Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is soooooooo sloooooowwwwww booting up HT log included


  • This topic is locked This topic is locked
13 replies to this topic

#1 kenton02

kenton02

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 15 December 2014 - 04:52 PM

600G free on C: (defragmented)

6GB RAM

 

I don't think I have malware but here's the Hijackthis log

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:24:00 AM, on 16/12/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
CHROME: 39.0.2171.95
FIREFOX: 33.1.1 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Kenton\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Users\Kenton\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenton\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Trend Micro DirectPass BHO - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kenton\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_58298EF080581202BC94F421E91D947C] "C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3640 Series"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1418678118
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Kenton\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://desktop.health.gov.au
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - C:\Users\Kenton\AppData\Local\Temp\f5tmp\urxvpn.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\Kenton\AppData\Local\Temp\f5tmp\f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\Kenton\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - C:\Users\Kenton\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - C:\Users\Kenton\AppData\Local\Temp\f5tmp\urxshost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\Kenton\AppData\Local\Temp\f5tmp\urxhost.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - C:\Users\Kenton\AppData\Local\Temp\f5tmp\f5syschk.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = central.health
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = central.health
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = central.health
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: EldosMountNotificator-cbfs4 - {0388B223-8163-489A-9BE5-AD16087316A5} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {0388B223-8163-489A-9BE5-AD16087316A5} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Password Manager Central Control Service (PwmSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 20859 bytes
 
 
Thanks
Kenton


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 20 December 2014 - 10:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 22 December 2014 - 01:57 AM

Thanks for your help  :clapping:

 

RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kenton [Administrator]
Mode : Delete -- Date : 12/22/2014  17:49:29
 
¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7FFAD712-316A-4CF9-A1CA-151650824675} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D111FA78-B74F-4262-A0BD-B79A755DE53C} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7FFAD712-316A-4CF9-A1CA-151650824675} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D111FA78-B74F-4262-A0BD-B79A755DE53C} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7FFAD712-316A-4CF9-A1CA-151650824675} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D111FA78-B74F-4262-A0BD-B79A755DE53C} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Registration -- "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" (Registration ShowMessageTask2D) -> Deleted
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1059GSM +++++
--- User ---
[MBR] 25730d811a8d654bb4ee66ea92b4b4aa
[BSP] c79fe732f5d1d22aa668db4b7273b3fc : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 923765 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892280320 | Size: 29801 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] c916520d8829bb659a455b06874107b5
[BSP] afe4e4099f71508aacfacddb36611d6a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 94207 MB
1 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 193345536 | Size: 400 MB
 
 
============================================
RKreport_SCN_12222014_174727.log
 
 
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kenton [Administrator]
Mode : Delete -- Date : 12/22/2014  17:49:29
 
¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7FFAD712-316A-4CF9-A1CA-151650824675} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D111FA78-B74F-4262-A0BD-B79A755DE53C} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7FFAD712-316A-4CF9-A1CA-151650824675} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D111FA78-B74F-4262-A0BD-B79A755DE53C} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7FFAD712-316A-4CF9-A1CA-151650824675} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D111FA78-B74F-4262-A0BD-B79A755DE53C} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Registration -- "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" (Registration ShowMessageTask2D) -> Deleted
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1059GSM +++++
--- User ---
[MBR] 25730d811a8d654bb4ee66ea92b4b4aa
[BSP] c79fe732f5d1d22aa668db4b7273b3fc : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 923765 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892280320 | Size: 29801 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] c916520d8829bb659a455b06874107b5
[BSP] afe4e4099f71508aacfacddb36611d6a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 94207 MB
1 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 193345536 | Size: 400 MB
 
 
============================================
RKreport_SCN_12222014_174727.log
 
 
Thanks
Kenton
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 22 December 2014 - 09:39 AM

The RogueKiller log was posted twice.

Let me see the logs from the Farbar Recovery Scan Tool

#5 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 22 December 2014 - 05:15 PM

Bit weird ....
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by Kenton (administrator) on KENTON-HP on 22-12-2014 17:54:10
Running from C:\Users\Kenton\Desktop
Loaded Profile: Kenton (Available profiles: Kenton)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKDE.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dropbox, Inc.) C:\Users\Kenton\AppData\Roaming\Dropbox\bin\Dropbox.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\InstallWorkspace.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(F5 Networks, Inc) C:\Windows\Downloaded Program Files\TunnelServer.exe
(F5 Networks, Inc.) C:\Windows\Downloaded Program Files\F5ElHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\adb.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-01] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-21] (Trend Micro Inc.)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [1983920 2014-11-03] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-10-10] (Trend Micro Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-09-25] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-10-18] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-10-18] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM\...\RunOnce: [a7844ec5-e58b-4960-97f0-74eb37f0b7f7] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [88632a8e-3d0f-41e0-8a98-11df1f883d40] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [a4816412-f8ab-4aac-9bc2-248c33aae406] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [bfdc35aa-34fc-45fe-9ffc-9a3fc2afa1b6] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [6513d88a-c664-4617-a36a-a225cbfb26fa] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [8a9bc9b6-f182-4792-bbda-cd8cc0c57e20] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [86cb79e9-b0ff-4996-8da1-f2eab34ada54] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [f416fe60-885d-4c59-97fc-852c42de2999] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [975d720e-f20c-4cc0-8f73-b46e6f92dc4b] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [0bda83d1-9a28-44a4-9c81-f116788cb39c] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [2a380765-eeb9-47c9-a6c9-340101a4a083] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [25c1ad41-0a64-4e9c-bb1f-f83296ee1902] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [29892d94-4cbc-4017-a283-5d50a2846381] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [91407280-313d-45b7-b5d2-6ecce289103f] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [c3c29411-d5c3-4450-b60b-76530150ed16] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [537666f7-6846-4d7d-947a-ad4e0bf82c2e] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [6aab0a64-3af8-4ef3-81df-16f8d55992fd] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [dbf9ec88-ea2d-48b5-8c49-2581b2fd6c16] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [bddd914e-29ab-4753-91e5-ee7357cb16ba] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [92e3bff7-a90b-4917-8591-5145042756c1] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [98da084d-1467-420b-b200-655314be7fef] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [788cc786-1006-4005-9a7e-444a2e65b124] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [47fee4de-f509-40d8-ad7e-f4d754db9d77] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [0ace2470-85cd-4d0d-aa74-180aff8f37ef] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [21ad83fa-006a-4dc7-8ca5-4e5b8fe29ba9] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [24f09665-896a-413d-ae56-24ed3c525dfb] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [1afa8f8b-c63f-4575-a70d-5ca96030807b] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [792412aa-a28e-47e5-b416-40ef6eaf97e5] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [3fdd1a0a-f683-4906-8568-a8d03efba852] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [09a2d517-1fbb-44d4-9f46-3804190acefc] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [76058caf-27f7-41b9-8cab-c9686fcfb6a0] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [7660c100-fcb1-40a1-9154-dc3e8e5ff3c6] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [2252ae56-eba5-48d6-9917-439dcf1678a4] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [d4c5bad5-bc54-4afc-b25a-6924cf831770] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [36402f70-71dc-48d4-8246-9c907a099726] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [b2943bd3-b4cc-49ff-9e29-41075eda303c] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [21b26303-e80e-4cc0-874e-bfe784365741] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [2f6625b6-0a5a-438b-9e59-240f029f21e7] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [0aeb31d1-74da-4dd8-b700-fa7d989f3622] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f9559f92-f4c4-441e-8fb7-9cb08da739b3] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [44186cfc-d950-4a02-9829-0b3159e778db] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [57083a06-509d-4790-b570-b0fb25f02570] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [0c8069ed-59b0-4042-993b-428e988e2c2a] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [fa47db1f-3031-46f4-97d3-b49af292e808] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [22f13194-0dde-40f9-ac70-6c41e1722325] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [58d0dbd7-519f-4657-bf49-8bedddfa4381] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [4ca22c33-9fe5-4802-a822-ab378748638b] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [9d678238-3505-4865-9637-e5c0daa10236] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [ad98e6b0-156e-4f1a-9ff7-319e31079c83] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [d9d80780-39b7-41b4-8bf2-750e66bf6b58] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [1cd04e0f-eb6f-4286-a046-8aeae349b885] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [97fa39d8-87c2-4ae9-932c-373fe5a493cb] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [5b9fbabb-b06e-4877-b569-d6bf73330fc3] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [92c3d024-5cb9-41e9-95ca-d1712afe405a] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [b67a42f2-6f0d-432e-b549-9f3b7502db5f] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [e7f29282-8af0-48a2-af04-540eda4615a8] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [167f8499-9d41-40bc-b872-2648700fd061] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [019442ed-c950-478d-9590-0bc5824d0dfb] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [17854666-0e79-4a05-9e63-899dfa447bbd] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f78d8eec-2979-4abf-8a7d-2cd6dd2066e6] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [d4cffffb-d5cf-459c-80d0-2b3bc427c6fc] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [a90c047d-b7c7-449e-b031-ce2f8471b80d] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [85e99e1b-def9-45c1-869e-600723f20671] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [5328f994-73d2-46e3-a831-8dc0646e2cd9] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [d93c02c6-d4b3-4c11-b39f-5382072b2ad2] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [b5861fb5-ca6f-4d01-9062-293471f0a9e6] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [54d871c6-94b8-4d28-8986-fba9941b7c69] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [72a02f6d-8565-467f-bc5c-73209e6e3c88] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f73056c5-eb86-4380-a95c-c7eb926e68d8] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [2d3cdde7-3759-4a7b-84b2-d1c1004f792e] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [99e8c0b3-4e98-4fce-b377-db799c6592be] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [3d09ecde-5bd1-4892-a39d-e03bfdd59439] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [79acdaa0-a115-4ca5-89cc-e41153f95227] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [61fcc689-c069-4197-8834-689d3d421b7c] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [695add0d-2c52-4531-a7c8-ea6fa9815cc2] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [ed65e623-cc4c-4788-bbef-aff3ab2dd77c] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [1fbc8110-02f2-4f16-83b2-8fea407755d3] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [59e0a050-c029-43bd-9119-0da628256057] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [03fa41db-85d6-4ce4-820a-72580cfb4074] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [2424af64-b2d4-4728-9a1c-aa435b93c8f9] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [aeaa10fb-ec47-4f09-aa8d-7b406a0c6870] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [24d3e23e-d952-4462-a9e4-b23c87600441] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [0e3e7604-2aa1-489d-8f51-105d69110f80] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [bf5cc98b-cee1-48d5-bf36-73c735e0b4bb] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [1103cf73-9822-4f95-9bff-f6ed3cb398d8] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [d870d5e5-5ea5-4c43-9b58-75c2413c028d] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [a9a8b786-4302-4118-a136-c4a589f5166b] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [458b41e3-fceb-4bdb-8679-3a8c454371cf] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [d56664ba-87ad-4983-9673-de366ee69cdd] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [a46dda90-a1a8-4ed1-ab3b-573e3ff3f544] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [fcca0384-be9f-41d7-9253-ea4217005f86] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [f22d2fa4-8a13-4ec5-81ee-4eab9709a4e9] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [b16e41ee-afe0-4d58-a6d0-1ead62158682] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [a9e93f7e-df86-4532-98e9-20b9a68243ce] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [6ceb904e-c7ab-4298-838b-831d76f00ba6] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [a3b9ffee-e898-4843-a1d7-7104a7ea69a3] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [38665b8e-46c2-40ab-826f-9c69b0d70d83] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [ae744d09-27ca-4560-a0c7-9971c8e44bff] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [dd6ea1cf-2715-4c85-b40f-2625c399355f] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [667bc8e5-689f-4f70-adf2-0e6db7117ecb] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [cf7ea991-3e7c-4ef3-a568-bd541c9e64fc] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [33bfa26b-ab32-41b2-b901-de7d72fb5b34] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [50323b16-1984-4dc8-9b50-270e9aa9b1b2] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [ac2e3ccf-451d-4070-b2e9-0ae5b9c4ccb4] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [f8f28f8c-3567-4d6f-9569-72912fb1b663] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [d14f7e8c-eed0-4a77-8706-21883f3ce300] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [43ac6bbb-b687-4fca-b2e7-3b462f639217] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [fd4f1e1e-a6bf-4960-9119-7a6684ade845] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [4c4d5695-29c9-4e4c-afcf-a75300cb2791] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [e7a6f8de-3362-4706-ab79-9c9d51caa138] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [831204cf-90a6-4743-94f0-ed9a7873fbce] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [addd927f-e215-42d4-af71-33a8dcb88106] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [998ad5e9-1fd5-496c-ba69-dd60d3ce47dd] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [507cb2b5-8851-4f26-ac15-d53c77033cc0] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [a4848f55-86f1-428b-b723-9a3ee86b1795] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [5058683a-2007-46dd-8bba-7761647f4b56] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [55790cee-de15-45e2-8ba4-fa58f682110e] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [9bb81347-7bd4-4ec9-85bb-85f1e2b697c7] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [786dfbb1-d2d0-40ae-9e22-2eff4cb8e28e] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [c1b56907-4b9e-4822-b366-de0d9306066f] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [19e26e0f-a6a1-48a6-ab94-ed8cc534bf2a] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [c4e03f62-23f4-485f-91ba-8bd1598b5fac] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [9d896a68-5918-4875-a1b9-2d58c749978f] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [d7ba018f-97ff-42ad-ac1c-3b551ded0a86] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f4fbd6a1-2f3d-41d7-bb3f-43f793c1e749] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [afb32013-7fa2-43e5-a912-7d043e6b6876] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [ee912976-9089-42bc-851a-21605b96a557] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [539e7ccd-3edd-4f38-ae2e-dcfee3631ad2] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [825fbbec-814c-4305-b63d-51c25d5c8f03] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [509a2fda-ed9a-4202-98e5-cd5aa3d5705c] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f23754cf-1cc8-4f02-856b-a1c9ac96f307] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [d7c8da0f-5969-414d-b9d8-6c52dd70a1c6] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [bb646b56-5a23-41fc-8307-3bd8b1a19ce0] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [998555e3-42f2-45df-b9e7-d45629e799a0] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [36a03f44-14cf-4b31-81a3-4a96672de19b] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [b710ec39-8a76-48dd-95f1-9f907169f3bc] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [46555c08-b4d6-4ad1-97af-3f51ecbdd73a] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [8d1fc7ba-6668-4e2d-b928-53cc3d2f09a6] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [b711103a-7997-421b-9d84-c9935409a30a] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [bba9dc98-299e-42d4-9775-ad532fccf133] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [91493464-4ea4-4601-93eb-9a451502020a] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [a56f1700-878c-4d04-98b7-11244612f37e] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [46946795-5e5d-4723-b30b-58497270317e] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [b39e1069-e86b-4f54-8093-d5375d8d7797] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [4e83b81f-e09a-4610-adb7-a77b31d5fe66] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [04178ca8-9c15-40d3-8f00-55aa9b6aa443] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [f6a244c0-6c0e-45fc-9737-b5db905014b4] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [7610866d-19e4-4c31-9bd1-dfc6b474f073] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [0c988c53-70d8-4948-b6eb-029f9e1f5787] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [21b01b99-82cd-4ac2-bcc7-27806eacba6e] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [4bde6eec-1bb6-48bf-8891-5b2789f9842b] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [6154fa1f-82a1-4caa-a402-713074a6041e] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [8bbe7609-47bc-4ccf-9888-afe2bb83d9a9] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [5462bb8a-617b-47fc-a548-a3d3148dce9f] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [fbd985f9-c0dc-4d15-aabd-30360479ba40] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [f9dd0feb-9de1-4fc1-9f97-01a1bc4ffad1] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [ae4092bb-bef4-4134-97ac-000b1f2e38cc] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [03892f9b-14e9-4c8a-b297-719ba876fc5d] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [7614fd42-21d7-49df-8da0-f5a2a126664c] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f49f1635-1e73-4684-b7d4-f907d020d5a3] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [80c7d76a-4fb9-41b4-80c5-dc9dffe5d943] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [c033796c-bfb1-4485-ad75-84c1d055b21d] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [cc8611cd-b999-4bf5-8c7f-3791f3b49b52] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [2add987b-3065-4ea5-a2ac-9981de74a3fe] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [d58adc68-be3e-432c-a83d-adb3074c0a1d] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [7e01dca7-9aab-4d5d-b0a9-1982e5295c67] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [c9a68982-3b19-4af4-967f-fda114181012] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [651bce89-231b-4bf3-8306-4a00bde2a502] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [ac7a0dea-b935-42fc-9df7-18cf102292a8] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [b2d777b2-04fa-4502-b031-a6a939fa6ede] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [b57279d4-b66f-4e90-9a02-69071bab872d] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [ce6f486f-0616-4547-a509-3700ae4d743c] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [09d9009f-46dc-42da-853d-2d8ddefef0ab] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [486a7fcc-f776-44f0-a0df-20ad4a5406ec] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [7ae5f0b6-ac38-4b65-bdac-87a54ac99fd0] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [dfc85ecb-1db0-4057-9119-59c24090bb08] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [32a9374b-279b-49cb-ba19-eb89edf5bdda] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [60c633b5-79bb-49e2-8f24-a2ee125174bd] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [d1bb9499-0fb6-4949-b44a-4e47b52a00e3] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [ac92fdc0-3ae4-4e1c-bc52-e2ab1f4a67f0] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [a207b5a4-2361-45e2-8899-650bdee40b6e] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [5aba4cec-1782-47df-8efd-1906e1d772dc] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [c60260ea-0e24-4f3f-b6c8-c153a48e2261] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [50fc0b0b-11f2-40b6-8d94-d76b3a145ef6] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [8a4f38b4-45a5-43c3-a24a-acd1a9c61084] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [b584fc5a-c07b-4e59-8503-bf80ebf62d88] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [b220b040-d0a3-40a8-a88a-1e91686a2b52] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f8732282-1d9a-4848-9de8-980f9d503f1a] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [0e06de3f-8770-4565-9fa5-c1b91e59fd2e] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [0f0385fe-49c5-41f0-9054-89ccb53a2631] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [ac4e9236-e9b8-4300-85fa-4904ace8f77b] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [d3101a72-14b7-482d-8258-fc17b7ee6c04] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [5fce7cd9-82bb-4fd6-902b-68872839669d] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [01deefec-a0ee-4551-a657-8cbc36d00429] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [8d59bac1-e4a3-4da6-84ad-df357bc1ab79] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [7d98573e-0a8f-41a8-ad59-654e78698303] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [2f5ba66d-93e8-4959-838f-721c8de0901e] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [911ae4e3-c3db-4402-8617-24959ecf0a7c] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [9fe37c8d-625d-4aad-8b6a-6f3a96058c05] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [aeff7e71-1b3d-4860-828e-375f212ec2a0] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [4cdf40b1-267b-443e-95a9-ce82c30d5b2b] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [3dba2154-c527-4a2a-916d-213ea7d4c12b] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [b06af687-1ceb-46f8-ae84-790ab779ed7b] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [42ef8042-cdb9-4c92-8ad2-1bb82c3ba50e] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [3636008d-9c33-40b1-81d8-7e6c2513b808] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [71de6afa-2eba-466e-af84-e81ed36d4b67] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [49ac40bb-b348-4346-a90a-54b8a7b84a8d] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [def621a8-dc86-4398-a6b9-a72916c3c864] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [1e463c16-f0ad-4664-9ed3-d5bf93d6d0c9] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [78159b16-239c-419d-a1c7-42927d280853] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [f8f0a070-2af8-41ba-bb03-32a56f4915f9] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [98e985b8-7e09-4c33-b001-6655a890162c] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [c0f3b0c5-abc1-48a7-ad78-b3fef98e7ca0] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [2ce38b1d-b10e-48e3-ae23-3c23fa36bb97] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [e25eeca1-b681-42bc-b83c-1f48016202e8] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f699b545-98d0-40c2-a1a2-84dc5e8739da] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [8118cd92-4b1f-4577-b955-fbbbc222aa5c] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [7c79e760-2b73-44d2-b26c-b6c1ced3e58f] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [e4cc053a-a8e6-4bd8-b1a6-d7c2c77cdfb7] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [ffe38c64-7dfd-4fa1-8589-6bd9d2a06c80] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [15f6c08a-ed4a-4411-8704-8bcba6356bf6] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [d87b7e04-c6f4-410b-892d-e527585368cb] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [96f520e5-009e-4589-9f67-1a3711b95dff] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [a6f8564f-82aa-404a-92b1-ace799d1f86f] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [43e67d38-1f7a-48e7-a4d9-14a255c4ddfa] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [69c165f3-3c8e-4295-8356-c304077d1955] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [de9d083a-c8aa-4163-8301-9b7346d7d6a0] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [4f906b85-fe47-4cde-89e8-5d007eb5b4b8] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [9d802102-dacc-4b3e-94ef-c4f8b4b69363] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [72121040-b1d3-4556-958b-0be4478c4486] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [b2838f06-5daf-4900-ad73-0b763eb55d4b] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [5575e228-f239-4fd4-a8a4-ce98514f7dd8] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [8ffb267e-96c4-40dd-b995-b178155a9671] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [a17201c3-4c8f-45f2-b424-ff3898c46472] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f9963ae2-d54c-476f-92c0-a453a71f8a07] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [5952ca58-511f-419c-bc03-c8454329042b] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [e79ebfb3-d44d-4e0f-a044-2addece6c9ed] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [87b19472-4a10-4425-a8a3-0ad63f8cb7bd] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [80302d3c-c6fa-4c62-929a-aff92c65e053] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [0e491fc4-f0f2-4c1f-90dc-5d89bd1776fb] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [372ad6a1-adaa-406a-b56c-b2ae6db30a0f] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [130431e4-28e1-40cc-8f5d-e7690604266b] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [67de2743-0b17-4338-82ce-2e9eef2a3fb5] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f5667943-acb6-424b-83e1-18e6e00c976b] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [a6d6531e-10ed-49e2-8689-5a358fb8fa6d] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [297e9a35-04e6-4433-b6a0-3d031ee8f81f] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [ca6980b8-83b4-4455-b90f-82fedd32c212] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [3ee5a302-e30f-489b-b015-29ba443fc592] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [e3d5a8f8-142f-4dce-b3ad-8bf56d5c301e] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [9505c763-849d-4a98-978f-5d7623cc7677] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [32a8b419-3a3f-48cd-88e3-6ddfca301e3f] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [b7bbcd19-0301-40e3-a06b-038ac2d2e077] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [b0fbe687-7766-40bd-9536-e22869911d5a] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [5916464b-813d-4770-b794-44e76eaff7b1] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [d6d45cf1-2da7-49d7-9b8f-5b52a0616cab] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [5001fd36-225d-4c6e-be03-f6860c438515] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [a437f012-e7d3-4c0e-9096-ee2326a96432] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [ecc15727-7052-4471-8134-4a90ef45e6bc] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [05f5d9aa-f3b4-44a1-a81d-3ca5be7987d5] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [f5f99950-646b-4751-906c-305bf3daf355] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [c63d0eca-56af-4e73-80e1-661a93fba03f] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [9a53acf8-5682-48cc-af6f-bbce6d015f69] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [acba194e-4a79-4196-95cd-c45f1cb043e4] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [1b134f9e-0e61-455a-825f-f0b1bb5b8cbc] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [0bcf1654-e796-434a-9f11-468ecd5b0dd9] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [f6b8bab3-27b9-459d-8e0a-ec1f53981e6f] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [93a109fd-213a-4267-ad84-f23925d5fb29] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [b32b69c0-4582-4142-a522-b5d573c66b02] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [885833d4-b43c-4c6f-8c01-620bfc5946e1] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [18d85a25-3887-463b-ae54-b79dc1f364ee] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [c8e97229-ac2c-436d-9fb6-34fac9632f62] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [bb02dacc-c131-4a20-823d-2300929a00a4] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [4243aace-af59-431a-954f-3a5fb8bdeb58] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [8d6bba1e-da4b-41e3-b215-132b2ab14837] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [f9c527fa-5cc1-429f-9dd1-88b70c7945d5] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [5c810938-7c09-45f5-aafa-667dcbef9d47] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [22bd8c66-9d38-4721-a061-99ce49c0f070] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [2020a495-eed6-4535-b25b-19c170a18bae] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [1ead5045-63a7-4c6d-8c0a-1b284eab1073] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [96c01bae-9331-4e9e-b70e-1e7cd0e01dbf] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [55efec8c-83a0-482f-a5a8-b34681935cca] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [4ff58a2d-d68a-4d82-8106-1096dbdd43ea] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [3e09f5e2-db2b-4db4-aece-c417b35d00ca] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [05fc3cbc-0f60-4c6f-a057-7ed8b0d59b5c] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [3a53f3b2-154f-4f2d-8f53-a1cdebf55984] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [27ba10e9-b689-4b67-9782-85db1c547abc] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [c9d442b6-75f9-4a11-834a-10977197801d] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [330619c8-9cb7-41fa-81bb-d0a17e7b4d7a] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [c0146f9a-caec-47e1-bd65-d59935feb357] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [fe63cb74-5c43-41b5-8448-f47016777526] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [5c34ecd1-b474-4ae8-9316-1c6b972f3bee] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [1ec77e3f-e8db-435d-bac9-6ede3f679869] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [629aecfd-8e3e-4cd6-8508-4aef74f85f6f] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [63d7ef0b-268e-4714-819b-61abdfa453e9] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [37a42b4b-ad76-4c6e-bcbb-461981216e62] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [f318a9b9-e025-4fbc-9102-4137442ef1ad] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [8543b81e-65cf-40f9-8a6f-2932069d4872] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [427c506d-f060-4523-b3af-5606c73813de] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [78e068a4-e81a-4e60-9c06-8de260445e34] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [3026d2d9-0328-44bd-8a1e-4d83c55601a8] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [93e84920-2548-49e5-a50b-5b8fab0b7b80] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [7b69947a-394e-4324-b79d-2eb5888bdbcc] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [8e13a63f-8c9f-4fba-b984-e04d6054b789] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [efa2dd0c-1f11-4b67-8559-a17deccb6b89] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [2707f488-bab9-4ebd-ac46-1bf3cd36d2ad] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [32850bb5-9c9f-4acc-945e-2d31143ce358] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [98e83b3b-2f37-4f3d-8b8d-56e9af791ee3] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [a8591844-aae8-4e78-bb24-7784f8ed905d] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [51abb78a-644e-4b1c-a061-5684d6256233] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [2191edcc-f192-4c10-aa3b-e788f10081d2] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [a79ab643-5867-4a58-8c49-c89ecb04f3f9] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [d0b429ea-89df-45bd-8ad7-a45cf5cba971] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [2537e763-df09-4ac7-a63c-d6e80f8d09b3] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [ac3540f6-c60c-4ea9-b2e3-b3b5edb8558a] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [8d2338ee-d82a-412f-9937-b3f6108676c8] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [aba66838-9e84-4ffe-9e5f-9a2c85051a0d] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [45a51486-0aa3-4ed1-8f1b-ba1e7fd9ca4e] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [72adfdee-e88b-4193-adc4-6c4873cd7097] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [f12c1331-fee3-4eab-ada9-c098d825ae0f] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [474dc6fa-1c92-4f94-8e78-49fece9509ff] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [6d6357d6-713a-4290-92f0-d9238fb5d65f] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [6517dc0a-fb8b-468b-a70f-85bc6ddf6fd5] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [68be1316-0a7f-46d5-a5ac-5c66e142223e] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [8d56dec7-faf2-41b2-bc1f-105f1d869aa8] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [9abebad4-a5d5-4369-8721-ea79bbd49b95] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [3c5f5243-d963-4da1-a445-31a3a861bf19] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [09806756-c294-400b-bdfc-3e2e7addbaae] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [1976cb73-7781-4596-9378-92750c2819b1] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [5c1e1baf-e01c-4405-81d0-f1cc51ca690c] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [b226e769-476c-4274-9fb5-43794c1c4ab7] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [3c09d061-5faa-4a43-be7f-38c77ef4f742] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [8a5e75a5-8419-4a5b-a0f1-afbcd06277e9] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [420a3138-dcce-4e9c-b083-07cf78b54829] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [38aa4af1-f123-4ed6-89c5-b7d2e9872437] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [08693add-cc0b-48c9-b453-99207862980c] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [b66f0207-efdb-42fe-a1ba-a5fe73d17171] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\RunOnce: [6bdcc67b-9b1a-4240-aa48-d63be105fd38] => rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
HKLM\...\RunOnce: [bc3925b0-c290-422e-994b-bff7de5d0792] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
HKLM\...\RunOnce: [e1ef824a-e820-4195-9141-2b9f4ddfb6d6] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [7b3c275b-7341-44d9-8ad1-7424ebd7ea9f] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [ccbd97bb-223d-465f-a1f0-e28e940c02f7] => REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
HKLM\...\RunOnce: [592e8a07-664f-464b-9979-66cef1cc5e19] => REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIDS /f /v BrowserExtMonitor /t REG_DWORD /d 1
HKLM\...\RunOnce: [aa1d515c-d206-49fb-8c8a-e32219291502] => C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe [112904 2014-11-27] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [Google Update] => C:\Users\Kenton\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-25] (Google Inc.)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [GoogleChromeAutoLaunch_58298EF080581202BC94F421E91D947C] => C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\RunOnce: [Adobe Speed Launcher] => 1418706430
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: {2a3fbdd0-b3a9-11e3-9e38-2c27d7de33e3} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: {2cfeb772-12bf-11e2-b110-2c27d7de33e3} - G:\win\setup.exe -phs
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: {2cfeb832-12bf-11e2-b110-2c27d7de33e3} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: {decefa49-c680-11e2-97cf-2c27d7de33e3} - F:\HTC_Sync_Manager_PC.exe
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Kenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kenton\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator-cbfs4 - {0388B223-8163-489A-9BE5-AD16087316A5} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {0388B223-8163-489A-9BE5-AD16087316A5} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {F1F6F06E-7619-4635-9BEF-F5B26156767D} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {F1F6F06E-7619-4635-9BEF-F5B26156767D} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\Kenton\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Kenton\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Kenton\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\Kenton\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Kenton\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Kenton\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\Users\Kenton\AppData\Local\Temp\f5tmp\f5syschk.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1783759700-889228059-2870423460-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kenton\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1783759700-889228059-2870423460-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kenton\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\user.js
FF SearchPlugin: C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\searchplugins\Mysearchdial.xml
FF Extension: F5 Networks Host Plugin - C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-08-01]
FF Extension: Firebug - C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\Extensions\firebug@software.joehewitt.com.xpi [2013-07-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-15]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-11-28]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2014-11-28]
FF Extension: No Name - {8197dd50-b252-4b08-a1be-1277f22357bb} [Not Found]
FF Extension: No Name - tmbepff@trendmicro.com [Not Found]
FF Extension: No Name - {BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C} [Not Found]
 
Chrome: 
=======
CHR HomePage: Profile 3 -> hxxp://www.google.com.au/
CHR StartupUrls: Profile 3 -> "hxxp://www.google.com.au/", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Profile 3 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Drive) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-11-29]
CHR Extension: (Status Bar) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ojjdiklbbogaliiljdbpbkkkghendjja [2014-11-17]
CHR Extension: (Trend Micro Password Manager) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2014-11-29]
CHR Profile: C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Docs) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-14]
CHR Extension: (Google Drive) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-14]
CHR Extension: (YouTube) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-14]
CHR Extension: (TrendMicro BEP Extension) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-10-14]
CHR Extension: (Google Search) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-14]
CHR Extension: (TrendMicro Toolbar) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\heoldelcflnigdllmlopiefhkkobendj [2013-10-14]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]
CHR Extension: (Gmail) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-14]
CHR Profile: C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Google Docs) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-14]
CHR Extension: (Google Drive) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (YouTube) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-14]
CHR Extension: (Google Search) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-11-29]
CHR Extension: (Trend Micro Password Manager) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2014-11-29]
CHR Extension: (Gmail) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-14]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
CHR HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kenton\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-08]
CHR HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - No Path
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
CHR StartMenuInternet: Google Chrome - C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2010-06-24] (Macrovision Europe Ltd.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-17] (Hewlett-Packard Company) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-10-10] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [319952 2014-11-03] (Trend Micro Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVerAF35; C:\Windows\System32\Drivers\HPAF35.sys [511104 2009-10-19] (Hewlett-Packard)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [43008 2010-07-27] (Motorola, Inc.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [382144 2013-02-11] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [18992 2013-02-12] (F5 Networks, Inc.)
S3 HPIR; C:\Windows\System32\DRIVERS\HPIR.sys [93184 2009-11-16] (Hewlett-Packard)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [67408 2014-11-03] (Trend Micro Inc.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [259328 2012-05-22] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [108800 2012-05-28] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [253440 2012-05-28] (Sierra Wireless Inc.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-10] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-10] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-10] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [44112 2011-06-07] (F5 Networks, Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-02-11] (EldoS Corporation)
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 17:54 - 2014-12-22 17:54 - 00107027 _____ () C:\Users\Kenton\Desktop\FRST.txt
2014-12-22 17:53 - 2014-12-22 17:54 - 00000000 ____D () C:\FRST
2014-12-22 17:52 - 2014-12-22 17:52 - 02122240 _____ (Farbar) C:\Users\Kenton\Desktop\FRST64.exe
2014-12-22 17:37 - 2014-12-22 17:37 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-22 17:37 - 2014-12-22 17:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-22 17:33 - 2014-12-22 17:33 - 18315864 _____ () C:\Users\Kenton\Desktop\RogueKillerX64.exe
2014-12-18 18:51 - 2014-12-13 16:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 18:51 - 2014-12-13 14:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:13 - 2014-12-10 10:28 - 00000822 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-12-16 08:23 - 2014-12-16 08:24 - 00020861 _____ () C:\Users\Kenton\Downloads\hijackthis.log
2014-12-16 08:22 - 2014-12-16 08:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\Kenton\Downloads\HijackThis.exe
2014-12-15 09:56 - 2014-12-15 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-13 06:43 - 2014-11-27 12:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 06:43 - 2014-11-27 12:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-13 06:43 - 2014-11-22 14:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 06:43 - 2014-11-22 14:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 06:43 - 2014-11-22 14:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-13 06:43 - 2014-11-22 13:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 06:43 - 2014-11-22 13:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 06:43 - 2014-11-22 13:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 06:43 - 2014-11-22 13:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-13 06:43 - 2014-11-22 13:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-13 06:43 - 2014-11-22 13:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 06:43 - 2014-11-22 13:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 06:43 - 2014-11-22 13:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 06:43 - 2014-11-22 13:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-13 06:43 - 2014-11-22 13:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 06:43 - 2014-11-22 13:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-13 06:43 - 2014-11-22 13:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-13 06:43 - 2014-11-22 13:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-13 06:43 - 2014-11-22 13:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 06:43 - 2014-11-22 13:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-13 06:43 - 2014-11-22 13:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 06:43 - 2014-11-22 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 06:43 - 2014-11-22 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 06:43 - 2014-11-22 13:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-13 06:43 - 2014-11-22 13:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-13 06:43 - 2014-11-22 13:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-13 06:43 - 2014-11-22 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 06:43 - 2014-11-22 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-13 06:43 - 2014-11-22 13:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-13 06:43 - 2014-11-22 12:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-13 06:43 - 2014-11-22 12:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-13 06:43 - 2014-11-22 12:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-13 06:43 - 2014-11-22 12:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-13 06:43 - 2014-11-22 12:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 06:43 - 2014-11-22 12:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 06:43 - 2014-11-22 12:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-13 06:43 - 2014-11-22 12:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 06:43 - 2014-11-22 12:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-13 06:43 - 2014-11-22 12:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 06:43 - 2014-11-22 12:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-13 06:43 - 2014-11-22 12:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-13 06:43 - 2014-11-22 12:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-13 06:43 - 2014-11-22 12:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-13 06:43 - 2014-11-22 12:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-13 06:43 - 2014-11-22 12:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 06:43 - 2014-11-22 12:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-13 06:43 - 2014-11-22 12:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-13 06:43 - 2014-11-22 12:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-13 06:43 - 2014-11-22 12:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 06:43 - 2014-11-22 12:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-13 06:43 - 2014-11-22 12:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-13 06:43 - 2014-11-22 12:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-13 06:43 - 2014-11-22 11:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-13 06:43 - 2014-11-22 11:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-13 03:41 - 2014-11-08 14:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 03:41 - 2014-11-08 13:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 03:03 - 2014-10-18 13:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:03 - 2014-10-18 12:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 03:03 - 2014-07-07 13:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 03:03 - 2014-07-07 13:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 03:03 - 2014-07-07 13:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 03:03 - 2014-07-07 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 03:03 - 2014-07-07 12:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 03:03 - 2014-07-07 12:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 03:03 - 2014-07-07 12:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 03:03 - 2014-07-07 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 19:14 - 2014-11-11 14:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 19:14 - 2014-11-11 13:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 19:14 - 2014-11-11 12:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 19:00 - 2014-10-30 13:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 19:00 - 2014-10-30 12:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 19:00 - 2014-10-03 13:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 19:00 - 2014-10-03 13:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 19:00 - 2014-10-03 13:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 19:00 - 2014-10-03 13:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 19:00 - 2014-10-03 13:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 19:00 - 2014-10-03 12:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 19:00 - 2014-10-03 12:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 19:00 - 2014-10-03 12:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 19:00 - 2014-10-03 12:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 19:00 - 2014-10-03 12:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 15:25 - 2014-12-08 15:25 - 06126536 _____ (Tim Kosse) C:\Users\Kenton\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-12-08 08:55 - 2014-12-08 08:55 - 00000000 ____D () C:\Users\Kenton\AppData\Roaming\Trend Micro
2014-11-29 13:38 - 2014-11-29 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2014-11-28 13:21 - 2014-12-08 07:56 - 00000010 _____ () C:\Users\Kenton\AppData\Local\sponge.last.runtime.cache
2014-11-28 12:02 - 2014-11-27 20:58 - 00067408 _____ (Trend Micro Inc.) C:\kbfilter.sys
2014-11-28 12:02 - 2014-11-27 20:58 - 00007799 _____ () C:\kbfilter.cat
2014-11-28 12:02 - 2014-11-27 20:58 - 00000098 _____ () C:\install.bat
2014-11-28 12:02 - 2014-11-27 20:58 - 00000081 _____ () C:\uninstall.bat
2014-11-28 12:02 - 2014-11-03 17:52 - 00067408 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\kbfilter.sys
2014-11-28 11:47 - 2014-11-28 11:47 - 00000000 ___HD () C:\TMRescueDisk
2014-11-28 11:44 - 2014-11-28 11:44 - 00001441 _____ () C:\Users\Kenton\Desktop\Trend Micro Maximum Security.lnk
2014-11-28 11:44 - 2014-11-28 11:44 - 00000000 ____D () C:\Users\Kenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security
2014-11-28 11:43 - 2014-07-14 18:39 - 00305832 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-11-28 11:43 - 2014-07-14 18:39 - 00121944 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-11-28 11:43 - 2014-07-14 18:39 - 00093664 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2014-11-28 11:43 - 2014-07-10 03:03 - 00407864 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2014-11-28 11:43 - 2014-07-10 03:02 - 00106296 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2014-11-28 11:43 - 2014-07-10 03:02 - 00050976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
2014-11-28 11:43 - 2014-06-30 22:06 - 00106296 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys
2014-11-28 11:42 - 2014-11-29 13:38 - 00003540 _____ () C:\Windows\System32\Tasks\Trend Micro Inspect of Platinum
2014-11-28 11:38 - 2014-11-28 11:38 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-11-28 11:37 - 2014-11-28 11:47 - 00000000 ____D () C:\Program Files\Trend Micro
2014-11-27 14:49 - 2014-11-27 15:17 - 253591888 _____ (Trend Micro Inc.) C:\Users\Kenton\Downloads\MAX_2015_FULL.exe
2014-11-23 20:22 - 2014-11-23 20:22 - 614355928 _____ () C:\Windows\MEMORY.DMP
2014-11-23 20:22 - 2014-11-23 20:22 - 00275360 _____ () C:\Windows\Minidump\112314-26473-01.dmp
2014-11-23 20:22 - 2014-11-23 20:22 - 00000000 ____D () C:\Windows\Minidump
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 17:54 - 2014-11-17 19:54 - 00000911 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Update {AB9500B4-D32C-4BC3-B23D-BAB8A22A775A}.job
2014-12-22 17:54 - 2014-11-17 19:54 - 00000725 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Invitation {AB9500B4-D32C-4BC3-B23D-BAB8A22A775A}.job
2014-12-22 17:37 - 2009-07-14 15:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 17:37 - 2009-07-14 15:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 17:36 - 2014-11-20 10:10 - 00000000 ____D () C:\Users\Kenton\Documents\Cert_IV
2014-12-22 17:36 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Kenton\Documents\NSPC
2014-12-22 17:35 - 2014-07-17 14:17 - 00000000 ____D () C:\Users\Kenton\Documents\Accenture
2014-12-22 17:05 - 2012-04-25 10:43 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1783759700-889228059-2870423460-1000UA.job
2014-12-22 16:59 - 2012-04-25 09:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 09:31 - 2010-06-24 15:11 - 01671995 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 09:05 - 2012-04-25 10:43 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1783759700-889228059-2870423460-1000Core.job
2014-12-22 08:59 - 2012-04-25 09:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 09:20 - 2012-05-10 04:16 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKENTON-HP$
2014-12-19 09:20 - 2012-05-10 04:16 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForKENTON-HP$.job
2014-12-16 16:09 - 2012-05-27 10:29 - 00000000 ___RD () C:\Users\Kenton\Dropbox
2014-12-16 16:09 - 2012-05-27 10:27 - 00000000 ____D () C:\Users\Kenton\AppData\Roaming\Dropbox
2014-12-16 16:08 - 2012-05-16 20:14 - 00000000 ___RD () C:\Users\Kenton\Google Drive
2014-12-16 16:07 - 2012-10-13 20:37 - 00000000 ____D () C:\Users\Kenton\AppData\Local\Htc
2014-12-16 16:07 - 2012-10-13 18:58 - 00000000 ____D () C:\Users\Kenton\AppData\Local\HTC MediaHub
2014-12-16 16:05 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 16:05 - 2009-07-14 15:51 - 00101971 _____ () C:\Windows\setupact.log
2014-12-16 10:39 - 2012-05-16 19:00 - 00000000 ____D () C:\Users\Kenton\AppData\Local\Microsoft Help
2014-12-16 08:50 - 2012-10-10 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-16 04:12 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-12-16 03:35 - 2010-06-24 15:14 - 00638788 _____ () C:\Windows\PFRO.log
2014-12-16 03:34 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-16 03:18 - 2012-05-16 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-16 03:16 - 2013-07-28 04:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-16 03:04 - 2012-05-11 08:08 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 08:29 - 2014-10-22 09:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-13 08:26 - 2012-05-27 10:29 - 00001021 _____ () C:\Users\Kenton\Desktop\Dropbox.lnk
2014-12-13 08:26 - 2012-05-27 10:28 - 00000000 ____D () C:\Users\Kenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-13 08:18 - 2012-04-25 11:38 - 00000000 ____D () C:\Users\Kenton\AppData\Roaming\vlc
2014-12-12 11:00 - 2014-05-30 23:45 - 00013312 ___SH () C:\Users\Kenton\Thumbs.db
2014-12-12 10:59 - 2009-07-14 16:13 - 00801958 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-08 15:28 - 2012-05-14 19:03 - 00000000 ____D () C:\Users\Kenton\AppData\Roaming\FileZilla
2014-12-08 15:26 - 2012-05-14 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-12-08 15:26 - 2012-05-14 19:03 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-12-08 15:24 - 2011-09-20 22:38 - 00000000 ____D () C:\Users\Kenton\Documents\#ZenCartMods
2014-12-08 13:50 - 2012-08-01 21:00 - 00000000 ____D () C:\Users\Kenton\AppData\Local\CrashDumps
2014-11-29 13:38 - 2012-04-23 22:14 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-29 13:38 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-28 11:51 - 2012-04-23 22:13 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-11-28 11:09 - 2012-12-26 18:42 - 00000000 ____D () C:\Users\Kenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-11-28 11:09 - 2012-04-23 22:15 - 00000000 ____D () C:\Users\Kenton\AppData\Local\Trend Micro
2014-11-28 11:05 - 2012-12-10 20:52 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-11-22 17:29 - 2013-10-23 10:21 - 00000000 ____D () C:\Users\Kenton\Documents\JobHunting
 
Some content of TEMP:
====================
C:\Users\Kenton\AppData\Local\Temp\44087uninstall.exe
C:\Users\Kenton\AppData\Local\Temp\AC760S_TELSTRA_DRV_BUILD34.EXE
C:\Users\Kenton\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Kenton\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnkoyrn.dll
C:\Users\Kenton\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Kenton\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Kenton\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Kenton\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Kenton\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Kenton\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Kenton\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Kenton\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Kenton\AppData\Local\Temp\MSNCF44.exe
C:\Users\Kenton\AppData\Local\Temp\Sqlite3.dll
C:\Users\Kenton\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Kenton\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Kenton\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Kenton\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Kenton\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Kenton\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Kenton\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Kenton\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Kenton\AppData\Local\Temp\vmgrremok.exe
C:\Users\Kenton\AppData\Local\Temp\_is1748.exe
C:\Users\Kenton\AppData\Local\Temp\_isE511.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 23 December 2014 - 09:33 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Trend Micro DirectPass was installed on your computer.
Did you install it?
If not please remove it using the instructions on the this page.

http://www.shouldiremoveit.com/Trend-Micro-DirectPass-29723-program.aspx

===

Then run the Farbar tool one more time and post a fresh FRST log for my review.

Wait for further instructions.

#7 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 December 2014 - 05:05 PM

Sometime during the running of TFC, Trend Micro stopped TFC from performing an action and then removed TFC.exe citing "This file contained malicious software ..."

 

Where do I go from here?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 24 December 2014 - 08:41 AM


All it does is to clean your \temp folder.
C:\Users\Kenton\AppData\Local\Temp

You can do it yourself.

Continue with the rest of the instructions.

#9 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 01 March 2015 - 09:08 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Kenton (administrator) on KENTON-HP on 02-03-2015 13:03:35
Running from C:\Users\Kenton\Desktop
Loaded Profiles: Kenton (Available profiles: Kenton)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\SupportTool.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKDE.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\Kenton\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-01] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-21] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-10-10] (Trend Micro Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-09-25] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-10-18] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-10-18] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [Google Update] => C:\Users\Kenton\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-25] (Google Inc.)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [GoogleChromeAutoLaunch_58298EF080581202BC94F421E91D947C] => C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-25] (Google Inc.)
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: {2a3fbdd0-b3a9-11e3-9e38-2c27d7de33e3} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: {2cfeb772-12bf-11e2-b110-2c27d7de33e3} - G:\win\setup.exe -phs
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: {2cfeb832-12bf-11e2-b110-2c27d7de33e3} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\...\MountPoints2: {decefa49-c680-11e2-97cf-2c27d7de33e3} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Kenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kenton\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator-cbfs4 - {0388B223-8163-489A-9BE5-AD16087316A5} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {0388B223-8163-489A-9BE5-AD16087316A5} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {F1F6F06E-7619-4635-9BEF-F5B26156767D} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {F1F6F06E-7619-4635-9BEF-F5B26156767D} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\Kenton\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Kenton\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Kenton\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\Kenton\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Kenton\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Kenton\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\Users\Kenton\AppData\Local\Temp\f5tmp\f5syschk.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.208.1
 
FireFox:
========
FF ProfilePath: C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1783759700-889228059-2870423460-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kenton\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1783759700-889228059-2870423460-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kenton\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\user.js
FF SearchPlugin: C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\searchplugins\Mysearchdial.xml
FF Extension: F5 Networks Host Plugin - C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-08-01]
FF Extension: Firebug - C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\Extensions\firebug@software.joehewitt.com.xpi [2013-07-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-15]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2015-03-02]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-03-02]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-11-28]
 
Chrome: 
=======
CHR HomePage: Profile 3 -> hxxp://www.google.com.au/
CHR StartupUrls: Profile 3 -> "hxxp://www.google.com.au/", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Profile 3 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Drive) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-11-29]
CHR Extension: (Status Bar) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ojjdiklbbogaliiljdbpbkkkghendjja [2014-11-17]
CHR Profile: C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Docs) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-14]
CHR Extension: (Google Drive) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-14]
CHR Extension: (YouTube) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-14]
CHR Extension: (TrendMicro BEP Extension) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-10-14]
CHR Extension: (Google Search) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-14]
CHR Extension: (TrendMicro Toolbar) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\heoldelcflnigdllmlopiefhkkobendj [2013-10-14]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]
CHR Extension: (Gmail) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-14]
CHR Profile: C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Google Docs) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-14]
CHR Extension: (Google Drive) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (YouTube) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-14]
CHR Extension: (Google Search) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-11-29]
CHR Extension: (Gmail) - C:\Users\Kenton\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-14]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
CHR HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kenton\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-08]
CHR HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Kenton\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2010-06-24] (Macrovision Europe Ltd.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-17] (Hewlett-Packard Company) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-10-10] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVerAF35; C:\Windows\System32\Drivers\HPAF35.sys [511104 2009-10-19] (Hewlett-Packard)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [43008 2010-07-27] (Motorola, Inc.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [382144 2013-02-11] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [18992 2013-02-12] (F5 Networks, Inc.)
S3 HPIR; C:\Windows\System32\DRIVERS\HPIR.sys [93184 2009-11-16] (Hewlett-Packard)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [67408 2014-11-27] (Trend Micro Inc.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [259328 2012-05-22] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [108800 2012-05-28] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [253440 2012-05-28] (Sierra Wireless Inc.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-10] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-10] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-10] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [44112 2011-06-07] (F5 Networks, Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-02-11] (EldoS Corporation)
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 13:02 - 2015-03-02 13:02 - 02092544 _____ (Farbar) C:\Users\Kenton\Desktop\FRST64.exe
2015-03-02 13:01 - 2015-03-02 13:01 - 01132032 _____ (Farbar) C:\Users\Kenton\Desktop\FRST.exe
2015-02-12 20:46 - 2015-02-12 20:46 - 00021863 _____ () C:\Users\Kenton\Downloads\Download (5).csv
2015-02-10 16:23 - 2015-02-10 16:23 - 00003467 _____ () C:\Users\Kenton\Downloads\Download (4).csv
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 13:03 - 2014-12-22 17:54 - 00037169 _____ () C:\Users\Kenton\Desktop\FRST.txt
2015-03-02 13:03 - 2014-12-22 17:53 - 00000000 ____D () C:\FRST
2015-03-02 12:58 - 2012-05-27 10:29 - 00000000 ___RD () C:\Users\Kenton\Dropbox
2015-03-02 12:58 - 2012-05-27 10:27 - 00000000 ____D () C:\Users\Kenton\AppData\Roaming\Dropbox
2015-03-02 12:57 - 2012-10-13 20:37 - 00000000 ____D () C:\Users\Kenton\AppData\Local\Htc
2015-03-02 12:57 - 2012-10-13 18:58 - 00000000 ____D () C:\Users\Kenton\AppData\Local\HTC MediaHub
2015-03-02 12:57 - 2012-05-16 20:14 - 00000000 ___RD () C:\Users\Kenton\Google Drive
2015-03-02 12:57 - 2012-04-25 09:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 12:54 - 2014-11-17 19:54 - 00000911 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Update {AB9500B4-D32C-4BC3-B23D-BAB8A22A775A}.job
2015-03-02 12:54 - 2014-11-17 19:54 - 00000725 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Invitation {AB9500B4-D32C-4BC3-B23D-BAB8A22A775A}.job
2015-03-02 12:43 - 2012-04-23 22:13 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-03-02 12:39 - 2009-07-14 15:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 12:39 - 2009-07-14 15:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 12:30 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 12:30 - 2009-07-14 15:51 - 00102989 _____ () C:\Windows\setupact.log
2015-03-02 12:25 - 2012-10-10 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-02 12:25 - 2010-06-24 15:14 - 41286672 _____ () C:\Windows\PFRO.log
2015-03-02 12:24 - 2010-06-24 15:11 - 01416867 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 12:20 - 2014-07-17 14:17 - 00000000 ____D () C:\Users\Kenton\Documents\Accenture
2015-03-02 12:19 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Kenton\Documents\NSPC
2015-03-02 12:19 - 2012-04-25 11:38 - 00000000 ____D () C:\Users\Kenton\AppData\Roaming\vlc
2015-03-02 12:13 - 2012-04-25 10:43 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1783759700-889228059-2870423460-1000UA.job
2015-03-02 12:13 - 2012-04-25 09:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-25 20:17 - 2012-04-25 10:43 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1783759700-889228059-2870423460-1000Core.job
2015-02-21 20:35 - 2014-11-28 13:21 - 00000010 _____ () C:\Users\Kenton\AppData\Local\sponge.last.runtime.cache
2015-02-19 03:20 - 2012-05-10 04:16 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKENTON-HP$
2015-02-19 03:20 - 2012-05-10 04:16 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForKENTON-HP$.job
2015-02-10 17:17 - 2014-12-16 16:13 - 00000822 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2015-02-09 20:06 - 2012-04-25 10:43 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1783759700-889228059-2870423460-1000UA
2015-02-09 20:06 - 2012-04-25 10:43 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1783759700-889228059-2870423460-1000Core
2015-02-09 19:29 - 2014-12-15 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 17:52 - 2009-07-14 16:13 - 00801958 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 21:00 - 2012-04-25 09:27 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 21:00 - 2012-04-25 09:27 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-31 13:04 - 2012-05-16 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2012-06-24 21:56 - 2013-09-16 18:25 - 0015360 _____ () C:\Users\Kenton\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-26 18:38 - 2012-12-26 18:38 - 0000036 _____ () C:\Users\Kenton\AppData\Local\housecall.guid.cache
2012-10-13 10:08 - 2012-10-13 20:01 - 0001574 _____ () C:\Users\Kenton\AppData\Local\mbt-actwiz.log
2013-07-09 11:36 - 2013-07-09 11:36 - 0000600 _____ () C:\Users\Kenton\AppData\Local\PUTTY.RND
2012-10-24 19:11 - 2012-10-24 19:11 - 0001716 _____ () C:\Users\Kenton\AppData\Local\recently-used.xbel
2014-11-28 13:21 - 2015-02-21 20:35 - 0000010 _____ () C:\Users\Kenton\AppData\Local\sponge.last.runtime.cache
2010-06-24 15:26 - 2010-06-24 15:26 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-11-02 12:26 - 2010-11-02 12:26 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-06-24 15:26 - 2010-06-24 15:26 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-11-02 12:22 - 2010-11-02 12:23 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-06-24 15:25 - 2010-06-24 15:25 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-06-24 15:26 - 2010-06-24 15:26 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-11-02 12:22 - 2010-11-02 12:22 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-11-02 12:23 - 2010-11-02 12:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-11-02 12:26 - 2010-06-24 15:26 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
Some content of TEMP:
====================
C:\Users\Kenton\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbqugeo.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-23 00:47
 
==================== End Of Log ============================


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 02 March 2015 - 09:33 AM

What made you decide to post a FRST log after 2 months of inactiviry?


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtByDzztByD0B0C0CtDtCtN0D0Tzu0CyDyDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=332756227&ir=
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtByDzztByD0B0C0CtDtCtN0D0Tzu0CyDyDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=332756227&ir=
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
Toolbar: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\user.js
FF SearchPlugin: C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\searchplugins\Mysearchdial.xml
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
CHR HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
U2 TMAgent; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#11 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 03 March 2015 - 02:57 AM

Yeah sorry .... I was moving house, moving jobs, on holidays and generally not at my computer ... hence the delay ...

 

Boots up faster (thansk) but still quite slow ...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015

Ran by Kenton at 2015-03-03 18:47:48 Run:1
Running from C:\Users\Kenton\Desktop
Loaded Profiles: Kenton (Available profiles: Kenton)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
Toolbar: HKU\S-1-5-21-1783759700-889228059-2870423460-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\user.js
FF SearchPlugin: C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\searchplugins\Mysearchdial.xml
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
CHR HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Kenton\AppData\Local\mysearchdial_speedial_v9.0.2.crx [Not Found]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
U2 TMAgent; No ImagePath
 
End
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => Key deleted successfully.
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found. 
"HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
"HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
"HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => Key deleted successfully.
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found. 
HKU\S-1-5-21-1783759700-889228059-2870423460-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\user.js => Moved successfully.
C:\Users\Kenton\AppData\Roaming\Mozilla\Firefox\Profiles\9qdtiis8.default\searchplugins\Mysearchdial.xml => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff" => Key deleted successfully.
"HKU\S-1-5-21-1783759700-889228059-2870423460-1000\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff" => Key deleted successfully.
Amsp => Unable to stop service
Amsp => Error deleting Service
TMAgent => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:47:54 ====


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 03 March 2015 - 08:26 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 09 March 2015 - 08:11 AM

If all is well.

to learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 15 March 2015 - 08:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users