Hello,
I'm currently having an issue with my machine where it will run for a short time then simply reboot itself. Upon rebooting it gets stuck on a black screen and goes no further. If I hard boot the machine, it does come bck up but will stay on for no longer than an hour and half at the most. I use Trend Micro Titanium and I've noticed when it starts, it starts 'starting protection' but never actually gets going.
Please see below my Hijack this log, aswMBR log and FRST log, I would really appreciate any help you could offer.
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:21:58 PM, on 17-Sep-16
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0545)
Boot mode: Normal
Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\chrome_extension2\host\chrome_native_msg_host.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lee\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_SE699.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON4AFCD5 (Epson Stylus Photo PX730)] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /FU "C:\Users\Lee\AppData\Local\Temp\E_S77DA.tmp" /EF "HKCU"
O4 - Startup: SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
O23 - Service: Trend Micro Password Manager Central Control Service (PwmSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
O23 - Service: Macrium Reflect Utility Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: @%systemroot%\system32\vmcompute.exe,-100 (vmcompute) - Unknown owner - C:\WINDOWS\system32\vmcompute.exe (file missing)
O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\WINDOWS\system32\vmms.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNAT.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15160 bytes
Startuplist log:
StartupList report, 17-Sep-16, 6:28:24 PM
StartupList version: 1.52.2
Started from : C:\Users\Lee\Downloads\HiJackThis.EXE
Detected: Unknown Windows (WinNT 6.02.1008)
Detected: Internet Explorer v11.0 (11.00.10586.0545)
* Using default options
==================================================
Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lee\Downloads\HiJackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Hotkey Utility = C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
AdobeCS5ServiceManager = "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
LWS = C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Monitor = "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Logitech Vid = "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
TomTomHOME.exe = "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
OneDrive = "C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
EPSON Stylus Photo R265 Series = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_SE699.tmp" /EF "HKCU"
EPSON4AFCD5 (Epson Stylus Photo PX730) = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /FU "C:\Users\Lee\AppData\Local\Temp\E_S77DA.tmp" /EF "HKCU"
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Trend Micro Toolbar BHO - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll - {43C6D902-A1C5-45c9-91F6-FD9E90337E18}
(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}
(no name) - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Trend Micro Network Filter Plugin - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll - {959A5673-7971-48e6-AF54-58F745AC4ABC}
Trend Micro IE Protection - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}
(no name) - C:\Program Files (x86)\WOT\WOT.dll - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
(no name) - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Adobe Flash Player Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
--------------------------------------------------
Enumerating Download Program Files:
[DLM Control]
InProcServer32 = C:\Windows\DOWNLO~1\DownloadManagerV2.ocx
[{7530BFB8-7293-4D34-9923-61A11451AFC5}]
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\system32\NLAapi.dll
NameSpace #2: C:\WINDOWS\system32\napinsp.dll
NameSpace #3: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #4: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: *Registry key not found*
--------------------------------------------------
End of report, 7,367 bytes
Report generated in 0.031 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
aswMBR log:
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-09-18 13:45:13
-----------------------------
13:45:13.608 OS Version: Windows x64 6.2.9200
13:45:13.608 Number of processors: 4 586 0x170A
13:45:13.609 ComputerName: LEE-QUAD UserName: Lee
13:45:25.727 Initialize success
13:45:25.811 VM: initialized successfully
13:45:25.812 VM: Intel CPU supported
13:45:28.527 VM: disk I/O iaStorAV.sys
13:47:25.441 AVAST engine defs: 16091202
13:48:03.041 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
13:48:03.044 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 8
13:48:04.056 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000031
13:48:04.060 Disk 1 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 8
13:48:04.142 Disk 0 MBR read successfully
13:48:04.146 Disk 0 MBR scan
13:48:04.192 Disk 0 Windows 7 default MBR code
13:48:04.196 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
13:48:04.223 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
13:48:04.265 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 349645 MB offset 31664128
13:48:04.297 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 350296 MB offset 747739136
13:48:04.356 Disk 0 scanning C:\WINDOWS\system32\drivers
13:48:17.935 Service scanning
13:48:41.384 Modules scanning
13:48:41.391 Disk 0 trace - called modules:
13:48:41.415 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorAV.sys
13:48:41.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0018920d060]
13:48:41.426 3 CLASSPNP.SYS[fffff801c5237d95] -> nt!IofCallDriver -> [0xffffe00188926570]
13:48:41.432 5 ACPI.sys[fffff801c4221361] -> nt!IofCallDriver -> \Device\0000002e[0xffffe00188928060]
13:48:42.584 AVAST engine scan C:\WINDOWS
13:48:47.163 AVAST engine scan C:\WINDOWS\system32
13:51:48.516 AVAST engine scan C:\WINDOWS\system32\drivers
13:52:10.782 AVAST engine scan C:\Users\Lee
14:02:02.926 AVAST engine scan C:\ProgramData
14:21:31.907 Disk 0 statistics 3002632/0/0 @ 1.54 MB/s
14:21:31.917 Scan finished successfully
14:21:48.193 Disk 0 MBR has been saved successfully to "C:\Users\Lee\Downloads\MBR.dat"
14:21:48.238 The log file has been saved successfully to "C:\Users\Lee\Downloads\aswMBR.txt"
FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
Ran by Lee (administrator) on LEE-QUAD (18-09-2016 14:22:15)
Running from C:\Users\Lee\Downloads
Loaded Profiles: Lee (Available Profiles: Lee & Shons & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHQE.EXE
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18 ] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [255224 2016-07-14] (TomTom)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [EPSON Stylus Photo R265 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBNE.EXE [139264 2006-05-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [EPSON4AFCD5 (Epson Stylus Photo PX730)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2010-08-16]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
GroupPolicyUsers\S-1-5-21-1954145345-3184534799-3782876019-1003\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{1475c761-93a8-4eda-a634-16fc7bceef3d}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
SearchScopes: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll => No File
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-18] (Oracle Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2010-08-30] ()
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-18] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2010-08-30] ()
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2010-08-30] ()
FireFox:
========
FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\gocygxt6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: (Firefox Hotfix) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\gocygxt6.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-03]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-07-03]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-12-06]
Chrome:
=======
CHR Profile: C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default [2016-09-18]
CHR Extension: (Google Docs) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Google Drive) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-08-31]
CHR Extension: (Gmail) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-31]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2458624 2016-09-01] (Trend Micro Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.) [File not signed]
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2015-12-29] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2015-12-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2015-12-29] (Microsoft Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-18] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2015-12-29] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2015-12-29 ] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2015-12-29] (Microsoft Corporation)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2015-12-29] (Microsoft Corporation)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [101600 2016-07-20] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [124752 2015-12-10] (Trend Micro Inc.)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2015-12-29] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2015-12-29] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30 ] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-01-16] (Microsoft Corporation)
U3 aswMBR; C:\Users\Lee\AppData\Local\Temp\aswMBR.sys [62728 2016-09-18 ] () [File not signed]
U3 aswVmm; C:\Users\Lee\AppData\Local\Temp\aswVmm.sys [224896 2016-09-18] ()
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-18 14:22 - 2016-09-18 14:22 - 00024554 _____ C:\Users\Lee\Downloads\FRST.txt
2016-09-18 14:21 - 2016-09-18 14:21 - 00002418 _____ C:\Users\Lee\Downloads\aswMBR.txt
2016-09-18 14:21 - 2016-09-18 14:21 - 00000512 _____ C:\Users\Lee\Downloads\MBR.dat
2016-09-18 11:04 - 2016-09-18 14:22 - 00000000 ____D C:\FRST
2016-09-18 10:59 - 2016-09-18 11:04 - 02399232 _____ (Farbar) C:\Users\Lee\Downloads\FRST64.exe
2016-09-18 10:58 - 2016-09-18 11 :04 - 05198336 _____ (AVAST Software) C:\Users\Lee\Downloads\aswMBR.exe
2016-09-17 18:28 - 2016-09-17 18:28 - 00007195 _____ C:\Users\Lee\Downloads\startuplist.txt
2016-09-17 18:17 - 2016-09-17 18:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lee\Downloads\HiJackThis.exe
2016-09-17 17:53 - 2016-09-18 11:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-17 17:52 - 2016-09-17 17 :52 - 00001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-17 17:52 - 2016-09-17 17 :52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-17 17:52 - 2016-09-17 17 :52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-17 17:52 - 2016-09-17 17 :52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-17 17:52 - 2016-03-10 14 :09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-17 17:52 - 2016-03-10 14 :08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-17 17:52 - 2016-03-10 14 :08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-17 17:51 - 2016-09-17 17:52 - 22851472 _____ (Malwarebytes ) C:\Users\Lee\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-17 17:44 - 2016-09-17 17 :44 - 00566128 _____ (Malwarebytes) C:\Users\Lee\Downloads\mbam-clean-2.3.0.1001.exe
2016-09-17 16:49 - 2016-09-17 16 :49 - 00002010 _____ C:\Users\Public\Desktop\Reflect.lnk
2016-09-17 16:49 - 2016-09-17 16 :49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2016-09-17 16:49 - 2016-09-17 16 :49 - 00000000 ____D C:\Program Files\Macrium
2016-09-17 16:36 - 2016-09-17 16:36 - 00000000 ____D C:\Users\Lee\Downloads\Macrium
2016-09-17 16:35 - 2016-09-17 16:51 - 00000000 ____D C:\ProgramData\Macrium
2016-09-08 13:44 - 2016-09-08 13 :44 - 00486958 _____ C:\Users\Lee\Downloads\Newsletter September 2016 +.pdf
2016-09-08 13:42 - 2016-09-08 13:42 - 00487140 _____ C:\Users\Lee\Downloads\Newsletter Sept 2016.pdf
2016-09-08 11:56 - 2016-09-08 13:29 - 00000000 ____D C:\ESD
2016-09-08 11:47 - 2016-09-08 11:47 - 00000000 ___HD C:\$Windows.~WS
2016-09-08 11:47 - 2016-09-08 11:47 - 00000000 ____D C:\$WINDOWS.~BT
2016-09-08 11:45 - 2016-09-08 11:47 - 18309328 _____ (Microsoft Corporation) C:\Users\Lee\Downloads\MediaCreationTool.exe
2016-09-08 11:42 - 2016-09-08 11:42 - 00002555 _____ C:\Users\Lee\Downloads\Productkeyforwindows.vbs
2016-09-07 15:52 - 2016-09-07 15 :52 - 01445367 _____ C:\Users\Lee\Downloads\WORRY BOOK.pdf
2016-09-04 16:27 - 2016-09-05 08:08 - 00001319 _____ C:\Users\Lee\Desktop\Worry diary.txt
2016-08-30 16:10 - 2016-08-30 16:10 - 00000000 __SHD C:\found.002
2016-08-30 16:10 - 2016-08-30 16:10 - 00000000 __SHD C:\found.001
2016-08-30 16:10 - 2016-08-30 16:10 - 00000000 __SHD C:\found.000
2016-08-27 15:37 - 2016-08-27 15:37 - 00003320 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-19 12:44 - 2016-08-19 12 :44 - 00002446 _____ C:\Users\Lee\Downloads\contacts.csv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-18 14:11 - 2013-04-13 09:53 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-18 13:58 - 2015-10-30 08 :24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-18 13:57 - 2015-10-30 08 :24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-18 13:52 - 2012-04-20 21 :06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-18 13:44 - 2013-04-13 09 :53 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-18 13:41 - 2015-12-29 15:40 - 01031504 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-18 13:41 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-18 13:34 - 2015-12-29 16:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-18 13:34 - 2012-05-21 18:10 - 00000000 ____D C:\ProgramData\VMware
2016-09-18 13:33 - 2013-04-01 19:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-18 13:33 - 2013-04-01 19:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-18 12:31 - 2013-04-01 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-18 12:27 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-18 12:08 - 2015-11-15 21:34 - 00000010 _____ C:\Users\Lee\AppData\Local\sponge.last.runtime.cache
2016-09-18 11:16 - 2016-07-21 15:42 - 00000000 ____D C:\Users\Lee\Downloads\incomplete
2016-09-18 11:01 - 2016-07-28 15:52 - 00000000 ____D C:\Users\Lee\AppData\Local\DP_Tower_3.7
2016-09-17 18:18 - 2010-03-21 19:36 - 00000000 ____D C:\Users\Lee\AppData\Local\VirtualStore
2016-09-17 18:10 - 2015-12-29 15:41 - 00000000 ____D C:\Users\Lee
2016-09-17 17:45 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-17 17:15 - 2013-04-13 09:55 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-17 17:15 - 2013-04-13 09:55 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-17 16:36 - 2010-09-25 09:43 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2EB18B0-B9DE-4821-8F80-FDDE65545E85}
2016-09-17 16:34 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-13 19:52 - 2015-10-30 08 :24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-13 19:52 - 2015-10-30 08 :24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-13 17:11 - 2015-11-15 19:50 - 00000000 ____D C:\ProgramData\TMDP_Log
2016-09-13 17:11 - 2009-07-14 03:34 - 00000647 _____ C:\WINDOWS\win.ini
2016-09-08 13:29 - 2015-12-29 23:31 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-04 15:18 - 2016-07-24 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-04 15:18 - 2016-07-24 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-02 00:10 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-27 15:37 - 2015-11-14 22:17 - 00002403 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-27 15:37 - 2015-11-14 22:17 - 00000000 ___RD C:\Users\Lee\OneDrive
2016-08-27 15:36 - 2011-01-25 20:34 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Skype
==================== Files in the root of some directories =======
2011-10-16 19:55 - 2011-10-16 19 :55 - 0000132 _____ () C:\Users\Lee\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-08-23 21:16 - 2015-11-01 16:55 - 0035328 _____ () C:\Users\Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-05 15:37 - 2013-01-05 15:37 - 0000036 _____ () C:\Users\Lee\AppData\Local\housecall.guid.cache
2011-01-29 11:48 - 2011-01-29 11:49 - 0006100 _____ () C:\Users\Lee\AppData\Local\MyWinLockerInstaller.txt-20110129.log
2010-08-25 20:28 - 2011-09-06 20:06 - 0007597 _____ () C:\Users\Lee\AppData\Local\Resmon.ResmonCfg
2015-11-15 21:34 - 2016-09-18 12:08 - 0000010 _____ () C:\Users\Lee\AppData\Local\sponge.last.runtime.cache
2009-09-20 12:54 - 2009-09-20 12 :56 - 0008505 _____ () C:\ProgramData\ArcadeDeluxe3.log
2011-01-25 21:27 - 2011-01-25 21:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-08-27 20:18 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2011-01-28 15:42 - 2011-01-28 15:43 - 0000091 _____ () C:\ProgramData\PS.log
Some files in TEMP:
====================
C:\Users\Lee\AppData\Local\Temp\jre-8u91-windows-au.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-08 17:17
==================== End of FRST.txt ============================