Sorry about not removing the PUPs found. I've run Malwarebytes again and here are the two logs:
<key><path>HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32</path><vendor>PUP.Optional.PCKeeper</vendor><action>success</action><hash>b40888265d3c290d37a073c45ea6a55b</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS</path><vendor>PUP.Optional.PCKeeper</vendor><action>success</action><hash>3d7f446acdcc42f4e8efcf6813f1827e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\WordAnchor_1.10.0.20</path><vendor>PUP.Optional.WordAnchor</vendor><action>success</action><hash>6458d4da7e1ba3939c1aada1b252d52b</hash></key>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>4f6daa0480198ea8870ded4863a2b54b</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>e3d95b53940584b2f0a4082d4cb95ea2</hash></data>
<folder><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></folder>
<folder><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></folder>
<folder><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\A5A8ADA</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></folder>
<file><path>C:\Users\Valda\AppData\Local\Temp\DRHelper_installFinish.exe</path><vendor>PUP.Optional.383Media</vendor><action>success</action><hash>219b8628455491a5dbb600aba859a759</hash></file>
<file><path>C:\Users\Valda\AppData\Local\Temp\DRHelper_installStart.exe</path><vendor>PUP.Optional.383Media</vendor><action>success</action><hash>ecd05d51811853e330615358a25f4ab6</hash></file>
<file><path>C:\Users\Valda\AppData\Local\Temp\DRHelper_uninstallComplete.exe</path><vendor>PUP.Optional.383Media</vendor><action>success</action><hash>b7054d61f6a384b2226f3774f908738d</hash></file>
<file><path>C:\Users\Valda\AppData\Local\Temp\ICSW1.11_0M1T1L1G1V0D0L0M1.11.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>3f7de4caf0a9e84ebfd8a4aa966b6997</hash></file>
<file><path>C:\Users\Valda\AppData\Local\Temp\is-9M6R7.tmp\Offercast346_ARS_.exe</path><vendor>PUP.Optional.APNToolBar</vendor><action>success</action><hash>e1db0aa4aaef8aac84d24a01e9189f61</hash></file>
<file><path>C:\Users\Valda\AppData\Local\Temp\is366025459\1B24BF8D_stp\icc.dll</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>1d9f0ca20d8c0f27b90a8ce721e1718f</hash></file>
<file><path>C:\Users\Valda\AppData\Local\Temp\oc_863A\OCDLL.dll</path><vendor>PUP.Optional.APNToolBar</vendor><action>success</action><hash>dfdd0ea0adec3600b1a5b7942ad72dd3</hash></file>
<file><path>C:\Users\Valda\Documents\ProPCCleaner.exe</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>407c48662c6dd462beb962ee0001e21e</hash></file>
<file><path>C:\Users\Valda\Downloads\apcsetuprcpx.exe</path><vendor>PUP.Optional.AdvancedPCCare</vendor><action>success</action><hash>417b179758410234bf817a5bc938e21e</hash></file>
<file><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\decoder.dll</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></file>
<file><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\holder0.aiph</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></file>
<file><path>C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.\Pro PC Cleaner 2.5.6\install\A5A8ADA\ProPCCleaner.msi</path><vendor>PUP.Optional.ProPCCleaner</vendor><action>success</action><hash>d2ea77377d1c55e1df8349d35da65ca4</hash></file>
I've run Malwarebytes a thrid time and now there were no threats detected, Here is the results:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by Valda (administrator) on STUREPC (15-04-2016 02:02:07)
Running from C:\Users\Valda\Desktop
Loaded Profiles: Valda (Available Profiles: Valda)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-17] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-17] (Trend Micro Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\MountPoints2: {77a2b8f6-56d4-11e5-8266-6002925e5880} - "D:\AutoRun.exe"
HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\MountPoints2: {77a2b910-56d4-11e5-8266-6002925e5880} - "D:\AutoRun.exe"
HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\MountPoints2: {ca427560-b423-11e5-8267-6002925e5880} - "D:\AutoRun.exe"
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372424 2015-12-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\Users\Valda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8620.lnk [2016-04-15]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8620.lnk -> C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\windows\SysWOW64\napinsp.dll [55296 2014-10-29] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [70144 2014-10-29] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [70144 2014-10-29] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [65536 2014-10-29] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\windows\SysWOW64\mswsock.dll [286208 2014-10-29] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\windows\SysWOW64\winrnr.dll [23040 2014-10-29] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{5BCEC38B-4DDA-4501-8A10-01BACBEE172A}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{F68A57C1-57AD-47B1-BABA-79B41429FB48}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3839685571-330548617-1467194599-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-11] (Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-17] (Trend Micro Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-11] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-11] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-11] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-17] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-11] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2016-04-12]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-13]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-04-12]
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?partner=acer&src=omnibox&q={searchTerms}
CHR DefaultSearchKeyword: Default -> homepage-web.com
CHR DefaultSuggestURL: Default -> hxxps://secure-suggest.homepage-web.com/suggest?format=json&locale={language}&q={searchTerms}
CHR Profile: C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-11]
CHR Extension: (Google Docs) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-11]
CHR Extension: (Google Drive) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-11]
CHR Extension: (YouTube) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-11]
CHR Extension: (Google Sheets) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-04-11]
CHR Extension: (Gmail) - C:\Users\Valda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-11]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-03-24] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28736 2016-03-16] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Optus 4G Modem HL; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202272 2016-03-23] (Microsoft Corporation) [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-17] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [1567288 2016-03-19] (Trend Micro Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-19] (ASIX Electronics Corp.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2014-07-17] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2014-07-17] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-07-17] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1016328 2015-11-23] (Marvell Semiconductors Inc.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-07-17] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-07-17] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-07-17] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-07-17] (Microsoft Corporation)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [91536 2015-06-29] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [116528 2015-06-26] (Trend Micro Inc.)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [420360 2015-11-23] (Microsoft Corporation)
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-15 02:02 - 2016-04-15 02:02 - 00023029 _____ C:\Users\Valda\Desktop\FRST.txt
2016-04-14 20:55 - 2016-04-14 20:55 - 00004402 _____ C:\Users\Valda\Desktop\mwb-log.txt
2016-04-14 17:59 - 2016-04-15 01:48 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-14 17:59 - 2016-04-14 17:59 - 00001081 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-14 17:59 - 2016-04-14 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-14 17:59 - 2016-04-14 17:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-14 17:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-04-14 17:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-04-14 17:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-04-14 17:57 - 2016-04-14 17:58 - 22851472 _____ (Malwarebytes ) C:\Users\Valda\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-14 17:31 - 2016-04-04 16:35 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-14 17:31 - 2016-04-02 23:26 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-14 17:31 - 2016-04-02 23:26 - 01169408 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-14 17:31 - 2016-03-31 10:54 - 25817600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-14 17:31 - 2016-03-31 10:31 - 02892800 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-14 17:31 - 2016-03-31 10:28 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-14 17:31 - 2016-03-31 10:25 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-14 17:31 - 2016-03-31 10:17 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-14 17:31 - 2016-03-31 10:03 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-04-14 17:31 - 2016-03-31 09:56 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-04-14 17:31 - 2016-03-31 09:56 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-14 17:31 - 2016-03-31 09:55 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-14 17:31 - 2016-03-31 09:53 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-04-14 17:31 - 2016-03-31 09:51 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-04-14 17:31 - 2016-03-31 09:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-04-14 17:31 - 2016-03-31 09:45 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-04-14 17:31 - 2016-03-31 09:45 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-14 17:31 - 2016-03-31 09:43 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-14 17:31 - 2016-03-31 09:43 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-14 17:31 - 2016-03-31 09:43 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-14 17:31 - 2016-03-31 09:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-14 17:31 - 2016-03-31 09:39 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-14 17:31 - 2016-03-31 09:30 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-04-14 17:31 - 2016-03-31 09:30 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-14 17:31 - 2016-03-31 09:30 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-04-14 17:31 - 2016-03-31 09:30 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-04-14 17:31 - 2016-03-31 09:27 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-04-14 17:31 - 2016-03-31 09:24 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-04-14 17:31 - 2016-03-31 09:23 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-04-14 17:31 - 2016-03-31 09:23 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-04-14 17:31 - 2016-03-31 09:23 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-04-14 17:31 - 2016-03-31 09:21 - 13811712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-04-14 17:31 - 2016-03-31 09:18 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-14 17:31 - 2016-03-31 09:06 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-14 17:31 - 2016-03-31 09:05 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-04-14 17:31 - 2016-03-31 09:02 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-04-14 17:31 - 2016-03-31 09:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-04-14 17:31 - 2016-03-28 23:21 - 00698368 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-14 17:31 - 2016-03-28 23:21 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-14 17:31 - 2016-03-28 23:21 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-14 17:31 - 2016-03-28 23:21 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-14 17:31 - 2016-03-28 23:21 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-14 17:31 - 2016-03-16 09:00 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-04-14 17:31 - 2016-03-16 00:14 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-14 17:31 - 2016-03-12 00:48 - 00833024 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-14 17:31 - 2016-03-11 04:22 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-14 17:31 - 2016-03-11 04:21 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-14 17:31 - 2016-03-11 04:20 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-14 17:31 - 2016-03-11 03:44 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-04-14 17:31 - 2016-03-11 03:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-04-14 17:31 - 2016-03-11 03:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-14 17:31 - 2016-03-11 02:48 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-04-14 17:31 - 2016-03-04 02:47 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-14 17:31 - 2016-03-04 02:33 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-04-14 17:31 - 2016-03-03 11:39 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-14 17:31 - 2016-03-03 11:39 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-04-14 17:31 - 2016-02-09 11:31 - 19794896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-04-14 17:31 - 2016-02-09 05:48 - 12879360 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-04-14 17:31 - 2016-02-06 00:46 - 01455104 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2016-04-14 17:31 - 2016-02-04 01:14 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2016-04-14 17:31 - 2016-02-03 04:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys
2016-04-14 17:31 - 2016-02-03 03:51 - 00162304 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-04-14 17:31 - 2016-02-03 03:19 - 00144384 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-04-14 17:31 - 2016-02-03 03:01 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\WsmAgent.dll
2016-04-14 17:31 - 2016-02-03 02:51 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-04-14 17:31 - 2016-02-03 02:48 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-04-14 17:31 - 2016-02-03 02:46 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAgent.dll
2016-04-14 17:31 - 2016-02-03 02:41 - 02170880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-04-14 17:31 - 2016-02-03 02:39 - 00236032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-04-14 17:31 - 2016-01-28 01:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-04-14 17:31 - 2016-01-22 05:35 - 00952928 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2016-04-14 17:31 - 2016-01-22 04:42 - 00786152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2016-04-14 17:30 - 2016-03-11 05:19 - 07452512 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-14 17:30 - 2016-03-11 05:17 - 01663192 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-04-14 17:30 - 2016-03-11 05:17 - 01523216 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-04-14 17:30 - 2016-03-11 05:17 - 01490128 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-04-14 17:30 - 2016-03-11 05:17 - 01358960 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-04-14 17:30 - 2016-03-11 05:17 - 01133752 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-14 17:30 - 2016-03-11 03:48 - 00862720 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-04-14 17:30 - 2016-03-11 03:43 - 00161280 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-04-14 17:30 - 2016-03-11 02:55 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-04-14 17:30 - 2016-03-11 02:42 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-04-14 17:30 - 2016-02-09 11:31 - 22365472 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-04-14 17:30 - 2016-02-09 11:31 - 02757616 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-04-14 17:30 - 2016-02-09 11:31 - 02412576 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-04-14 17:30 - 2016-02-09 11:31 - 00273264 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2016-04-14 17:30 - 2016-02-09 06:55 - 02712576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-04-14 17:30 - 2016-02-09 06:15 - 02551808 _____ (Microsoft Corporation) C:\windows\SysWOW64\themecpl.dll
2016-04-14 17:30 - 2016-02-09 06:02 - 01197056 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2016-04-14 17:30 - 2016-02-09 05:43 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2016-04-14 17:30 - 2016-02-09 05:40 - 00539648 _____ (Microsoft Corporation) C:\windows\SysWOW64\hgcpl.dll
2016-04-14 17:30 - 2016-02-09 05:39 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2016-04-14 17:30 - 2016-02-09 05:37 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingMonitor.dll
2016-04-14 17:30 - 2016-02-09 05:35 - 00954880 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2016-04-14 17:30 - 2016-02-09 05:34 - 00667648 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2016-04-14 17:30 - 2016-02-09 05:33 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2016-04-14 17:30 - 2016-02-09 04:50 - 03120640 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-04-14 17:30 - 2016-02-09 03:55 - 02592256 _____ (Microsoft Corporation) C:\windows\system32\themecpl.dll
2016-04-14 17:30 - 2016-02-09 03:33 - 01278464 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2016-04-14 17:30 - 2016-02-09 03:12 - 14466560 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-04-14 17:30 - 2016-02-09 03:02 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2016-04-14 17:30 - 2016-02-09 03:00 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\hgcpl.dll
2016-04-14 17:30 - 2016-02-09 02:58 - 00336384 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2016-04-14 17:30 - 2016-02-09 02:55 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\SettingMonitor.dll
2016-04-14 17:30 - 2016-02-09 02:53 - 02171904 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll
2016-04-14 17:30 - 2016-02-09 02:53 - 01348096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2016-04-14 17:30 - 2016-02-09 02:50 - 01220096 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2016-04-14 17:30 - 2016-02-09 02:50 - 00841728 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2016-04-14 17:30 - 2016-02-09 02:48 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2016-04-14 17:30 - 2016-02-09 02:47 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2016-04-14 17:30 - 2016-02-09 02:44 - 00955392 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2016-04-14 17:30 - 2016-02-04 01:11 - 01673728 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll
2016-04-14 17:30 - 2016-02-03 03:15 - 00787456 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll
2016-04-14 17:29 - 2016-02-06 05:07 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-04-14 17:29 - 2016-02-05 04:07 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\dhcpsapi.dll
2016-04-14 17:29 - 2016-02-05 03:35 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpsapi.dll
2016-04-14 17:29 - 2016-02-03 03:18 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\wbengine.exe
2016-04-14 17:29 - 2016-02-01 03:17 - 00779264 _____ (Microsoft Corporation) C:\windows\system32\WindowsAnytimeUpgradeui.exe
2016-04-14 17:29 - 2016-01-27 05:15 - 00072024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpci.sys
2016-04-14 17:29 - 2016-01-27 00:48 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpcivsp.sys
2016-04-14 17:29 - 2016-01-22 15:22 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2016-04-14 17:29 - 2016-01-22 15:11 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2016-04-14 17:29 - 2016-01-21 08:40 - 00099672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-04-14 17:28 - 2016-02-07 09:05 - 00551256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2016-04-14 17:28 - 2016-02-06 01:11 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2016-04-14 17:28 - 2016-02-06 01:11 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2016-04-14 17:28 - 2016-02-06 01:07 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2016-04-14 17:28 - 2016-02-06 01:02 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2016-04-14 17:28 - 2016-02-05 02:23 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2016-04-14 17:28 - 2016-02-05 02:22 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2016-04-14 17:27 - 2016-03-04 02:13 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-04-14 17:27 - 2016-02-07 08:41 - 00316760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2016-04-14 17:26 - 2016-04-14 17:26 - 00001119 _____ C:\Users\Valda\Desktop\JRT.txt
2016-04-14 17:26 - 2016-03-30 00:05 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-14 17:23 - 2016-04-14 17:23 - 01610352 _____ (Malwarebytes) C:\Users\Valda\Desktop\JRT.exe
2016-04-14 17:22 - 2016-04-14 17:22 - 00005515 _____ C:\Users\Valda\Desktop\AdwCleaner[C1].txt
2016-04-14 17:17 - 2016-04-14 17:17 - 00006704 _____ C:\Users\Valda\Desktop\AdwCleaner[S1].txt
2016-04-14 17:03 - 2016-04-14 17:19 - 00000000 ____D C:\AdwCleaner
2016-04-14 17:02 - 2016-04-14 17:02 - 03465280 _____ C:\Users\Valda\Desktop\AdwCleaner.exe
2016-04-14 16:51 - 2016-04-14 16:51 - 00001247 _____ C:\Users\Valda\Desktop\Revo Uninstaller.lnk
2016-04-14 16:51 - 2016-04-14 16:51 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-04-14 08:32 - 2016-04-14 16:51 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-04-12 22:35 - 2016-04-15 02:01 - 00000000 ____D C:\Users\Valda\Desktop\mccc actions
2016-04-12 22:14 - 2016-04-12 22:14 - 02375168 _____ (Farbar) C:\Users\Valda\Desktop\FRST64.exe
2016-04-12 22:13 - 2016-04-12 22:13 - 00399360 _____ (Trend Micro Inc.) C:\windows\RegBootClean64.exe
2016-04-12 22:11 - 2016-04-15 02:01 - 00000000 ____D C:\FRST
2016-04-12 20:19 - 2016-04-12 20:19 - 00027680 _____ C:\Users\Valda\Desktop\Trend Micro Maximum Security.pdf
2016-04-12 20:19 - 2016-04-12 20:19 - 00000000 ____D C:\Users\Valda\AppData\Local\CutePDF Writer
2016-04-12 19:47 - 2016-04-12 22:33 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Skype
2016-04-12 19:47 - 2016-04-12 19:47 - 00000000 ____D C:\Users\Valda\AppData\Local\Skype
2016-04-12 19:46 - 2016-04-12 19:46 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\ProgramData\Skype
2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-04-12 19:46 - 2016-04-12 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-04-12 19:45 - 2015-01-06 13:01 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
2016-04-12 19:45 - 2015-01-06 12:59 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
2016-04-12 19:45 - 2015-01-06 11:12 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\rascfg.dll
2016-04-12 19:45 - 2015-01-06 11:02 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\rascfg.dll
2016-04-12 19:45 - 2014-11-16 05:05 - 00801584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-04-12 19:45 - 2014-11-15 16:29 - 00962216 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-04-12 19:45 - 2014-11-14 16:57 - 01027584 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2016-04-12 19:45 - 2014-11-14 15:03 - 00885760 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2016-04-12 19:45 - 2014-11-10 12:57 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys
2016-04-12 19:45 - 2014-11-10 11:20 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vpnike.dll
2016-04-12 19:45 - 2014-11-10 11:08 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\rasapi32.dll
2016-04-12 19:45 - 2014-11-10 10:57 - 00624640 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasapi32.dll
2016-04-12 19:45 - 2014-11-08 14:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndistapi.sys
2016-04-12 19:45 - 2014-11-08 13:56 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\kmddsp.tsp
2016-04-12 19:45 - 2014-11-08 13:56 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\rasmxs.dll
2016-04-12 19:45 - 2014-11-08 13:56 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\rasser.dll
2016-04-12 19:45 - 2014-11-08 13:24 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\rasdiag.dll
2016-04-12 19:45 - 2014-11-08 13:13 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kmddsp.tsp
2016-04-12 19:45 - 2014-11-08 13:13 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasmxs.dll
2016-04-12 19:45 - 2014-11-08 13:13 - 00022528 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasser.dll
2016-04-12 19:45 - 2014-11-08 12:48 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasdiag.dll
2016-04-12 19:45 - 2014-11-08 12:38 - 00166912 _____ (Microsoft Corporation) C:\windows\system32\AppxAllUserStore.dll
2016-04-12 19:45 - 2014-11-08 12:17 - 00143360 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxAllUserStore.dll
2016-04-12 19:45 - 2014-11-08 12:03 - 00733696 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll
2016-04-12 19:45 - 2014-11-08 11:58 - 04837376 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll
2016-04-12 19:45 - 2014-11-08 11:49 - 01154048 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe
2016-04-12 19:45 - 2014-11-05 12:12 - 00211968 _____ (Microsoft Corporation) C:\windows\system32\QSHVHOST.DLL
2016-04-12 19:45 - 2014-11-05 12:12 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\QSVRMGMT.DLL
2016-04-12 19:45 - 2014-11-05 12:06 - 00514048 _____ (Microsoft Corporation) C:\windows\system32\DevicePairing.dll
2016-04-12 19:45 - 2014-11-05 11:44 - 00657920 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2016-04-12 19:45 - 2014-11-05 11:43 - 00252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2016-04-12 19:45 - 2014-11-05 11:39 - 00155648 _____ (Microsoft Corporation) C:\windows\SysWOW64\QSHVHOST.DLL
2016-04-12 19:45 - 2014-11-05 11:39 - 00094208 _____ (Microsoft Corporation) C:\windows\SysWOW64\QSVRMGMT.DLL
2016-04-12 19:45 - 2014-11-05 11:33 - 00465408 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll
2016-04-12 19:45 - 2014-11-05 11:21 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2016-04-12 19:45 - 2014-11-05 11:20 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2016-04-12 19:45 - 2014-11-05 11:14 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll
2016-04-12 19:45 - 2014-11-05 11:06 - 00555520 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2016-04-12 19:45 - 2014-11-05 05:33 - 00058176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2016-04-12 19:45 - 2014-11-04 16:27 - 00128512 _____ (Microsoft Corporation) C:\windows\splwow64.exe
2016-04-12 19:45 - 2014-11-04 15:01 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2016-04-12 19:45 - 2014-10-29 11:55 - 00242176 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2016-04-12 19:45 - 2014-10-29 11:13 - 00169984 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2016-04-12 19:45 - 2014-10-21 11:59 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\eventcls.dll
2016-04-12 19:45 - 2014-10-21 11:19 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\eventcls.dll
2016-04-12 19:45 - 2014-10-21 10:50 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2016-04-12 19:45 - 2014-10-21 10:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2016-04-12 19:45 - 2014-10-21 10:31 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2016-04-12 19:45 - 2014-10-21 10:20 - 01142272 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2016-04-12 19:45 - 2014-10-17 14:56 - 00039744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys
2016-04-12 19:45 - 2014-10-17 13:35 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2016-04-12 19:44 - 2016-02-01 05:17 - 00118624 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-04-12 19:44 - 2016-02-01 04:07 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-04-12 19:44 - 2016-02-01 03:42 - 03320832 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-04-12 19:44 - 2016-02-01 03:14 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-04-12 19:44 - 2016-02-01 02:24 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-04-12 19:44 - 2016-02-01 02:20 - 02464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-04-12 19:44 - 2015-12-17 03:11 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2016-04-12 19:44 - 2015-12-17 02:51 - 00868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2016-04-12 19:44 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-04-12 19:44 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZST.DLL
2016-04-12 19:44 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-04-12 19:44 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-04-12 19:44 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-04-12 19:44 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZST.DLL
2016-04-12 19:44 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-04-12 19:44 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-04-12 19:44 - 2015-10-23 02:21 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2016-04-12 19:44 - 2015-10-23 01:58 - 00200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2016-04-12 19:44 - 2015-10-23 00:08 - 00513456 _____ C:\windows\SysWOW64\locale.nls
2016-04-12 19:44 - 2015-10-23 00:08 - 00513456 _____ C:\windows\system32\locale.nls
2016-04-12 19:44 - 2015-06-10 08:39 - 00081920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\BTHUSB.SYS
2016-04-12 19:44 - 2015-06-10 08:39 - 00053248 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthenum.sys
2016-04-12 19:44 - 2015-06-10 08:38 - 01201664 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2016-04-12 19:44 - 2015-05-01 11:13 - 06521800 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2016-04-12 19:44 - 2015-05-01 11:13 - 01488000 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2016-04-12 19:44 - 2015-05-01 11:13 - 00261376 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2016-04-12 19:44 - 2014-11-18 06:17 - 00672984 _____ (Microsoft Corporation) C:\windows\system32\MDMAgent.exe
2016-04-12 19:44 - 2014-11-14 16:54 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\SystemSettings.Handlers.dll
2016-04-12 13:53 - 2016-04-12 13:53 - 00000000 ____D C:\Users\Valda\AppData\Local\GWX
2016-04-11 17:00 - 2016-04-11 17:00 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-04-11 16:59 - 2016-04-11 16:59 - 00002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 16:59 - 2016-04-11 16:59 - 00002242 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-11 16:58 - 2016-04-15 01:11 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 16:58 - 2016-04-14 21:03 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 16:25 - 2016-04-11 16:25 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-04-11 16:25 - 2016-04-11 16:25 - 00002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-04-11 16:25 - 2016-04-11 16:25 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-04-11 16:25 - 2016-04-11 16:25 - 00002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-04-11 16:25 - 2016-04-11 16:25 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-04-11 16:25 - 2016-04-11 16:25 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-04-11 16:25 - 2016-04-11 16:25 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-04-11 16:25 - 2016-04-11 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-04-11 16:25 - 2016-04-11 16:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-11 13:14 - 2016-04-11 13:14 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Hewlett-Packard
2016-04-11 12:15 - 2016-04-11 12:15 - 00002210 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-04-11 12:15 - 2016-04-11 12:15 - 00000000 ____D C:\System.sav
2016-04-11 12:15 - 2016-04-11 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-04-11 12:14 - 2016-04-12 15:24 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-04-11 12:14 - 2016-04-11 12:15 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-04-11 12:14 - 2016-04-11 12:14 - 00000000 ____D C:\Users\Valda\AppData\Roaming\hpqLog
2016-04-11 12:09 - 2016-04-11 12:10 - 00000000 ____D C:\Users\Valda\AppData\Local\HP
2016-04-11 12:09 - 2016-04-11 12:09 - 00003610 _____ C:\windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8620
2016-04-11 12:09 - 2016-04-11 12:09 - 00002227 _____ C:\Users\Public\Desktop\HP Officejet Pro 8620.lnk
2016-04-11 12:09 - 2016-04-11 12:09 - 00001179 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8620.lnk
2016-04-11 12:09 - 2016-04-11 12:09 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-04-11 12:09 - 2016-04-11 12:09 - 00000057 _____ C:\ProgramData\Ament.ini
2016-04-11 12:09 - 2016-04-11 12:09 - 00000000 ____D C:\Users\Valda\AppData\Roaming\HpUpdate
2016-04-11 12:09 - 2016-04-11 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-04-11 12:09 - 2016-04-11 12:09 - 00000000 ____D C:\Program Files\HP
2016-04-11 12:09 - 2016-04-11 12:09 - 00000000 ____D C:\Program Files (x86)\HP
2016-04-11 12:09 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPM7012.dll
2016-04-11 11:57 - 2016-04-12 15:24 - 00000000 ____D C:\windows\System32\Tasks\Hewlett-Packard
2016-04-11 11:57 - 2016-04-11 12:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-04-11 11:57 - 2016-04-11 12:00 - 00000000 ____D C:\Users\Valda\Downloads\HP Downloads
2016-04-11 11:57 - 2016-04-11 11:57 - 00000000 ____D C:\Users\Valda\AppData\Local\Hewlett-Packard
2016-04-11 11:49 - 2016-04-11 12:09 - 00000000 ____D C:\ProgramData\HP
2016-03-23 03:22 - 2016-03-23 03:22 - 00635040 _____ (Microsoft Corporation) C:\windows\system32\msvcp140.dll
2016-03-23 03:22 - 2016-03-23 03:22 - 00390320 _____ (Microsoft Corporation) C:\windows\system32\vccorlib140.dll
2016-03-23 03:22 - 2016-03-23 03:22 - 00332968 _____ (Microsoft Corporation) C:\windows\system32\concrt140.dll
2016-03-23 03:22 - 2016-03-23 03:22 - 00088752 _____ (Microsoft Corporation) C:\windows\system32\vcruntime140.dll
2016-03-23 02:28 - 2016-03-23 02:28 - 00439608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp140.dll
2016-03-23 02:28 - 2016-03-23 02:28 - 00266928 _____ (Microsoft Corporation) C:\windows\SysWOW64\vccorlib140.dll
2016-03-23 02:28 - 2016-03-23 02:28 - 00243520 _____ (Microsoft Corporation) C:\windows\SysWOW64\concrt140.dll
2016-03-23 02:28 - 2016-03-23 02:28 - 00085328 _____ (Microsoft Corporation) C:\windows\SysWOW64\vcruntime140.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-15 01:28 - 2015-02-13 17:54 - 00000000 ____D C:\Users\Valda\AppData\Roaming\ClassicShell
2016-04-15 01:26 - 2015-02-13 18:19 - 00000000 ____D C:\Users\Valda\AppData\Roaming\Rainmaker Software Group LLC.
2016-04-15 01:13 - 2015-02-13 17:32 - 00818732 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-15 01:13 - 2013-08-22 23:36 - 00000000 ____D C:\windows\Inf
2016-04-15 01:12 - 2016-03-12 11:29 - 00000000 ____D C:\Users\Valda\AppData\Local\DP_Tower
2016-04-15 01:12 - 2015-02-13 17:52 - 00003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{467A6866-877C-418F-8D21-8C57A22B92D5}
2016-04-15 01:11 - 2015-02-13 17:45 - 00000000 ___RD C:\Users\Valda\OneDrive
2016-04-15 01:11 - 2013-08-22 23:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-04-15 01:08 - 2013-08-23 00:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-15 01:08 - 2013-08-23 00:44 - 00487240 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-14 21:17 - 2013-08-22 23:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-04-14 21:16 - 2015-02-13 19:17 - 00000000 ____D C:\windows\system32\appraiser
2016-04-14 21:16 - 2013-08-23 01:36 - 00000000 ___RD C:\windows\ToastData
2016-04-14 21:16 - 2013-08-23 01:36 - 00000000 ____D C:\windows\SysWOW64\en-GB
2016-04-14 21:16 - 2013-08-23 01:36 - 00000000 ____D C:\windows\system32\en-GB
2016-04-14 21:15 - 2013-08-23 01:20 - 00000000 ____D C:\windows\CbsTemp
2016-04-14 17:34 - 2015-02-13 18:55 - 00000000 ____D C:\windows\system32\MRT
2016-04-14 17:32 - 2015-02-13 18:55 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-14 17:26 - 2016-03-07 08:17 - 00177488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-04-14 17:25 - 2016-03-13 11:09 - 01737080 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-04-14 17:25 - 2016-03-13 11:09 - 01501488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-04-14 17:25 - 2016-03-13 11:09 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2016-04-14 17:19 - 2015-02-13 17:40 - 00000000 ____D C:\Users\Valda
2016-04-14 17:08 - 2015-02-13 17:46 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3839685571-330548617-1467194599-1001
2016-04-14 07:41 - 2013-08-23 01:36 - 00000000 ____D C:\windows\AppReadiness
2016-04-12 22:13 - 2016-03-12 11:29 - 00000000 ____D C:\ProgramData\Trend Micro
2016-04-12 19:47 - 2013-08-23 01:36 - 00000000 ____D C:\windows\SysWOW64\setup
2016-04-12 19:47 - 2013-08-23 01:36 - 00000000 ____D C:\windows\system32\setup
2016-04-12 05:22 - 2015-08-28 11:32 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-04-12 05:22 - 2015-08-28 11:32 - 00000000 ___SD C:\windows\system32\GWX
2016-04-12 03:08 - 2014-08-14 16:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-11 16:59 - 2015-07-15 01:39 - 00000000 ____D C:\Users\Valda\AppData\Local\Google
2016-04-11 16:59 - 2015-07-15 01:39 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-11 16:58 - 2015-07-15 01:39 - 00003884 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-11 16:58 - 2015-07-15 01:39 - 00003648 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-11 16:31 - 2013-08-23 01:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-11 14:58 - 2015-09-09 19:57 - 117643304 _____ (MYOB Technology Pty. Ltd.) C:\Users\Valda\Downloads\MYOB_AccountRight_2015.3.exe
2016-04-11 14:58 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-11 14:50 - 2016-03-12 11:29 - 00000000 ____D C:\ProgramData\TMDP_Log
2016-04-11 14:50 - 2013-08-22 23:25 - 00000304 _____ C:\windows\win.ini
2016-04-11 14:26 - 2016-03-13 12:21 - 00000000 ____D C:\Users\Valda\AppData\Local\Trend Micro
2016-04-11 12:44 - 2016-03-13 10:58 - 00000010 _____ C:\Users\Valda\AppData\Local\sponge.last.runtime.cache
2016-04-11 12:14 - 2015-02-13 17:41 - 00000000 ____D C:\Users\Valda\AppData\Local\Packages
2016-04-11 12:13 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-11 12:01 - 2016-03-13 10:27 - 00000000 ____D C:\windows\System32\Tasks\Games
2016-04-11 11:50 - 2013-08-23 01:36 - 00000000 ____D C:\windows\system32\NDF
2016-04-06 07:53 - 2013-08-23 01:38 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-06 07:53 - 2013-08-23 01:38 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-03-17 14:51 - 2015-03-17 14:51 - 0038469 _____ () C:\Users\Valda\AppData\Roaming\Comma Separated Values.ADR
2016-03-12 11:28 - 2016-03-12 11:28 - 0000036 _____ () C:\Users\Valda\AppData\Local\housecall.guid.cache
2016-03-13 10:58 - 2016-04-11 12:44 - 0000010 _____ () C:\Users\Valda\AppData\Local\sponge.last.runtime.cache
2016-04-11 12:09 - 2016-04-11 12:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-14 16:18 - 2014-08-14 16:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Valda\AppData\Local\Temp\converter.exe
C:\Users\Valda\AppData\Local\Temp\libeay32.dll
C:\Users\Valda\AppData\Local\Temp\msvcr120.dll
C:\Users\Valda\AppData\Local\Temp\ose00000.exe
C:\Users\Valda\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-11 12:01
==================== End of FRST.txt ============================
And its Additions log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by Valda (2016-04-15 02:02:28)
Running from C:\Users\Valda\Desktop
Windows 8.1 Pro (X64) (2015-02-13 07:41:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3839685571-330548617-1467194599-500 - Administrator - Disabled)
Guest (S-1-5-21-3839685571-330548617-1467194599-501 - Limited - Disabled)
Valda (S-1-5-21-3839685571-330548617-1467194599-1001 - Administrator - Enabled) => C:\Users\Valda
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1912: Titanic Mystery (HKLM-x32\...\BFG-1912 - Titanic Mystery) (Version: - )
Antique Road Trip: American Dreamin' (HKLM-x32\...\BFG-Antique Road Trip - American Dreamin) (Version: - )
Big City Adventure: Sydney, Australia (HKLM-x32\...\BFG-Big City Adventure - Sydney Australia) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version: - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Delicious: Emily's Honeymoon Cruise (HKLM-x32\...\BFG-Delicious - Emilys Honeymoon Cruise) (Version: - )
Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.3.11.29 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6769.2015 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Optus 4G Modem HL (HKLM-x32\...\Optus 4G Modem HL) (Version: 22.001.26.00.74 - Huawei Technologies Co.,Ltd)
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{99039186-EBEB-4127-BFA2-18B10A05ACE2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.5.0.1355 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
Vacation Adventures: Park Ranger 2 (HKLM-x32\...\BFG-Vacation Adventures - Park Ranger 2) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {029D6FA5-8662-44A3-848F-7AFFC87E630C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {1EA6B76A-CD2D-4137-8093-CE5A851EEF90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {3463B9FF-DEE1-4E5E-91C4-CA9666822102} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-11] (Google Inc.)
Task: {36819323-0C61-48DB-BA9F-398DD4D39A28} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3839685571-330548617-1467194599-1001 => C:\Users\Valda\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-12] (Microsoft Corporation)
Task: {5E223B73-07C4-4A55-9641-C8901DB8805F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {740D893A-5D03-4F90-81E1-D4E5E591AC24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-16] (Hewlett-Packard)
Task: {86B2C34F-DAA3-44C0-ADE1-A0199EC9A83D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)
Task: {8D7B55B3-6637-4A81-9266-EACDB6A2FD74} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {97D3B127-1402-42C2-A286-85CE04EE4EF8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-11] (Microsoft Corporation)
Task: {9BF1EDB9-3AAF-4663-9A9D-D081140B9424} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)
Task: {BEBC9074-8E0C-4C91-AD65-7E2D2F09A6D0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {C1E88011-79AC-4814-B738-7990EC86750E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)
Task: {EF5A5D6E-9369-4199-B655-0524D45BE4C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-11] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-02-13 18:19 - 2013-10-23 14:24 - 00087600 _____ () C:\windows\System32\cpwmon64.dll
2016-03-12 11:29 - 2015-03-31 21:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll
2016-03-12 11:29 - 2015-03-31 21:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll
2016-03-12 11:29 - 2015-03-31 21:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2016-03-12 11:29 - 2015-03-31 21:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll
2016-03-12 11:29 - 2015-03-31 21:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll
2016-03-12 11:29 - 2015-03-31 21:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2016-03-12 11:27 - 2015-07-17 04:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2016-01-09 13:03 - 2016-03-24 17:28 - 00172232 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-07 09:13 - 2014-11-20 18:48 - 00242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-03-12 11:29 - 2015-07-17 04:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2016-03-12 11:29 - 2015-07-17 04:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2016-03-12 11:29 - 2015-07-17 04:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2016-03-12 11:29 - 2015-07-17 04:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2016-03-12 11:29 - 2016-03-19 19:15 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll
2016-04-11 15:04 - 2016-04-11 15:04 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-12 11:27 - 2015-07-17 04:31 - 00065520 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2016-03-12 11:29 - 2016-01-12 21:01 - 46400568 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2016-04-11 16:59 - 2016-04-06 20:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 16:59 - 2016-04-06 20:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C [182]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\TEMP:5CD804FF [120]
AlternateDataStreams: C:\ProgramData\TEMP:65949863 [137]
AlternateDataStreams: C:\ProgramData\TEMP:9ACB70D7 [107]
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C [274]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3839685571-330548617-1467194599-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img5.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3839685571-330548617-1467194599-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C9ECAB50-11DE-4D0F-BDAE-9342B436B250}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6270ECAC-69AB-4CD6-987A-650287B997EF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{89A18731-EB26-4828-BE2A-4D1DAC646352}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{04AB3544-0AED-418C-A3ED-09E8740AD073}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{950277EF-B989-4E80-92E7-C540F25ADF3B}] => (Allow) C:\Users\Valda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{08075C54-1596-414A-B86F-8CD62713F779}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [{08E3AB02-4183-40CD-9B2B-B689A79AE59B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{3701261A-3F97-45DA-8D28-85D12935B74A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{5B83FA65-8125-44A2-9FBC-EDE990533A84}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{41CA24A1-045E-4D95-B984-67E4406D9E58}] => (Allow) LPort=5357
FirewallRules: [{93994EE2-A23A-4FAF-8D6D-627481723672}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{48542443-DCC5-4854-979D-1385B51B1BBE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{066F94F9-304D-4FCB-AE86-A799A0036244}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
11-04-2016 11:57:33 Installed HP Support Solutions Framework
14-04-2016 16:53:01 Revo Uninstaller's restore point - istartsurf uninstall
14-04-2016 17:24:58 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/14/2016 07:51:42 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
Error: (04/12/2016 05:41:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (04/11/2016 04:32:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: STUREPC)
Description: Application or service 'Microsoft Outlook' could not be restarted.
Error: (04/11/2016 04:24:51 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: STUREPC)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.
Error: (04/11/2016 02:23:41 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {260A7309-52F0-4DD0-B857-5948CBE8E61C}
Error: (04/11/2016 02:23:41 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {260A7309-52F0-4DD0-B857-5948CBE8E61C}
Error: (04/11/2016 02:23:35 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8C95B959-1F93-4DE0-B1FC-8B12B5FBBA7E}
Error: (04/11/2016 02:23:35 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8C95B959-1F93-4DE0-B1FC-8B12B5FBBA7E}
Error: (04/11/2016 02:23:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {17C65983-36D3-490D-9D64-3F00DFDAB5B7}
Error: (04/11/2016 02:23:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {17C65983-36D3-490D-9D64-3F00DFDAB5B7}
System errors:
=============
Error: (04/14/2016 06:30:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
Error: (04/14/2016 05:20:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
Error: (04/14/2016 05:20:01 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (04/14/2016 05:19:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/14/2016 05:19:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (04/14/2016 05:19:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Trend Micro Password Manager Central Control Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/14/2016 05:19:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Optus 4G Modem HL service terminated unexpectedly. It has done this 1 time(s).
Error: (04/14/2016 05:19:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (04/14/2016 05:19:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (04/14/2016 07:41:38 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
CodeIntegrity:
===================================
Date: 2015-08-29 05:40:22.736
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-28 11:04:00.738
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-18 15:58:58.720
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-16 02:47:14.787
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-14 02:47:27.398
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 26%
Total physical RAM: 8097.07 MB
Available physical RAM: 5982.05 MB
Total Virtual: 9377.07 MB
Available Virtual: 6723.97 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:232.21 GB) (Free:186.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 78C18168)
Partition: GPT.
==================== End of Addition.txt ============================
I think I may have messed up the first Malwarebytes scan in getting the xml logs; I hope this hasn't made things too difficult for you. Please accept my apologies in advance for any hassles this causes. There were 21 PUPs found in that first scan.
I look forward to your next analysis.
Kangaroo