ProgramData\Application Data\IHProtectUpDate

Folder Found : C:\ProgramData\Application Data\Kromtech

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore

Folder Found : C:\Users\Valda\SupTab

Folder Found : C:\Users\Valda\AppData\Local\Kromtech

Folder Found : C:\Users\Valda\AppData\Roaming\UpdaterEX

***** [ Files ] *****

File Found : C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_homepage-web.com_0.localstorage

File Found : C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_homepage-web.com_0.localstorage-journal

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Found : HKCU\Software\Kromtech

Key Found : HKCU\Software\PRODUCTSETUP

Key Found : HKCU\Software\UpdaterEX

Key Found : HKLM\SOFTWARE\IHProtect

Key Found : HKLM\SOFTWARE\istartsurfSoftware

Key Found : HKLM\SOFTWARE\SupDp

Key Found : HKLM\SOFTWARE\SupTab

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall

Key Found : [x64] HKLM\SOFTWARE\Kromtech

Key Found : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Kromtech

Key Found : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\PRODUCTSETUP

Key Found : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\UpdaterEX

Key Found : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&q={searchTerms}

Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793

Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&q={searchTerms}

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&q={searchTerms}

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1436861095&z=87cfb55f3f03edb1652a8bbg1zbccq4b9qdg2gde9w&from=cor&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF948793&q={searchTerms}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}

Key Found : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\di3j39xxfg260.cloudfront.net

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeper2]

Value Found : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeper2]

Value Found : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [PCKeeper2]

***** [ Web browsers ] *****

[C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : homepage-web.com

[C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch.freesearches.info

[C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.gboxapp.com

[C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.gboxapp.com/?aff=p

[C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxps://secure.homepage-web.com/?partner=acer&src=omnibox&q={searchTerms}

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [6528 bytes] - [14/04/2016 17:04:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6601 bytes] ##########

And here the C1 log:

# AdwCleaner v5.110 - Logfile created 14/04/2016 at 17:19:32

# Updated 10/04/2016 by Xplode

# Database : 2016-04-11.4 [Server]

# Operating system : Windows 8.1 Pro (X64)

# Username : Valda - STUREPC

# Running from : C:\Users\Valda\Desktop\AdwCleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : wafd_vw_1_10_0_20

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DriverRestore

[-] Folder Deleted : C:\ProgramData\IHProtectUpDate

[-] Folder Deleted : C:\ProgramData\Kromtech

[#] Folder Deleted : C:\ProgramData\Application Data\IHProtectUpDate

[#] Folder Deleted : C:\ProgramData\Application Data\Kromtech

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore

[-] Folder Deleted : C:\Users\Valda\SupTab

[-] Folder Deleted : C:\Users\Valda\AppData\Local\Kromtech

[-] Folder Deleted : C:\Users\Valda\AppData\Roaming\UpdaterEX

***** [ Files ] *****

[-] File Deleted : C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_homepage-web.com_0.localstorage

[-] File Deleted : C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_homepage-web.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

[-] Key Deleted : HKCU\Software\Kromtech

[-] Key Deleted : HKCU\Software\PRODUCTSETUP

[-] Key Deleted : HKCU\Software\UpdaterEX

[-] Key Deleted : HKLM\SOFTWARE\IHProtect

[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware

[-] Key Deleted : HKLM\SOFTWARE\SupDp

[-] Key Deleted : HKLM\SOFTWARE\SupTab

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall

[-] Key Deleted : [x64] HKLM\SOFTWARE\Kromtech

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\di3j39xxfg260.cloudfront.net

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com

[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeper2]

[#] Value Deleted : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeper2]

[-] Value Deleted : HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [PCKeeper2]

***** [ Web browsers ] *****

[-] [C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : homepage-web.com

[-] [C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.freesearches.info

[-] [C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.gboxapp.com

[-] [C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.gboxapp.com/?aff=p

[-] [C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxps://secure.homepage-web.com/?partner=acer&src=omnibox&q={searchTerms}

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5266 bytes] - [14/04/2016 17:19:32]

C:\AdwCleaner\AdwCleaner[S1].txt - [6704 bytes] - [14/04/2016 17:04:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5412 bytes] ##########

Here is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.4 (03.14.2016)

Operating System: Windows 8.1 Pro x64

Ran by Valda (Administrator) on Thu 14/04/2016 at 17:24:58.32

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 6

Successfully deleted: C:\ai_recyclebin (Folder)

Successfully deleted: C:\Users\Valda\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001 (File)

Successfully deleted: C:\Users\Valda\AppData\Local\Temp\vitruvian-installer-install-v0003 (File)

Successfully deleted: C:\Users\Valda\AppData\Local\Temp\vitruvian-installer-processes-v0002 (File)

Successfully deleted: C:\Users\Valda\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001 (File)

Successfully deleted: C:\Users\Valda\AppData\Local\Temp\vitruvian-installer-uninstall-v0002 (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 14/04/2016 at 17:26:01.55

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And here is the MWB log:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 14/04/2016

Scan Time: 6:05 PM

Logfile:

Administrator: Yes

Version: 2.2.1.1043

Malware Database: v2016.04.14.02

Rootkit Database: v2016.04.09.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Valda

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 324527

Time Elapsed: 3 min, 16 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 3

PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32, , [84362c8250497fb7a6c02f085fa58c74],

PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS, , [6654921c603936003f27330445bf39c7],

PUP.Optional.WordAnchor, HKLM\SOFTWARE\WOW6432NODE\WordAnchor_1.10.0.20, , [407a8f1fc0d9fc3a94b14c028a7a9e62],

Registry Values: 0

(No malicious items detected)

Registry Data: 2

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[2d8dad01bfdad36337c9152085806799]

PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[902aa00e9bfeda5c11efcc6910f555ab]

Folders: 3

PUP.Optional.ProPCCleaner, C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6, , [a3171e908e0b38fea44df724b64d23dd],

PUP.Optional.ProPCCleaner, C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install, , [a3171e908e0b38fea44df724b64d23dd],

PUP.Optional.ProPCCleaner, C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\A5A8ADA, , [a3171e908e0b38fea44df724b64d23dd],

Files: 13

PUP.Optional.383Media, C:\Users\Valda\AppData\Local\Temp\DRHelper_installFinish.exe, , [407a1d915e3b3df993cbb7f47091fe02],

PUP.Optional.383Media, C:\Users\Valda\AppData\Local\Temp\DRHelper_installStart.exe, , [b604446a9aff37ff2e30f6b5b24f8c74],

PUP.Optional.383Media, C:\Users\Valda\AppData\Local\Temp\DRHelper_uninstallComplete.exe, , [a812f7b7f0a91d198dd1b7f47e83a65a],

PUP.Optional.InstallCore, C:\Users\Valda\AppData\Local\Temp\ICSW1.11_0M1T1L1G1V0D0L0M1.11.exe, , [d5e5f4bae6b34aec03610a444ab7867a],

PUP.Optional.APNToolBar, C:\Users\Valda\AppData\Local\Temp\is-9M6R7.tmp\Offercast346_ARS_.exe, , [1f9b2c82c7d2a59141e2f952847dbd43],

PUP.Optional.InstallCore, C:\Users\Valda\AppData\Local\Temp\is366025459\1B24BF8D_stp\icc.dll, , [4a70a509eeab95a1b59dbcb7c240b050],

PUP.Optional.APNToolBar, C:\Users\Valda\AppData\Local\Temp\oc_863A\OCDLL.dll, , [3f7bf8b607922d09a1827ccfc839748c],

PUP.Optional.ProPCCleaner, C:\Users\Valda\Documents\ProPCCleaner.exe, , [5367d6d81b7edf5703411e323bc634cc],

PUP.Optional.AdvancedPCCare, C:\Users\Valda\Downloads\apcsetuprcpx.exe, , [f8c21698acedfa3cdd301fb6c83954ac],

PUP.Optional.ProPCCleaner, C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\decoder.dll, , [a3171e908e0b38fea44df724b64d23dd],

PUP.Optional.ProPCCleaner, C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\holder0.aiph, , [a3171e908e0b38fea44df724b64d23dd],

PUP.Optional.ProPCCleaner, C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\A5A8ADA\ProPCCleaner.msi, , [a3171e908e0b38fea44df724b64d23dd],

PUP.Optional.GBoxApp, C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwareb...ebrowser/"]}}),Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://www.google.com.au/","http://search.gboxapp.com/?aff=p"]},"software_reporter":{"prompt_seed":"20160210","prompt_version":"6.44.4"},"sync":{"remaining_rollback_tries":0}}), ,[2793f0be1d7cbb7b3cef2f38e124ff01]

Physical Sectors: 0

(No malicious items detected)

(end)

So, so far I have been unable to uninstall PCKeeper and istartsurf but did manage to uninstall WordAnchor.

I look forward to your further advice

Kangaroo

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 April 2016 - 06:08 AM

Good Morning,

Did you have Malwarebytes remove all those bad entries ?? Its not showing they were removed.

This is just an example from another post , not yours. This is what it should look like, it should show them Quarantined

PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],

PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],

Run the program again

You can highlight one of the detections by left clicking on it.

Then, right click on the highlighted detection, and select 'Check All Items'.

Next, click 'Remove Selected'. That should remove them all

After we know that Malwarebytes removed all those bad entries and comes back clean, Open up FRST64 by right clicking on the icon and select RUN AS ADMINISTRATOR, when it opens makes sure Additions is checked, leave everything else as is, click on Scan and when its done post both the new FRST64 and Additions logs please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#7 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 14 April 2016 - 10:07 AM

Sorry about not removing the PUPs found. I've run Malwarebytes again and here are the two logs:

mbam-log-2016-04-15 (01-13-55):

<?xml version="1.0" encoding="UTF-16" ?>

<mbam-log>

</header>

<malware-database>v2016.04.14.04</malware-database>

<rootkit-database>v2016.04.09.01</rootkit-database>

<license>trial</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>

<hostname>STUREPC</hostname>

<osversion>Windows 8.1</osversion>

<username>Valda</username>

</system>

<type>threat</type>

<result>completed</result>

</summary>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items>

<key><path>HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32</path><vendor>PUP.Optional.PCKeeper</vendor><action>success</action><hash>b40888265d3c290d37a073c45ea6a55b</hash></key>

<key><path>HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS</path><vendor>PUP.Optional.PCKeeper</vendor><action>success</action><hash>3d7f446acdcc42f4e8efcf6813f1827e</hash></key>

<key><path>HKLM\SOFTWARE\WOW6432NODE\WordAnchor_1.10.0.20</path><vendor>PUP.Optional.WordAnchor</vendor><action>success</action><hash>6458d4da7e1ba3939c1aada1b252d52b</hash></key>

<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>4f6daa0480198ea8870ded4863a2b54b</hash></data>

<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>e3d95b53940584b2f0a4082d4cb95ea2</hash></data>

<folder><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></folder>

<folder><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></folder>

<folder><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\A5A8ADA</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></folder>

<file><path>C:\Users\Valda\AppData\Local\Temp\DRHelper_installFinish.exe</path><vendor>PUP.Optional.383Media</vendor><action>success</action><hash>219b8628455491a5dbb600aba859a759</hash></file>

<file><path>C:\Users\Valda\AppData\Local\Temp\DRHelper_installStart.exe</path><vendor>PUP.Optional.383Media</vendor><action>success</action><hash>ecd05d51811853e330615358a25f4ab6</hash></file>

<file><path>C:\Users\Valda\AppData\Local\Temp\DRHelper_uninstallComplete.exe</path><vendor>PUP.Optional.383Media</vendor><action>success</action><hash>b7054d61f6a384b2226f3774f908738d</hash></file>

<file><path>C:\Users\Valda\AppData\Local\Temp\ICSW1.11_0M1T1L1G1V0D0L0M1.11.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>3f7de4caf0a9e84ebfd8a4aa966b6997</hash></file>

<file><path>C:\Users\Valda\AppData\Local\Temp\is-9M6R7.tmp\Offercast346_ARS_.exe</path><vendor>PUP.Optional.APNToolBar</vendor><action>success</action><hash>e1db0aa4aaef8aac84d24a01e9189f61</hash></file>

<file><path>C:\Users\Valda\AppData\Local\Temp\is366025459\1B24BF8D_stp\icc.dll</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>1d9f0ca20d8c0f27b90a8ce721e1718f</hash></file>

<file><path>C:\Users\Valda\AppData\Local\Temp\oc_863A\OCDLL.dll</path><vendor>PUP.Optional.APNToolBar</vendor><action>success</action><hash>dfdd0ea0adec3600b1a5b7942ad72dd3</hash></file>

<file><path>C:\Users\Valda\Documents\ProPCCleaner.exe</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>407c48662c6dd462beb962ee0001e21e</hash></file>

<file><path>C:\Users\Valda\Downloads\apcsetuprcpx.exe</path><vendor>PUP.Optional.AdvancedPCCare</vendor><action>success</action><hash>417b179758410234bf817a5bc938e21e</hash></file>

<file><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\decoder.dll</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></file>

<file><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\holder0.aiph</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></file>

<file><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\A5A8ADA\ProPCCleaner.msi</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></file>

<file><path>C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences</path><vendor>PUP.Optional.GBoxApp</vendor><action>replaced</action><baddata>"session":{"restore_on_startup":4,"startup_urls":["http://www.google.co...e</hash></file>

</items>

</mbam-log>

And the protection-log-2016-04-15:

<?xml version="1.0" encoding="UTF-8" ?>

<logs>

</logs>

I then ran Malwarebytes again to check all was clean and here are the results:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 15/04/2016

Scan Time: 1:38 AM

Logfile:

Administrator: Yes

Version: 2.2.1.1043

Malware Database: v2016.04.14.04

Rootkit Database: v2016.04.09.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Valda

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 324838

Time Elapsed: 5 min, 18 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

PUP.Optional.GBoxApp, C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwareb...ebrowser/"]}}),Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://www.google.com.au/","http://search.gboxapp.com/?aff=p"]},"sync":{"remaining_rollback_tries":0}}), Replaced,[ecd0d2dcfe9b3bfbad126106af5613ed]

Physical Sectors: 0

(No malicious items detected)

(end)

I've run Malwarebytes a thrid time and now there were no threats detected, Here is the results:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 15/04/2016

Scan Time: 1:48 AM

Logfile:

Administrator: Yes

Version: 2.2.1.1043

Malware Database: v2016.04.14.04

Rootkit Database: v2016.04.09.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Valda

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 324838

Time Elapsed: 3 min, 31 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01

Ran by Valda (administrator) on STUREPC (15-04-2016 02:02:07)

Running from C:\Users\Valda\Desktop

Loaded Profiles: Valda (Available Profiles: Valda)

Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\ProgramData\MobileBrServ\mbbService.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe