Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to open Programs and Features in WIN 8.1 x64


  • Please log in to reply
4 replies to this topic

#1 RobA7937

RobA7937

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 18 August 2015 - 05:36 AM

Hi there:

I am unable to access the Programs and features in the Control Panel on my WIN 8.1 x64 Surface Pro 2. I ran across this issue with the last 3 days. I am using Trend Micro Internet Security anti-virus which comes up clean. SuperAntiSpyware is the same. MalwareBites free comes up clean and the MR Antiroot kit said there were no items found.  The FRST would not run initally in normal mode as it said the "Windows was protecting my computer."  It did run in Safe Mode however.  There was a warning about not being able to verify the FRST because the internet was disconnected, but I was able to proceed with the scan.  Any assistance will be greatly appreciated as I realize this is over my head and there is something really nasty onboard.

Attached File  FRST.txt   56.37KB   0 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Robert (administrator) on ROBERTPC (18-08-2015 16:54:44)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) I:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Robert\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-12-16] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2047216 2015-06-29] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => I:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-17] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-17] (Trend Micro Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-07] (CyberLink Corp.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [PrinterProDesktop] => C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe [2132992 2012-02-02] ()
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [{5F9E7405-B335-47cf-8F9A-74FD2576E4A9}] => C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe [935744 2013-10-10] (CORPUS CORPORATION)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [Steam] => I:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-13] (Valve Corporation)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [SUPERAntiSpyware] => I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-02] (SUPERAntiSpyware)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [BingSvc] => C:\Users\Robert\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [CCleaner Monitoring] => I:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Run: [Polaris Office Sync] => C:\Users\Robert\AppData\Roaming\PolarisOfficeLink\POLinkLauncher.exe [805112 2015-08-13] (Infraware)
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Controller Companion.lnk [2015-05-30]
ShortcutTarget: Controller Companion.lnk -> I:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe (Koga Tech Ltd)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-10-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-07-11]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 0POLinkIconDone] -> {4931EE43-90CB-4D46-A50F-474D7C5D97BE} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 1POLinkIconFailed] -> {828F1FF1-021C-4EC0-A4F8-B1BFF6390DD3} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 2POLinkIconIng] -> {8AE3CBEA-8E21-4883-BFD0-925F5513F190} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 3POLinkIconProhibited] -> {DED0F1AF-0505-4FB7-83AA-C2E51FA0721F} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/th-th/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> I:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg.dll [2015-06-25] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe64.dll [2015-07-03] (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-28] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg32.dll [2015-06-25] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe32.dll [2015-07-03] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-28] (Oracle Corporation)
BHO-x32: Homepage Print 2BHO -> {EFC91ACA-519F-428D-8472-81E158609D25} -> C:\Program Files (x86)\Homepage Print 2\IEBand.dll [2013-10-10] (CORPUS CORPORATION)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Homepage Print 2 - {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll [2013-10-10] (CORPUS CORPORATION)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe64.dll [2015-07-03] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe32.dll [2015-07-03] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg.dll [2015-06-25] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg32.dll [2015-06-25] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-07-17] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{3EE2EEA6-C378-42A8-B2B7-656020EB611D}: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ybn3i7gq.default-1437886874092
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF user.js: detected! => C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ybn3i7gq.default-1437886874092\user.js [2015-08-11]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\firefoxextension [2015-08-18]
FF HKLM-x32\...\Firefox\Extensions: [HomePagePrint2@corpus.co.jp] - C:\Program Files (x86)\Homepage Print 2\Firefox
FF Extension: Homepage Print 2 - C:\Program Files (x86)\Homepage Print 2\Firefox [2014-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2015-02-10]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-08-18]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-08-18]
FF HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
StartMenuInternet: FIREFOX.EXE - I:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-17]
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-17]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-17]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-17]
CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-17]
CHR Extension: (Google Sheets) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-17]
CHR Extension: (MSN Homepage) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-08-17]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-08-18]
CHR Extension: (Trend Micro Password Manager) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-17]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; I:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-31] (Intel Corporation)
S2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-17] (Trend Micro Inc.)
S2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-12-16] (Copyright 2013 SAMSUNG)
S2 ss_conn_service; I:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 AvastVBoxSvc; "I:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
S1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-17] (REALiX™)
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2015-01-30] (Trend Micro Inc.)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-13] (Intel Corporation)
S3 mwlu97w8; C:\Windows\system32\DRIVERS\mwlu97w8x64.sys [1602560 2014-05-28] (Marvell Semiconductors, Inc.)
S1 SASDIFSV; I:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; I:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [42048 2014-05-21] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [29752 2013-08-07] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [37992 2013-08-09] (Microsoft Corporation)
R3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [37944 2013-08-07] (Microsoft Corporation)
S1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [134280 2015-07-22] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [326896 2015-07-22] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [100320 2015-07-22] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
S1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [91536 2015-06-29] (Trend Micro Inc.)
S2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [116528 2015-06-26] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-18] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-07] (CyberLink Corp.)
U2 TMAgent; no ImagePath
S2 VBoxAswDrv; \??\I:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 16:54 - 2015-08-18 16:54 - 00027853 _____ C:\Users\Robert\Desktop\FRST.txt
2015-08-18 16:54 - 2015-08-18 16:54 - 00000000 ___DC C:\FRST
2015-08-18 16:53 - 2015-08-18 16:53 - 00001494 _____ C:\windows\PFRO.log
2015-08-18 16:51 - 2015-08-18 16:26 - 02173440 _____ (Farbar) C:\Users\Robert\Desktop\FRST64(1).exe
2015-08-18 16:29 - 2015-08-18 16:51 - 00000000 ____D C:\Users\Robert\Desktop\mbar
2015-08-18 16:29 - 2015-08-18 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-18 16:29 - 2015-08-18 16:29 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 16:29 - 2015-08-18 16:29 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-18 13:06 - 2015-08-18 13:06 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-18 11:44 - 2015-08-18 12:04 - 00000000 ____D C:\Users\Robert\AppData\Local\CrashDumps
2015-08-18 11:24 - 2015-08-18 11:34 - 00000000 ___DC C:\MGtools
2015-08-18 11:24 - 2015-08-18 06:07 - 01992576 ____C C:\MGtools.exe
2015-08-18 10:55 - 2015-08-18 10:55 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-18 10:53 - 2015-08-18 11:06 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-18 09:54 - 2015-08-18 10:20 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-18 09:54 - 2015-08-18 09:54 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-08-18 06:50 - 2015-08-18 06:50 - 00000000 __HDC C:\TMRescueDisk
2015-08-18 06:45 - 2015-08-18 06:45 - 00001472 _____ C:\Users\Robert\Desktop\Trend Micro Internet Security.lnk
2015-08-18 06:45 - 2015-08-18 06:45 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security
2015-08-18 06:45 - 2015-07-22 08:32 - 00100320 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmevtmgr.sys
2015-08-18 06:45 - 2015-07-22 08:28 - 00326896 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2015-08-18 06:45 - 2015-07-22 08:28 - 00134280 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmactmon.sys
2015-08-18 06:45 - 2015-06-29 09:38 - 00091536 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMUMH.sys
2015-08-18 06:45 - 2015-06-26 17:20 - 00116528 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmusa.sys
2015-08-18 06:45 - 2015-06-23 09:49 - 00039056 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmel.sys
2015-08-18 06:45 - 2015-06-11 15:54 - 00059712 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMEBC64.sys
2015-08-18 06:45 - 2015-06-08 12:54 - 00116576 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmeevw.sys
2015-08-18 06:45 - 2015-05-28 17:26 - 00416608 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmnciesc.sys
2015-08-18 06:29 - 2015-08-18 06:29 - 00000197 _____ C:\windows\system32\2015-08-17-23-29-44.034-AvastVBoxSVC.exe-4644.log
2015-08-18 05:35 - 2015-08-18 06:24 - 00000000 ____D C:\ProgramData\Emsisoft
2015-08-17 21:33 - 2015-08-17 21:33 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-08-17 20:52 - 2015-08-17 21:30 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Nico Mak Computing
2015-08-17 12:16 - 2015-08-17 14:14 - 00002400 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_Robert
2015-08-17 12:16 - 2015-08-17 14:14 - 00000298 _____ C:\windows\Tasks\Uninstaller_SkipUac_Robert.job
2015-08-17 12:16 - 2015-08-17 12:16 - 00000000 ____D C:\windows\Tasks\ImCleanDisabled
2015-08-17 12:16 - 2015-08-17 12:16 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-08-17 12:16 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\windows\system32\IObitSmartDefragExtension.dll
2015-08-17 12:16 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\windows\system32\SmartDefragBootTime.exe
2015-08-17 12:15 - 2015-08-17 12:15 - 00026528 _____ (REALiX™) C:\windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-08-17 12:10 - 2015-08-18 03:48 - 00000000 ____D C:\Users\Robert\AppData\Roaming\ProductData
2015-08-17 12:10 - 2015-08-17 12:55 - 00000000 ____D C:\ProgramData\ProductData
2015-08-17 12:09 - 2015-08-18 13:54 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-17 12:09 - 2015-08-17 14:09 - 00000000 ____D C:\Users\Robert\AppData\Roaming\IObit
2015-08-17 12:09 - 2015-08-17 12:55 - 00000000 ____D C:\ProgramData\IObit
2015-08-17 11:50 - 2015-08-17 11:50 - 00000835 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-17 11:50 - 2015-08-17 11:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-17 06:54 - 2015-08-17 07:02 - 00000995 _____ C:\windows\system32\pcc.log
2015-08-17 06:51 - 2015-08-17 13:00 - 00227377 ____C C:\TMPatch.log
2015-08-17 06:45 - 2015-08-18 06:45 - 00000059 _____ C:\windows\system32\SupportTool.exe.bat
2015-08-17 06:45 - 2015-08-17 06:45 - 00000000 ____D C:\windows\SysWOW64\tmumh
2015-08-17 06:45 - 2015-08-17 06:45 - 00000000 ____D C:\windows\system32\tmumh
2015-08-16 23:35 - 2015-08-16 23:35 - 00000938 _____ C:\Users\Robert\Desktop\Revo Uninstaller.lnk
2015-08-16 23:26 - 2015-06-10 05:39 - 00081920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\BTHUSB.SYS
2015-08-16 23:26 - 2015-06-10 05:39 - 00053248 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthenum.sys
2015-08-16 23:26 - 2015-06-10 05:38 - 01201664 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-08-16 23:26 - 2015-05-01 08:13 - 06521800 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2015-08-16 23:26 - 2015-05-01 08:13 - 01488000 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-08-16 23:26 - 2015-05-01 08:13 - 00261376 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2015-08-16 07:37 - 2015-08-18 14:05 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3309137435-1401997441-3551121105-1001
2015-08-16 07:36 - 2015-08-16 07:36 - 00001573 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-16 07:36 - 2015-08-16 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-16 07:33 - 2015-08-16 07:33 - 00000000 ____D C:\Program Files\iPod
2015-08-16 07:33 - 2015-08-16 07:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-14 19:57 - 2015-08-14 19:57 - 00002792 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-08-14 17:42 - 2015-08-18 15:16 - 00004978 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ROBERTPC-Robert RobertPC
2015-08-14 14:11 - 2015-08-16 22:52 - 00000000 ____D C:\ProgramData\panda_url_filtering
2015-08-14 14:10 - 2015-08-17 06:28 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Panda Security
2015-08-14 13:55 - 2015-08-17 07:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-08-14 13:55 - 2015-08-14 13:55 - 00179723 _____ C:\ProgramData\1439535315.bdinstall.bin
2015-08-14 13:55 - 2015-08-14 13:55 - 00037449 _____ C:\ProgramData\1439535310.bdinstall.bin
2015-08-14 12:44 - 2015-08-14 12:44 - 00002330 _____ C:\Users\Robert\Desktop\Chrome App Launcher.lnk
2015-08-14 12:44 - 2015-08-14 12:44 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 09:23 - 2015-07-30 21:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 09:23 - 2015-07-30 20:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 11:24 - 2015-07-19 08:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 11:24 - 2015-07-19 01:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 11:24 - 2015-07-19 01:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 11:24 - 2015-07-19 01:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 11:24 - 2015-07-19 01:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 11:24 - 2015-07-19 01:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-08-12 11:24 - 2015-07-19 01:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 11:24 - 2015-07-19 01:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 11:24 - 2015-07-19 01:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 11:24 - 2015-07-19 01:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 11:24 - 2015-07-19 01:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 11:24 - 2015-07-19 01:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 11:23 - 2015-07-29 06:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 11:23 - 2015-07-28 21:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 11:23 - 2015-07-28 21:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 11:23 - 2015-07-17 04:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-12 11:23 - 2015-07-17 03:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 11:23 - 2015-07-17 03:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 11:23 - 2015-07-17 03:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 11:23 - 2015-07-17 03:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 11:23 - 2015-07-17 03:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 11:23 - 2015-07-17 03:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 11:23 - 2015-07-17 03:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-12 11:23 - 2015-07-17 02:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-08-12 11:23 - 2015-07-17 02:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 11:23 - 2015-07-17 02:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 11:23 - 2015-07-17 02:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 11:23 - 2015-07-17 02:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-12 11:23 - 2015-07-17 02:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 11:23 - 2015-07-17 02:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 11:23 - 2015-07-17 02:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-08-12 11:23 - 2015-07-17 02:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 11:23 - 2015-07-17 02:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 11:23 - 2015-07-17 02:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 11:23 - 2015-07-17 02:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-08-12 11:23 - 2015-07-17 02:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-12 11:23 - 2015-07-17 02:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 11:23 - 2015-07-17 02:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 11:23 - 2015-07-17 02:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 11:23 - 2015-07-17 02:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 11:23 - 2015-07-17 02:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 11:23 - 2015-07-17 01:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-08-12 11:23 - 2015-07-17 01:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 11:23 - 2015-07-17 01:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 11:23 - 2015-07-17 01:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 11:23 - 2015-07-17 01:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 11:23 - 2015-07-16 07:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 11:23 - 2015-07-16 07:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 11:23 - 2015-07-16 07:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 11:23 - 2015-07-16 07:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 11:23 - 2015-07-11 00:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 11:23 - 2015-07-07 16:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-12 11:23 - 2015-07-07 16:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-08-12 11:23 - 2015-07-07 16:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-12 11:23 - 2015-07-02 05:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 11:23 - 2015-07-02 05:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 11:23 - 2015-07-02 04:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 11:23 - 2015-07-02 04:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 11:23 - 2015-06-13 00:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2015-08-12 11:23 - 2015-06-12 23:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 11:23 - 2015-06-10 01:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml
2015-08-12 11:22 - 2015-07-29 21:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 11:22 - 2015-07-29 21:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 11:22 - 2015-07-29 21:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 11:22 - 2015-07-25 01:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 11:22 - 2015-07-25 01:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 11:22 - 2015-07-25 01:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 11:22 - 2015-07-25 00:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 11:22 - 2015-07-25 00:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 11:22 - 2015-07-15 04:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-08-12 11:22 - 2015-07-15 04:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2015-08-12 11:22 - 2015-07-15 04:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2015-08-12 11:22 - 2015-07-14 10:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 11:22 - 2015-07-14 10:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 11:22 - 2015-07-14 02:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 11:22 - 2015-07-14 02:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 11:22 - 2015-07-11 01:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 11:22 - 2015-07-11 00:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 11:22 - 2015-07-11 00:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 11:22 - 2015-07-11 00:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 11:22 - 2015-07-10 23:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 11:22 - 2015-07-10 23:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 11:22 - 2015-07-10 00:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 11:22 - 2015-07-10 00:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 11:22 - 2015-07-09 23:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 11:22 - 2015-06-12 03:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-08-12 11:22 - 2015-06-12 03:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-08-11 12:34 - 2015-08-18 12:39 - 00000000 ____D C:\windows\pss
2015-08-11 11:15 - 2015-08-18 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-07 14:08 - 2015-08-07 14:12 - 00000000 ____D C:\Program Files (x86)\CaUtThePrice
2015-08-07 14:06 - 2015-08-11 08:28 - 00000000 ____D C:\ProgramData\{6eb38944-066f-5c6d-6eb3-389440662510}
2015-08-02 21:26 - 2015-08-02 21:26 - 00000000 ____D C:\ProgramData\Licenses
2015-08-02 21:25 - 2009-02-12 15:11 - 00026024 _____ (EldoS Corporation) C:\windows\system32\Drivers\rsdrvx64.sys
2015-08-02 18:48 - 2015-08-02 18:48 - 00000887 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2015-08-02 18:43 - 2015-08-02 18:43 - 00000783 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-08-02 18:40 - 2015-08-18 12:03 - 00000000 ____D C:\Users\Robert\AppData\Local\Samsung
2015-08-02 18:40 - 2015-08-02 18:40 - 00000000 ____D C:\Users\Robert\Documents\samsung
2015-08-02 18:40 - 2015-08-02 18:40 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-08-02 18:38 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\windows\SysWOW64\Redemption.dll
2015-08-02 18:38 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\windows\SysWOW64\secman.dll
2015-08-02 09:15 - 2015-08-02 09:15 - 00207255 _____ C:\ProgramData\1438480460.bdinstall.bin
2015-08-02 08:54 - 2015-08-16 23:07 - 00000000 ____D C:\Users\Robert\AppData\Roaming\QuickScan
2015-08-02 08:26 - 2015-08-02 08:26 - 00000197 _____ C:\windows\system32\2015-08-02-01-26-13.045-AvastVBoxSVC.exe-3136.log
2015-08-02 08:11 - 2015-08-02 08:11 - 00000197 _____ C:\windows\system32\2015-08-02-01-11-10.073-AvastVBoxSVC.exe-3480.log
2015-08-02 05:53 - 2015-08-02 05:53 - 00000197 _____ C:\windows\system32\2015-08-01-22-53-30.001-AvastVBoxSVC.exe-6172.log
2015-07-28 17:49 - 2015-07-28 17:49 - 00000197 _____ C:\windows\system32\2015-07-28-10-49-15.090-AvastVBoxSVC.exe-6372.log
2015-07-28 15:16 - 2015-08-18 16:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-28 15:11 - 2015-08-14 12:36 - 00000000 ____D C:\Users\Public\Foxit Software
2015-07-28 15:11 - 2015-07-28 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-07-24 22:02 - 2015-07-24 22:02 - 06609608 _____ (Piriform Ltd) C:\Users\Robert\Downloads\ccsetup508.exe
2015-07-22 11:18 - 2015-07-22 11:18 - 00000000 ____D C:\windows\SysWOW64\vbox
2015-07-22 11:18 - 2015-07-22 11:18 - 00000000 ____D C:\windows\system32\vbox
2015-07-22 10:59 - 2015-08-18 13:06 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-21 23:41 - 2015-07-21 23:41 - 00002259 _____ C:\windows\epplauncher.mif
2015-07-21 22:38 - 2015-08-17 13:00 - 13694111 ____C C:\SetACL.log
2015-07-21 22:38 - 2015-08-17 13:00 - 01039850 ____C C:\TiPerm.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 16:53 - 2013-08-22 21:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-18 16:53 - 2013-08-22 20:25 - 00524288 ___SH C:\windows\system32\config\BBI
2015-08-18 16:00 - 2013-08-22 22:36 - 00000000 ____D C:\windows\system32\sru
2015-08-18 15:23 - 2013-09-19 07:43 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-18 15:17 - 2015-05-18 08:51 - 00000000 ___RD C:\Users\Robert\Documents\Polaris Office
2015-08-18 15:17 - 2014-10-14 14:41 - 00000000 ___RD C:\Users\Robert\iCloudDrive
2015-08-18 15:17 - 2013-08-22 20:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-08-18 15:16 - 2014-06-05 01:03 - 00000000 ___DO C:\Users\Robert\SkyDrive
2015-08-18 15:14 - 2014-07-25 17:55 - 00000000 _____ C:\windows\lgfwup.ini
2015-08-18 12:03 - 2014-08-15 12:55 - 00000000 ____D C:\Users\Robert\AppData\Roaming\SAMSUNG
2015-08-18 12:03 - 2014-08-15 12:55 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-08-18 12:03 - 2014-08-15 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-18 11:34 - 2014-06-05 00:55 - 00000000 ____D C:\Users\Robert\AppData\Local\VirtualStore
2015-08-18 08:41 - 2014-06-05 04:23 - 00000010 _____ C:\Users\Robert\AppData\Local\sponge.last.runtime.cache
2015-08-18 08:06 - 2015-05-19 21:02 - 00000000 ____D C:\Users\Robert\AppData\Roaming\PolarisOfficeLink
2015-08-18 06:48 - 2014-06-27 07:17 - 00000000 ____D C:\Users\Robert\AppData\Local\Trend Micro
2015-08-18 06:45 - 2014-06-05 01:12 - 00000000 ____D C:\ProgramData\Trend Micro
2015-08-18 06:45 - 2014-06-05 01:12 - 00000000 ____D C:\Program Files\Trend Micro
2015-08-18 03:48 - 2013-08-22 22:36 - 00000000 ____D C:\windows\registration
2015-08-18 03:48 - 2013-08-22 22:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-17 13:56 - 2014-06-05 01:13 - 00000396 __RSH C:\ProgramData\ntuser.pol
2015-08-17 12:50 - 2014-06-05 00:54 - 00000000 ____D C:\Users\Robert
2015-08-17 12:09 - 2014-09-27 10:01 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Apple Computer
2015-08-17 06:45 - 2013-08-22 22:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-08-17 06:40 - 2015-06-20 11:12 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2015-08-17 06:40 - 2015-06-20 11:12 - 00000000 ____D C:\Users\Robert\AppData\Local\Skype
2015-08-17 06:40 - 2015-06-20 11:12 - 00000000 ____D C:\ProgramData\Skype
2015-08-17 06:32 - 2013-08-22 21:44 - 00371000 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-17 06:28 - 2015-05-20 11:29 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-17 05:48 - 2014-06-15 00:09 - 00000000 ____D C:\windows\Minidump
2015-08-16 23:26 - 2013-08-22 22:20 - 00000000 ____D C:\windows\CbsTemp
2015-08-16 22:56 - 2015-05-30 15:29 - 00000000 ____D C:\Program Files (x86)\Controller Companion
2015-08-16 08:02 - 2013-08-22 22:36 - 00000000 ____D C:\windows\rescache
2015-08-16 07:33 - 2014-09-27 10:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-14 15:12 - 2015-05-30 15:29 - 00000000 ____D C:\Users\Robert\AppData\Local\ControllerCompanion
2015-08-14 13:05 - 2013-08-22 22:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-14 08:51 - 2014-08-25 00:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 08:51 - 2014-08-25 00:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 08:50 - 2014-12-12 01:15 - 00000000 ____D C:\windows\system32\appraiser
2015-08-14 08:50 - 2014-08-25 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 08:50 - 2014-08-10 21:56 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-14 08:50 - 2013-08-22 22:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 08:50 - 2013-08-22 22:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 08:50 - 2013-08-22 22:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 08:50 - 2013-08-22 22:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 08:50 - 2013-08-22 22:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-14 08:49 - 2014-06-05 10:27 - 00000000 ____D C:\windows\system32\MRT
2015-08-13 20:27 - 2014-08-17 15:58 - 00007887 _____ C:\windows\BRRBCOM.INI
2015-08-13 20:25 - 2013-08-22 22:36 - 00000000 ____D C:\windows\system32\FxsTmp
2015-08-08 20:55 - 2013-08-22 22:38 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 20:55 - 2013-08-22 22:38 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 13:04 - 2014-06-05 00:55 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages
2015-08-02 21:28 - 2014-07-25 17:47 - 00000000 ____D C:\ProgramData\Temp
2015-08-02 18:48 - 2014-06-14 20:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-02 18:35 - 2014-06-14 20:48 - 00000000 ____D C:\Users\Robert\AppData\Local\Downloaded Installations
2015-07-28 15:09 - 2014-10-17 08:42 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-28 15:09 - 2014-10-17 08:42 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-28 14:57 - 2015-05-14 14:32 - 00000000 ___RD C:\Users\Robert\OneDrive
2015-07-28 10:59 - 2014-06-05 10:27 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-07-25 18:30 - 2015-04-11 11:25 - 00000000 ___SD C:\windows\system32\GWX
2015-07-22 09:00 - 2014-06-05 01:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-21 11:28 - 2014-07-28 17:57 - 00000000 ___HD C:\Users\Robert\Documents\.symform
2015-07-20 14:43 - 2015-02-04 16:04 - 00000000 ____D C:\Program Files\Recuva
2015-07-20 09:53 - 2014-06-19 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2015-02-10 18:08 - 2015-02-10 18:08 - 0000350 _____ () C:\Users\Robert\AppData\Roaming\com.nikonimagespace.uploader_state.xml
2014-06-14 20:48 - 2014-06-14 20:48 - 0000268 ___RH () C:\Users\Robert\AppData\Roaming\Piano
2014-06-14 20:48 - 2014-06-14 20:48 - 0000268 ___RH () C:\Users\Robert\AppData\Roaming\Piano Hard
2014-06-14 20:48 - 2014-06-14 20:48 - 0000268 ___RH () C:\Users\Robert\AppData\Roaming\Piano Med
2014-07-07 20:24 - 2014-07-07 20:24 - 0000000 _____ () C:\Users\Robert\AppData\Roaming\tmcef.log
2014-06-05 01:11 - 2014-06-05 01:11 - 0000036 _____ () C:\Users\Robert\AppData\Local\housecall.guid.cache
2014-06-05 04:23 - 2015-08-18 08:41 - 0000010 _____ () C:\Users\Robert\AppData\Local\sponge.last.runtime.cache
2015-08-02 09:15 - 2015-08-02 09:15 - 0207255 _____ () C:\ProgramData\1438480460.bdinstall.bin
2015-08-14 13:55 - 2015-08-14 13:55 - 0037449 _____ () C:\ProgramData\1439535310.bdinstall.bin
2015-08-14 13:55 - 2015-08-14 13:55 - 0179723 _____ () C:\ProgramData\1439535315.bdinstall.bin
2013-09-19 07:34 - 2013-09-19 07:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-14 20:48 - 2014-06-14 20:48 - 0000268 ___RH () C:\ProgramData\Pick Bass
2014-06-14 20:48 - 2014-06-14 20:48 - 0000268 ___RH () C:\ProgramData\Pipe Organ
2014-06-14 20:48 - 2014-06-14 20:48 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-06-14 20:48 - 2014-06-14 20:49 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-06-14 20:48 - 2014-06-14 20:48 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-06-14 20:48 - 2014-06-14 20:48 - 0000268 ___RH () C:\ProgramData\Planets
2014-06-14 20:48 - 2014-06-14 20:48 - 0000012 ___RH () C:\ProgramData\PrintingModule
2014-06-14 20:48 - 2014-06-14 20:48 - 0000012 ___RH () C:\ProgramData\Profiles
2014-06-14 20:48 - 2014-06-14 20:48 - 0000012 ___RH () C:\ProgramData\Quartz Composer

Some files in TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.


LastRegBack: 2015-08-16 07:43

==================== End of log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Robert (2015-08-18 16:55:16)
Running from C:\Users\Robert\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3309137435-1401997441-3551121105-500 - Administrator - Disabled)
Guest (S-1-5-21-3309137435-1401997441-3551121105-501 - Limited - Disabled)
Robert (S-1-5-21-3309137435-1401997441-3551121105-1001 - Administrator - Enabled) => C:\Users\Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Internet Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Amazon Kindle (HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-J100 (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Controller Companion (HKLM-x32\...\Steam App 367670) (Version:  - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{C12946DC-8741-45DD-A848-9E6A3D663BE1}) (Version: 7.1.5.425 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Homepage Print 2 (HKLM-x32\...\{57008A17-E76A-4832-A195-FE6A94DC8A66}) (Version: 1.0.0.0 - CORPUS CORPORATION)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Inkscape 0.48 (HKLM-x32\...\Inkscape) (Version: 0.48 - Partha Bagchi)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Microsoft OneDrive (HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)
NIKON IMAGE SPACE UPLOADER (x32 Version: 1.2 - NIKON CORPORATION) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.3.0 - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.1.1 - Nikon Corporation)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)
Polaris Office (HKLM-x32\...\InstallShield_{E4BC8CD2-81FC-45A1-902C-D54CE3DD19BB}) (Version: 7.1.33 - Infraware)
Polaris Office (x32 Version: 7.1.33 - Infraware) Hidden
Polaris Office Sync (HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\InstallShield_{11E8011C-4DB7-4120-907B-D3DEAFB3E351}) (Version: 2.001.000 - Infraware)
Polaris Office Sync (x32 Version: 2.001.000 - Infraware) Hidden
Printer Pro Desktop (HKLM-x32\...\PrinterProDesktop) (Version:  - Readdle)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 2.0.0.1412161531 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1412161531 - Copyright 2013 SAMSUNG)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version:  - Outerlight Ltd.)
The Ship Tutorial (HKLM-x32\...\Steam App 2430) (Version:  - Outerlight)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1189 - Trend Micro Inc.)
Trend Micro Password Manager (Version: 1.9.0.1137 - Trend Micro Inc.) Hidden
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
uMark 5 (HKLM-x32\...\uMark) (Version: 5.4 - Uconomix)
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.10.3 - Nikon)
YouCam (x32 Version: 3.1.5324 - CyberLink Corp.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3309137435-1401997441-3551121105-1001_Classes\CLSID\{C4FB9EEC-5B29-486B-ACD1-D93A4396E567}\InprocServer32 -> C:\Program Files (x86)\Homepage Print 2\en\HPPrint.resources.dll (CORPUS CORPORATION)
CustomCLSID: HKU\S-1-5-21-3309137435-1401997441-3551121105-1001_Classes\CLSID\{EFC91ACA-519F-428D-8472-81E158609D25}\InprocServer32 -> C:\Program Files (x86)\Homepage Print 2\en\HPPrint.resources.dll (CORPUS CORPORATION)
CustomCLSID: HKU\S-1-5-21-3309137435-1401997441-3551121105-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

18-08-2015 06:19:40 Revo Uninstaller's restore point - Emsisoft Anti-Malware

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04BB28BF-E789-4736-8828-B5DD0BC57D6C} - \User_Feed_Synchronization-{5AE5AAC2-DC5B-45E3-95B7-05D8958EC43C} -> No File <==== ATTENTION
Task: {10B73E35-A636-4C82-B604-9605A447638C} - \Microsoft OneDrive Auto Update Task-S-1-5-21-3309137435-1401997441-3551121105-1001 -> No File <==== ATTENTION
Task: {2256500C-7AA6-42EA-A9F8-BB8DCE49BB31} - \MirageAgent -> No File <==== ATTENTION
Task: {2B9FD149-84C4-4FE3-A3A3-4F14DBC02EFB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-07-28] (Microsoft Corporation)
Task: {3E590D14-3E93-48A4-8357-2F67FE0273DD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {76546C5D-AD0A-4A8B-826B-3481D2548459} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {8795D46C-2918-42FA-9F50-6A4179E89978} - System32\Tasks\CCleanerSkipUAC => I:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {90E63465-47AC-446B-9AC8-A538F9BB4E1F} - \{9AC3B894-F20D-4650-84CB-C11122302265} -> No File <==== ATTENTION
Task: {95F28B04-1BAB-44F7-BFC4-522CF3B99362} - \PandaUSBVaccine -> No File <==== ATTENTION
Task: {983C7590-FF10-4823-8A7A-FF4674DF9E15} - \Optimize Start Menu Cache Files-S-1-5-21-3309137435-1401997441-3551121105-500 -> No File <==== ATTENTION
Task: {A1F47B76-83D5-4F5F-8B16-91C0E09A8EB8} - \Apple Diagnostics -> No File <==== ATTENTION
Task: {B4FA52E7-4986-4714-8C43-5B633C45C73A} - System32\Tasks\avast! Emergency Update => I:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {C7349622-3BA1-44D5-BAB9-83FF9476FAA0} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {C78D960B-E46A-4C1F-883B-C1EA26CFDF1F} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {DAA25DF9-9D49-4EB2-A0DB-11D861BC4CDD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ROBERTPC-Robert RobertPC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {DAAFB2B5-FB1D-407D-8D7A-DBD7B4CC2E1A} - \{8B6719AF-23B2-4A7F-B1CD-7A2C5F601F21} -> No File <==== ATTENTION
Task: {F1593348-3E53-4E9A-891F-B00AD090545E} - System32\Tasks\Uninstaller_SkipUac_Robert => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {FD13D0E9-A71D-4F99-8243-E0A1826192C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Uninstaller_SkipUac_Robert.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-17 12:58 - 2015-01-27 22:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:C76EDAC3
AlternateDataStreams: C:\Users\Robert\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\Desktop\Ampa Chapa Photography-2014\Ampa and beagle.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{55582B33-859C-4341-8B73-375103DDCE80}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3EE20865-63F0-4981-A25C-645EC7BFF80C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E09F4A02-A803-4A67-9886-574ECEF0CE94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2D402B3-7ABF-4F07-982C-DED64CD974A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0A57A716-BB90-42C5-B7E3-C0A6879DCC37}] => (Allow) LPort=33300
FirewallRules: [{AC4CACF5-3B93-4A95-8DC6-5B3464264F2D}] => (Allow) C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe
FirewallRules: [{AB868D78-C621-4B27-B163-87A3566D93A2}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{0929814C-DE2A-49B5-BA64-323FF880ED8C}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{3D6F6205-7456-440F-BADD-153C50EF4199}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{2AB50202-E230-43D4-BE11-A3B5A8C1DC9A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{E984089A-21D3-4D08-8EC3-BA92098C073B}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{24876722-C446-49DF-A2CD-37F8144ABC18}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{D0EBE1CE-26AF-4DA1-936E-91F80F10041C}] => (Allow) LPort=8743
FirewallRules: [{8F04D640-F301-4679-A57C-6E3531FF9126}] => (Allow) LPort=8643
FirewallRules: [{2BDD4522-2FC0-47E4-B1C0-E9B7BFBC61C7}] => (Allow) LPort=7676
FirewallRules: [{D4F1203F-041B-4B08-880F-CC8C212558C9}] => (Allow) LPort=7679
FirewallRules: [{0C892A32-8086-402A-8730-DC7619EC62BB}] => (Allow) LPort=24234
FirewallRules: [{39C58F1C-0951-4BD4-B19E-EF95653A373C}] => (Allow) LPort=7900
FirewallRules: [{947D8E4C-79F6-4BDE-BE2E-3E471AD4A1A5}] => (Allow) LPort=1900
FirewallRules: [{522BE5FF-F1FD-41CD-B6B1-83FB9528FD8C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{54383182-7887-4596-AF55-A7B12DABBACA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4665B27D-D49C-4458-87DA-5D5F6DEB8FF4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1D33C69-BF42-4D23-9005-3534E73839FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77E8DBF9-FD46-41F1-B554-CEC7B8BAE2A8}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{14464A89-DBC6-4662-AD87-4B38F37D2BB1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{C170BB92-9609-44CB-9553-C481570B76D5}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{6AA0F656-4E8F-4BDD-80C2-DB9A2C67C265}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{DADC3F4C-A7D3-4D2F-9833-A2E7B2180B2F}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{D36A7C2D-06C3-4DD6-B64B-476C57C8C95A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0D171FF4-C1B9-40BC-9446-23E3BE44DE19}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{A99D1254-B850-4809-AF2D-3017F9C0BEAA}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{21776AEE-57B5-4C2F-8A85-6F60279FEA98}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{E5A48BDA-AA42-4EEB-9E63-B062FE6C049D}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{5371812B-DC71-4F09-AA07-498C46B2E249}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{EFBC3083-7500-4168-BF6A-B472483EC8A1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{A754408B-FF73-4666-8B8A-4AFE3A5B0586}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{3D553F13-D87C-4F2F-BF93-6DE1367D0373}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{20A45A2B-1528-4EFE-A80A-1A647E2CB991}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{C677E889-5E6E-4528-927F-09D03B9200BA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{44B1E6F3-015D-4D29-B167-4E47828003C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{72E6D875-98FD-4641-9A87-C3D577FEC696}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0B3D24FE-04F2-4143-854B-6FDEF7A32098}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{A33891A2-0667-4952-B831-9946A26FCF49}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{A3D79647-4141-490C-8772-F5607CBBF46B}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{EBDD8152-D0E7-4127-BC43-B2D6C3A1A3F7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8A3A2C34-8D18-44D2-9473-4BA2F0ED18E9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F0524BCD-49B8-479F-9A09-6FC811307570}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{3883674F-705D-4ED1-9F54-AF7C4DC351B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{775B0363-2F9A-4AE7-AAF1-386AAD2C3BB1}] => (Allow) I:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7FD440D2-DE6C-4838-873E-75CC8CC2A4CF}] => (Allow) I:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{232AF2E6-90AA-4006-8161-E67DF42EDDE0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe
FirewallRules: [{02CF7CBD-7BF9-45C2-871F-06AA2E8F709F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe
FirewallRules: [{2A3C52F9-199D-4DEE-BFAB-DE1DE3565EE4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Ship\ship.exe
FirewallRules: [{1521F170-22CF-438B-823B-9A25D3FA3186}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Ship\ship.exe
FirewallRules: [{B18DF318-CF90-460A-B6A0-4438ABC2C20E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{08E5269C-64ED-4BBD-9027-926AAC9211BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{3CB60E8B-E0D3-4AC0-8D34-900C25DFBE66}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Ship Tutorial\ship.exe
FirewallRules: [{98BF8377-C910-4BED-9AD4-31BB0C4925AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Ship Tutorial\ship.exe
FirewallRules: [{23AF3DBC-BE36-44E3-B3C7-18486CC40CF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Ship Single Player\ship.exe
FirewallRules: [{FD4FCD8B-F408-47AE-BAA5-4E32D2D78556}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Ship Single Player\ship.exe
FirewallRules: [{B07E0358-E530-412D-9C99-0F656E53FB96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{6B128EC7-86FE-4FD7-8A06-68BF932F3971}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{8F52618F-22DB-4117-B1E2-870CEB72F187}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FarCry\Bin32\FarCryConfigurator.exe
FirewallRules: [{A4918491-E328-4156-8ECD-B6C04FACE90E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FarCry\Bin32\FarCryConfigurator.exe
FirewallRules: [{7FCFDE00-2189-42F7-B743-581A547FC9B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{E1E88CAD-50E8-4905-882F-FD9D57B0BC1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{A7DF773F-F754-4E9E-9B26-FE041C7DDB05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{02C2790E-4BA7-46C0-AF7D-9AF00F27B4BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{72E7F2F5-91C8-49AE-BB84-A7C0DF64EEC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{E77B6F35-4A0C-498A-BAE1-498F9CD14AA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{12236BC5-B06B-4E53-837A-BFFE4ECDD8BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{0B93FCB0-6F64-4CCA-83CD-3348A9D611A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{88FE6F59-3D0B-4686-B90B-76BF91087BBB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{C24FCFAE-620A-4D03-A54A-C1BD5B39C992}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{026AC7F3-3CA9-4652-8A97-E5988A8D948E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Dead Space.exe
FirewallRules: [{8C821395-BED4-4901-87CE-B21613BD635D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Dead Space.exe
FirewallRules: [{FB2D8166-ADDA-44E0-A91B-24A7595C90EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{24F03D2C-5B84-4139-8D0B-CC8C97E19E34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{A8BC1EAD-360A-4DF4-A117-6284194A33C3}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{6D06DC33-EEF2-4663-A159-472DBE0708BE}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{D6C4868F-7B4A-44AB-A82A-017D30BC0BD7}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{A1B54AE7-3121-4862-8AB1-6CEBFA6EB016}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{64C370BA-CCA2-4462-A4B0-0C1C29418C94}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\The Ship Tutorial\ship.exe
FirewallRules: [{63C17243-7BDC-4F3D-8023-D88D82E18939}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\The Ship Tutorial\ship.exe
FirewallRules: [{9B902FFF-79FC-45F5-BFD7-462247013538}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{8F9B6C52-DA41-4790-8196-1C44D15D2CB5}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1FEAC863-C7D8-459F-9A89-6B1892270FF1}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{E03B425F-D284-43BA-AD73-7343A0BBC376}] => (Allow) I:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{834B696B-9046-4E44-9EA1-73B8828104F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C0E02050-477C-4F09-BD72-E4C231E33559}] => (Allow) I:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C09697A0-64C9-4531-9F6F-DCA4DF57B5A4}] => (Allow) I:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82633F1E-F5C5-428C-BC3F-8F870FF0BB07}] => (Allow) I:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E78DF285-6E3A-45B0-BFA2-832CC2E7B97F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A2914687-C88B-4BB0-A577-A05203F759F6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

==================== Faulty Device Manager Devices =============

Name: Surface Cover Audio
Description: Surface Cover Audio
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Surface Cover Telemetry
Description: Surface Cover Telemetry
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2015 11:44:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastUI.exe, version: 10.3.2225.1172, time stamp: 0x55b66cc4
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x1d08
Faulting application start time: 0xAvastUI.exe0
Faulting application path: AvastUI.exe1
Faulting module path: AvastUI.exe2
Report Id: AvastUI.exe3
Faulting package full name: AvastUI.exe4
Faulting package-relative application ID: AvastUI.exe5

Error: (08/18/2015 09:49:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastUI.exe, version: 10.3.2225.1172, time stamp: 0x55b66cc4
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x1b8c
Faulting application start time: 0xAvastUI.exe0
Faulting application path: AvastUI.exe1
Faulting module path: AvastUI.exe2
Report Id: AvastUI.exe3
Faulting package full name: AvastUI.exe4
Faulting package-relative application ID: AvastUI.exe5

Error: (08/18/2015 09:40:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastUI.exe, version: 10.3.2225.1172, time stamp: 0x55b66cc4
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x11ec
Faulting application start time: 0xAvastUI.exe0
Faulting application path: AvastUI.exe1
Faulting module path: AvastUI.exe2
Report Id: AvastUI.exe3
Faulting package full name: AvastUI.exe4
Faulting package-relative application ID: AvastUI.exe5

Error: (08/18/2015 08:40:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program USBVaccine.exe version 1.0.1.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1318

Start Time: 01d0d94694298f31

Termination Time: 0

Application Path: I:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

Report Id: 0a3c48d6-454a-11e5-83be-281878d8187c

Faulting package full name:

Faulting package-relative application ID:

Error: (08/18/2015 08:28:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fbc

Start Time: 01d0d951abc2c86a

Termination Time: 4294967295

Application Path: C:\windows\system32\backgroundTaskHost.exe

Report Id: 6ac91469-4548-11e5-83be-281878d8187c

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (08/18/2015 08:04:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68e0c
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x20ec
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (08/18/2015 07:31:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14797

Error: (08/18/2015 07:31:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14797

Error: (08/18/2015 07:31:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/18/2015 06:44:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastUI.exe, version: 10.3.2225.1172, time stamp: 0x55b66cc4
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x1b78
Faulting application start time: 0xAvastUI.exe0
Faulting application path: AvastUI.exe1
Faulting module path: AvastUI.exe2
Report Id: AvastUI.exe3
Faulting package full name: AvastUI.exe4
Faulting package-relative application ID: AvastUI.exe5


System errors:
=============
Error: (08/18/2015 04:55:17 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2015 04:55:17 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2015 04:55:04 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2015 04:55:04 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2015 04:54:45 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2015 04:54:45 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2015 04:54:31 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/18/2015 04:54:15 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/18/2015 04:54:06 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (08/18/2015 04:54:06 PM) (Source: DCOM) (EventID: 10005) (User: ROBERTPC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}


Microsoft Office:
=========================
Error: (08/18/2015 11:44:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastUI.exe10.3.2225.117255b66cc4MSVCR110.dll11.0.51106.15098858ec0000409000a326c1d0801d0d9708173fcdaI:\Program Files\AVAST Software\Avast\AvastUI.exeC:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dlld58b360a-4563-11e5-83c1-281878d8187c

Error: (08/18/2015 09:49:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastUI.exe10.3.2225.117255b66cc4MSVCR110.dll11.0.51106.15098858ec0000409000a326c1b8c01d0d96072ec2d94I:\Program Files\AVAST Software\Avast\AvastUI.exeC:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dllb146c59d-4553-11e5-83c0-281878d8187c

Error: (08/18/2015 09:40:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastUI.exe10.3.2225.117255b66cc4MSVCR110.dll11.0.51106.15098858ec0000409000a326c11ec01d0d95f4378400aI:\Program Files\AVAST Software\Avast\AvastUI.exeC:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll833be4a8-4552-11e5-83bf-281878d8187c

Error: (08/18/2015 08:40:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: USBVaccine.exe1.0.1.4131801d0d94694298f310I:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe0a3c48d6-454a-11e5-83be-281878d8187c

Error: (08/18/2015 08:28:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415fbc01d0d951abc2c86a4294967295C:\windows\system32\backgroundTaskHost.exe6ac91469-4548-11e5-83be-281878d8187cFacebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

Error: (08/18/2015 08:04:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792455959290ntdll.dll6.3.9600.1793655a68e0cc0000005000000000003d86e20ec01d0d951ccd9b0eaC:\windows\System32\GWX\GWXUX.exeC:\windows\SYSTEM32\ntdll.dll0b6fe36f-4545-11e5-83be-281878d8187c

Error: (08/18/2015 07:31:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14797

Error: (08/18/2015 07:31:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14797

Error: (08/18/2015 07:31:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/18/2015 06:44:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastUI.exe10.3.2225.117255b66cc4MSVCR110.dll11.0.51106.15098858ec0000409000a326c1b7801d0d946a567c3e8I:\Program Files\AVAST Software\Avast\AvastUI.exeC:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dlle434f687-4539-11e5-83be-281878d8187c


CodeIntegrity:
===================================
  Date: 2015-08-17 21:00:41.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 21:00:41.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 14:39:31.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 14:39:30.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 14:39:30.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 14:39:30.231
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 14:39:29.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 14:39:29.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 14:39:29.389
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 14:39:29.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 17%
Total physical RAM: 4016.04 MB
Available physical RAM: 3324.45 MB
Total Virtual: 8112.04 MB
Available Virtual: 7469.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:112.92 GB) (Free:6.88 GB) NTFS
Drive d: () (Removable) (Total:59.45 GB) (Free:2.86 GB) exFAT
Drive e: (KINGSTON) (Removable) (Total:7.31 GB) (Free:7.26 GB) FAT32
Drive i: (My Passport) (Fixed) (Total:465.73 GB) (Free:277.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 2ACE15A5)

Partition: GPT.

========================================================
Disk: 1 (Size: 59.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.3 GB) - (Type=0B)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 000521AB)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RobA7937

RobA7937
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 19 August 2015 - 02:04 AM

Here is a HiJackThis log. Anyone see the offending virus/malware? I know enough to know not to delete anything unless told to. Thanks!!

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:56:12 PM, on 19-Aug-15
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 40.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe
C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
I:\Program Files (x86)\Steam\Steam.exe
C:\Users\Robert\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\Robert\AppData\Roaming\PolarisOfficeLink\POLink.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Users\Robert\AppData\Roaming\PolarisOfficeLink\POLinkSync.exe
C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
I:\Program Files (x86)\Steam\bin\steamwebhelper.exe
E:\Special Virus Blockers-MGeeks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Trend Micro Password Manager BHO - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O2 - BHO: Homepage Print 2BHO - {EFC91ACA-519F-428D-8472-81E158609D25} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
O3 - Toolbar: Homepage Print 2 - {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
O3 - Toolbar: Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PrinterProDesktop] C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe /autorun
O4 - HKCU\..\Run: [{5F9E7405-B335-47cf-8F9A-74FD2576E4A9}] C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [Steam] "I:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BingSvc] C:\Users\Robert\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "I:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Polaris Office Sync] C:\Users\Robert\AppData\Roaming\PolarisOfficeLink\POLinkLauncher.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --manual-enhanced-bookmarks --flag-switches-end --restore-last-session http://r20.rs6.net/tn.jsp?f=001Lw0_cXnOPEcZfzm66tFmvdHC9yEy9IwRScSbfehmhTSBAnCtzvpJkom8kUb1Ha3rCsX6RZL5TWVml6f24O2Zat7tSUKFoTU-jxcaPEjPKvxCLVWKLNUGWbZtSsOhCklO8oqcMyaDhRrSAjFypfm-t2GiTq-WyiU7pu9S8F8K2Nw=&c=BcpYSSAf1NkTEQpJm94-l6aKnypKTO5dZxKB1MGaOudvr-i0L06ZXQ==&ch=PnS40DfZe2A_liOVm7GeO8e5OY_uQ5up29jMBuzcCTXUN84NjTAFWw==
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed (User 'Default user')
O4 - Startup: Controller Companion.lnk = I:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1030\9.1.1030\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1193\2.0.1082\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - I:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - I:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - Unknown owner - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
O23 - Service: Trend Micro Password Manager Central Control Service (PwmSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - I:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15764 bytes



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 AM

Posted 19 August 2015 - 08:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> I:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF user.js: detected! => C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ybn3i7gq.default-1437886874092\user.js [2015-08-11]
FF HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3309137435-1401997441-3551121105-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 AvastVBoxSvc; "I:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
U2 TMAgent; no ImagePath
S2 VBoxAswDrv; \??\I:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
Task: {04BB28BF-E789-4736-8828-B5DD0BC57D6C} - \User_Feed_Synchronization-{5AE5AAC2-DC5B-45E3-95B7-05D8958EC43C} -> No File <==== ATTENTION
Task: {10B73E35-A636-4C82-B604-9605A447638C} - \Microsoft OneDrive Auto Update Task-S-1-5-21-3309137435-1401997441-3551121105-1001 -> No File <==== ATTENTION
Task: {2256500C-7AA6-42EA-A9F8-BB8DCE49BB31} - \MirageAgent -> No File <==== ATTENTION
Task: {90E63465-47AC-446B-9AC8-A538F9BB4E1F} - \{9AC3B894-F20D-4650-84CB-C11122302265} -> No File <==== ATTENTION
Task: {95F28B04-1BAB-44F7-BFC4-522CF3B99362} - \PandaUSBVaccine -> No File <==== ATTENTION
Task: {983C7590-FF10-4823-8A7A-FF4674DF9E15} - \Optimize Start Menu Cache Files-S-1-5-21-3309137435-1401997441-3551121105-500 -> No File <==== ATTENTION
Task: {A1F47B76-83D5-4F5F-8B16-91C0E09A8EB8} - \Apple Diagnostics -> No File <==== ATTENTION
Task: {C78D960B-E46A-4C1F-883B-C1EA26CFDF1F} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {DAAFB2B5-FB1D-407D-8D7A-DBD7B4CC2E1A} - \{8B6719AF-23B2-4A7F-B1CD-7A2C5F601F21} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:C76EDAC3
AlternateDataStreams: C:\Users\Robert\SkyDrive:ms-properties

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.
===

How is the computer running now?

#4 RobA7937

RobA7937
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 19 August 2015 - 11:38 AM

Hello nasdaq:

Thank you for your prompt assistance. I am traveling and on the other side of the world so my response time may be a tad slow to you.

I followed all of your instructions and when I attempted to reinstall the Chrome browser I got an error message that said the install failed due to an error.  I am currenly using Firefox.  I don't need to reinstall Chrome at this time.

Here are the log files you requested attached.

 

I am till unable to open Programs and Features in the Control Panel so I am assuming there is still something lurking around somewhere.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 AM

Posted 19 August 2015 - 01:27 PM

These instructions are for Windows 7.

How to Enable or Disable "Programs and Features" in Windows 7
http://www.sevenforums.com/tutorials/77679-programs-features-enable-disable.html

Do not download the suggested files.

---


Go to OPTION TWO

Click on each of the links from additional instructions.
1. Open the all users, specific users or groups, or all users except administrators Local Group Policy Editor for how you want this policy applied.

If at any time you need additional help I suggest you ask in the Windows 8 forum.
http://www.bleepingcomputer.com/forums/f/209/windows-8-and-windows-81/

I do not have a Windows 8 machine to guide you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users