Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow browser/Erratic Mouse - Malware or what?


  • This topic is locked This topic is locked
8 replies to this topic

#1 meomy

meomy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 10 May 2016 - 10:25 PM

NEW MEMBER. Do you see anything wrong in HijackThis file below that is causing problems. Running WINDOWS 8.1, 64bit. 
Computer extremely SLOW on online. Mouse jumps around erraticaly & will clicks on files off & on. 
Over & over run the following: cleaned out junk files, Startups, services, stopped running processes etc., cleaned 
out REGISTRY (only what's familiar to me), cleaned out history/google etc, & "Prograns & Features", stopped Trend Micro Password. 
Used several cleaners & other programs (then deleted). REBOOTED. Next run CCleaner, HitmanPro & Malwarebytes, 
REBOOTED, NEXT RUN again CCleaner, HitmanPro, Trend Micro, as well as 1st Housecall & 2nd ATTK FakeAV Removal Tool 
both by Trend Micro & last ran HijackThis. CAN YOU HELP, I AM WORN OUT. 
 
When first start HijackThis message reads:  
"For some reason system denied write access to the hosts file. If any hijacked domains are in this file, HijackThis may NOT 
be able to fix this." ...........says I need to edit file myself. 
........says to START, RUN and TYPE: notepad C:\Windows\System32\drivers\etc\hosts. Next to find line(s) HijackThis & deleete them.  
Next SAVE the file as "hosts". (with quotes), & reboot. 
 
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:59:45 PM, on 5/10/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\TrueColor\TrueColorUI.exe
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Users\BJG\Downloads\BJG downloads\A - NEW Dwnlds\A - HijackTHIS Run 3rd aft ATTF FakeAV(by Trend Micro)\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Trend Micro DirectPass BHO - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O3 - Toolbar: Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7FD620E7CCEF09DF160B5711F3E3CB17] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Help & Support - Unknown owner - C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: igfxCUIService2.0.0.0 - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: IntelUSBoverIP - Intel - C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
O23 - Service: Intel® Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
O23 - Service: Trend Micro Password Manager Central Control Service (PwmSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: TrueColorALS - Unknown owner - C:\Program Files\TrueColor\TrueColorALS.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 13432 bytes
 
THANKS


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:51 AM

Posted 11 May 2016 - 03:05 AM

Hello meomy and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

===================================================

Run Security Check

Download Security Check by screen317 from here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.
 Logs to include with next post:

Frst.txt
Addition.txt
checkup.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 meomy

meomy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 11 May 2016 - 06:51 PM

Cannot download SECURITY CHECK, site reads "ACCOUNT SUSPENDED".  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by BJG (administrator) on BRENDA (11-05-2016 18:35:49)
Running from C:\Users\BJG\Desktop
Loaded Profiles: BJG (Available Profiles: BJG & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Audio Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19494864 2015-04-02] (Entertainment Experience)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2047216 2015-06-29] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\Run: [GoogleChromeAutoLaunch_7FD620E7CCEF09DF160B5711F3E3CB17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.)
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\MountPoints2: {c1db8c6b-db40-11e5-825f-e4f89c00de0c} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\MountPoints2: {c1db98b9-db40-11e5-825f-e4f89c00de0c} - "G:\HTC_Sync_Manager_PC.exe" 
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
Startup: C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{411D60D8-2AAB-4F8B-A649-1AF8B46AE109}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3183088221-2008294496-3976423610-1001 -> DefaultScope {1D3186DC-D4DB-414E-A6E5-62057028DBAF} URL = 
SearchScopes: HKU\S-1-5-21-3183088221-2008294496-3976423610-1001 -> {1D3186DC-D4DB-414E-A6E5-62057028DBAF} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-29] (Microsoft Corporation)
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-29] (Microsoft Corporation)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
 
FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2016-05-02]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-05-02]
 
Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.google.com/
CHR Profile: C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-05]
CHR Extension: (Nimbus Screenshot App) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2016-04-01]
CHR Extension: (Google Docs) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-05]
CHR Extension: (Google Drive) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-05]
CHR Extension: (YouTube) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-05]
CHR Extension: (Google Search) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Search by Image (by Google)) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-02-05]
CHR Extension: (Box for Chrome OS Beta) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikonaebkejmpbpcnnmfaeopkaenicgf [2016-02-05]
CHR Extension: (Pixlr-o-matic) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2016-02-05]
CHR Extension: (Google Sheets) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (Citrix Receiver) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\haiffjcadagjlijoggckpgfnoeiflnem [2016-04-18]
CHR Extension: (INTROFLAKE) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibplmbbicegddkocpglcajhhjajcndp [2016-02-05]
CHR Extension: (Google Hangouts) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-04-01]
CHR Extension: (File System for Windows) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnnfciefdpolbelmfkpmhhmlkehbdf [2016-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Trend Micro Toolbar) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-04-01]
CHR Extension: (Gmail) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-05]
CHR Profile: C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-06]
CHR Extension: (Google Docs) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (YouTube) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Google Search) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (Google Sheets) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-06]
CHR Extension: (Trend Micro Toolbar) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-02-07]
CHR Extension: (Gmail) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR Profile: C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-06]
CHR Extension: (Google Docs) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (YouTube) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Google Search) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (What is clickonce_bootstrap.exe?) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cpgfbcobbcnikanclkpphhemojnpdijn [2016-03-31]
CHR Extension: (Google Sheets) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (CCleaner v5.15.5513 Review (A Free Sy...) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jcfbmippfgigplibkicjopbbphojjnhi [2016-03-21]
CHR Extension: (How to Safely Download & Install Soft...) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jmkfimgmjkghmfgfohiijoddjdpiomdl [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR Profile: C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-06]
CHR Extension: (Google Docs) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (YouTube) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Google Search) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (Google Sheets) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-06]
CHR Extension: (Trend Micro Toolbar) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-02-07]
CHR Extension: (Gmail) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911464 2016-04-29] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [36200 2016-01-11] ()
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-11] (SurfRight B.V.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-12-14] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [363440 2015-11-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202288 2016-04-28] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor)
S3 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2020240 2015-01-23] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [92624 2015-04-02] ()
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [230128 2014-12-03] (Intel Corporation)
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2016-04-30] (Trend Micro Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2014-12-08] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [91536 2015-06-28] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [116528 2015-06-26] (Trend Micro Inc.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U3 McMPFSvc; no ImagePath
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-11 18:35 - 2016-05-11 18:37 - 00032789 _____ C:\Users\BJG\Desktop\FRST.txt
2016-05-11 18:35 - 2016-05-11 18:35 - 00000000 ____D C:\FRST
2016-05-11 18:26 - 2016-05-11 18:26 - 02381312 _____ (Farbar) C:\Users\BJG\Desktop\FRST64.exe
2016-05-11 01:51 - 2016-05-11 01:51 - 00000151 _____ C:\Users\BJG\Desktop\Winnie Parrish Hughes (1810 - 1863) - Find A Grave Memorial.url
2016-05-11 01:48 - 2016-05-11 01:48 - 00000116 _____ C:\Users\BJG\Desktop\Slow browser-Erratic Mouse - Malware or what- - Virus, Trojan, Spyware, and Malware Removal Logs.url
2016-05-10 22:13 - 2016-05-10 22:13 - 00014637 _____ C:\Users\BJG\Documents\A - HijackThis LOG.txt
2016-05-10 20:33 - 2016-05-10 20:33 - 00000000 ____D C:\Program Files\WinPcap
2016-05-10 15:55 - 2016-04-22 15:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 15:55 - 2016-04-22 15:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 15:55 - 2016-04-22 15:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 15:55 - 2016-04-22 15:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 15:55 - 2016-04-22 15:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 15:55 - 2016-04-22 15:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 15:55 - 2016-04-22 14:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 15:55 - 2016-04-22 14:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 15:55 - 2016-04-22 14:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 15:55 - 2016-04-22 14:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 15:55 - 2016-04-22 14:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-10 15:55 - 2016-04-22 14:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-10 15:55 - 2016-04-22 14:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-10 15:55 - 2016-04-22 13:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 15:55 - 2016-04-22 13:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 15:55 - 2016-04-22 13:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-10 15:55 - 2016-04-22 13:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-10 15:55 - 2016-04-22 13:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 15:55 - 2016-04-22 13:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-10 15:55 - 2016-04-22 13:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 15:55 - 2016-03-31 01:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 15:55 - 2016-03-30 22:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 15:54 - 2016-04-22 14:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-10 15:54 - 2016-04-22 14:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-10 15:54 - 2016-04-22 14:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-10 15:54 - 2016-04-22 13:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-10 15:54 - 2016-04-22 13:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-10 15:54 - 2016-04-22 13:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-10 15:54 - 2016-04-22 13:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-10 15:54 - 2016-04-22 13:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-10 15:54 - 2016-04-22 13:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-10 15:53 - 2016-04-10 02:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 15:53 - 2016-04-10 02:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 15:53 - 2016-04-09 16:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 15:53 - 2016-04-09 16:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 15:53 - 2016-04-06 16:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-10 15:53 - 2016-04-06 16:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-10 15:53 - 2016-04-06 13:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-10 15:53 - 2016-04-06 13:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-10 15:53 - 2016-04-06 13:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-10 15:53 - 2016-04-06 12:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-10 15:53 - 2016-04-06 12:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-10 15:53 - 2016-04-06 11:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-10 15:53 - 2016-04-06 11:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 15:53 - 2016-04-06 11:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-10 15:53 - 2016-04-06 10:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 15:53 - 2016-03-28 20:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 15:52 - 2016-04-11 01:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-10 15:52 - 2016-04-10 00:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 15:52 - 2016-04-09 23:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 15:52 - 2016-04-09 23:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 15:52 - 2016-04-09 23:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 15:52 - 2016-04-09 18:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-10 15:52 - 2016-04-09 17:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 00:48 - 2016-05-10 15:06 - 00000000 ____D C:\Users\BJG\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
2016-05-09 22:56 - 2016-05-11 18:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 22:55 - 2016-05-09 22:55 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-09 22:55 - 2016-05-09 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-09 22:55 - 2016-05-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-09 22:55 - 2016-05-09 22:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-09 22:55 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-09 22:55 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-09 22:55 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-09 16:41 - 2016-05-09 16:45 - 00000000 ____D C:\ProgramData\SystemExplorer
2016-05-09 16:41 - 2016-05-09 16:41 - 00001104 _____ C:\Users\Public\Desktop\System Explorer.lnk
2016-05-09 16:41 - 2016-05-09 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2016-05-09 16:41 - 2016-05-09 16:41 - 00000000 ____D C:\Program Files (x86)\System Explorer
2016-05-09 14:50 - 2016-05-09 14:50 - 00001911 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-05-09 14:50 - 2016-05-09 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-09 14:50 - 2016-05-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-09 14:49 - 2016-05-09 15:48 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-09 14:44 - 2016-05-09 14:44 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-05-09 14:44 - 2016-05-09 14:44 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-09 14:44 - 2016-05-09 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-09 14:44 - 2016-05-09 14:44 - 00000000 ____D C:\Program Files\CCleaner
2016-05-07 11:33 - 2016-05-07 11:33 - 00000088 _____ C:\Users\BJG\Desktop\Mary Jane -Mollie- Seay Hughes (1873 - 1952) - Find A Grave Memorial.url
2016-05-06 18:52 - 2016-05-06 18:52 - 00003718 _____ C:\Users\BJG\Documents\A - SLOW LP.txt
2016-05-06 16:10 - 2016-03-10 12:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-06 16:10 - 2016-03-10 11:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-06 16:10 - 2016-03-08 09:44 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-05-06 16:09 - 2016-03-15 20:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-06 16:09 - 2016-03-15 20:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-06 16:09 - 2016-03-14 11:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-06 16:09 - 2016-03-11 19:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-06 16:09 - 2016-03-11 19:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-06 16:09 - 2016-03-11 19:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-06 16:09 - 2016-03-10 11:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-06 16:09 - 2016-03-10 11:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-06 16:09 - 2016-03-10 11:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-06 16:09 - 2016-03-05 12:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-06 16:09 - 2016-03-05 12:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-06 16:09 - 2016-02-27 13:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-06 16:09 - 2016-02-27 12:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-06 16:09 - 2016-02-27 12:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-06 16:09 - 2016-02-27 11:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-02 13:15 - 2016-05-02 13:15 - 00000000 ___HD C:\TMRescueDisk
2016-05-02 13:11 - 2016-05-02 13:11 - 00001391 _____ C:\Users\BJG\Desktop\Trend Micro Internet Security.lnk
2016-05-02 13:11 - 2016-05-02 13:11 - 00000000 ____D C:\WINDOWS\SysWOW64\tmumh
2016-05-02 13:11 - 2016-05-02 13:11 - 00000000 ____D C:\WINDOWS\system32\tmumh
2016-05-02 13:11 - 2016-05-02 13:11 - 00000000 ____D C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security
2016-05-02 13:11 - 2015-11-23 03:47 - 00324912 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-05-02 13:11 - 2015-11-23 03:47 - 00133424 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmactmon.sys
2016-05-02 13:11 - 2015-11-23 03:47 - 00099632 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2016-05-02 13:11 - 2015-06-28 21:38 - 00091536 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMUMH.sys
2016-05-02 13:11 - 2015-06-26 05:20 - 00116528 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmusa.sys
2016-05-02 13:11 - 2015-06-22 21:49 - 00039056 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmel.sys
2016-05-02 13:11 - 2015-06-11 03:54 - 00059712 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC64.sys
2016-05-02 13:11 - 2015-06-08 00:54 - 00116576 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeevw.sys
2016-05-02 13:11 - 2015-05-28 05:26 - 00416608 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2016-05-02 13:09 - 2016-05-02 13:09 - 00000059 _____ C:\WINDOWS\system32\SupportTool.exe.bat
2016-05-02 13:07 - 2016-05-02 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2016-05-02 01:32 - 2016-05-05 20:29 - 00000000 ____D C:\ProgramData\Trend Micro Installer
2016-04-30 22:22 - 2016-04-30 22:22 - 00067408 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\kbfilter.sys
2016-04-30 22:22 - 2016-04-30 22:22 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-30 22:19 - 2016-04-30 22:27 - 00003540 _____ C:\WINDOWS\System32\Tasks\Trend Micro Inspect of Platinum
2016-04-29 14:51 - 2016-05-05 15:55 - 13247498 _____ C:\Users\BJG\Documents\Backup of A - INPUT IN DNA ONLINE - PPPP1 thru12-edible - DEL LATER.wbk
2016-04-23 16:37 - 2016-04-23 16:37 - 00002298 _____ C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-21 21:45 - 2016-05-05 15:54 - 00002524 _____ C:\Users\BJG\Documents\AXXX.txt
2016-04-18 10:16 - 2016-05-09 14:38 - 00000318 _____ C:\WINDOWS\Tasks\FreeFixer background scan.job
2016-04-18 10:16 - 2016-04-18 10:16 - 00002958 _____ C:\WINDOWS\System32\Tasks\FreeFixer background scan
2016-04-18 10:16 - 2016-04-18 10:16 - 00000000 ____D C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-04-15 23:15 - 2016-04-15 23:15 - 00000000 ____D C:\Users\BJG\Documents\HTC
2016-04-13 16:45 - 2016-04-15 23:04 - 01263868 _____ C:\Users\BJG\Documents\Backup of A - PICS save to paint for DNA ANCES TREE .wbk
2016-04-13 16:45 - 2016-04-14 01:56 - 01263603 _____ C:\Users\BJG\Documents\Backup of A - PICS save to paint for DNA ANCES TREE.wbk
2016-04-12 15:47 - 2016-04-12 15:47 - 00012332 _____ C:\Users\BJG\Documents\Backup of Sizemore, James L. 1915-2015 - Obit.wbk
2016-04-12 12:59 - 2016-04-04 01:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-12 12:59 - 2016-04-02 08:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-12 12:59 - 2016-04-02 08:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-12 12:59 - 2016-03-30 18:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-12 12:59 - 2016-03-30 18:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-12 12:59 - 2016-03-30 18:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-12 12:59 - 2016-03-30 18:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-12 12:59 - 2016-03-30 18:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-12 12:59 - 2016-03-11 09:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 12:59 - 2016-03-10 14:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-12 12:59 - 2016-03-10 12:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-12 12:59 - 2016-03-10 12:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 12:59 - 2016-03-10 12:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 12:59 - 2016-03-10 11:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 12:59 - 2016-03-10 11:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 12:59 - 2016-03-10 11:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 12:59 - 2016-03-03 11:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 12:59 - 2016-03-03 11:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 12:59 - 2016-03-03 11:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 12:59 - 2016-03-02 20:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-12 12:59 - 2016-03-02 20:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-11 00:02 - 2016-04-17 23:26 - 00108364 _____ C:\Users\BJG\Documents\A - SCRAP DEL.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-11 18:37 - 2016-02-05 17:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 18:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-11 18:05 - 2016-02-05 17:24 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 18:04 - 2015-08-02 13:56 - 00000000 __SHD C:\Users\BJG\IntelGraphicsProfiles
2016-05-11 18:03 - 2016-02-04 16:45 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-05-11 16:13 - 2016-02-04 16:51 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3183088221-2008294496-3976423610-1001
2016-05-11 16:06 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-11 16:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-11 16:04 - 2016-02-07 16:10 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 16:04 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-10 22:21 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-10 22:20 - 2016-02-24 18:45 - 00000000 ____D C:\Users\BJG\AppData\Local\HTC MediaHub
2016-05-10 22:17 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-10 22:16 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-10 22:14 - 2014-11-20 23:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 20:51 - 2016-02-05 01:09 - 00000036 _____ C:\Users\BJG\AppData\Local\housecall.guid.cache
2016-05-10 20:32 - 2016-03-30 14:13 - 00766422 _____ C:\Users\BJG\AppData\Local\census.cache
2016-05-10 20:32 - 2016-03-30 14:12 - 00187868 _____ C:\Users\BJG\AppData\Local\ars.cache
2016-05-10 20:32 - 2016-02-05 17:24 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:32 - 2016-02-05 17:24 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 20:26 - 2016-02-05 16:29 - 00000010 _____ C:\Users\BJG\AppData\Local\sponge.last.runtime.cache
2016-05-10 20:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-10 19:01 - 2015-08-04 01:20 - 00000000 ____D C:\Users\BJG\Downloads\BJG downloads
2016-05-10 18:52 - 2013-08-22 09:44 - 00484264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-10 18:48 - 2016-02-06 19:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-10 18:38 - 2016-02-06 19:20 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 17:57 - 2015-06-18 12:59 - 00000000 ____D C:\Temp
2016-05-10 15:43 - 2016-03-21 21:49 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 15:43 - 2016-03-21 21:49 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-10 15:43 - 2016-03-21 21:49 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-10 15:43 - 2016-03-21 21:49 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 15:43 - 2016-03-21 21:49 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-10 15:43 - 2016-03-21 21:49 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-10 15:43 - 2016-03-21 21:49 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-05-10 00:11 - 2015-08-03 23:03 - 00000000 ____D C:\Users\BJG\Documents\ZZ Docs
2016-05-09 23:52 - 2015-08-04 01:23 - 00000000 ____D C:\Users\BJG\Desktop\BJG Desktop files
2016-05-09 23:22 - 2016-02-05 01:04 - 00000000 ____D C:\Users\BJG\AppData\Roaming\DropboxOEM
2016-05-09 16:21 - 2016-02-05 17:23 - 00000000 ____D C:\Users\BJG\AppData\Local\Deployment
2016-05-09 14:46 - 2016-04-02 00:27 - 00000000 ____D C:\Users\BJG\AppData\Local\CrashDumps
2016-05-07 11:36 - 2016-02-04 16:39 - 00000000 ____D C:\Users\BJG
2016-05-06 19:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-06 18:55 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-06 18:54 - 2015-06-18 12:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-06 16:13 - 2016-02-07 16:10 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-06 16:13 - 2016-02-07 16:10 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-06 15:21 - 2016-02-05 01:16 - 00000000 ____D C:\Users\BJG\AppData\Roaming\Trend Micro
2016-05-05 20:39 - 2016-02-05 01:00 - 00000000 ____D C:\Users\BJG\AppData\Local\Trend Micro
2016-05-05 15:55 - 2016-04-02 00:24 - 00005544 _____ C:\Users\BJG\Documents\A - USE in BJG DNA Ances Tree online.txt
2016-05-02 23:33 - 2016-02-05 17:24 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-02 20:15 - 2016-02-07 16:15 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-02 20:15 - 2016-02-07 16:15 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-02 13:12 - 2016-02-05 01:11 - 00000000 ____D C:\ProgramData\Trend Micro
2016-05-02 13:11 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-05-02 13:09 - 2016-02-05 01:15 - 00000000 ____D C:\ProgramData\TMDP_Setup
2016-05-02 13:09 - 2016-02-05 01:15 - 00000000 ____D C:\ProgramData\TMDP_Log
2016-05-02 13:09 - 2016-02-05 01:14 - 00000000 ____D C:\Program Files\Trend Micro
2016-05-02 13:09 - 2013-08-22 08:25 - 00000292 _____ C:\WINDOWS\win.ini
2016-04-30 16:40 - 2016-02-14 18:37 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-04-23 18:17 - 2014-11-20 23:42 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-23 16:37 - 2016-02-05 00:51 - 00003172 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3183088221-2008294496-3976423610-1001
2016-04-18 10:01 - 2016-02-05 17:28 - 00000000 ____D C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-04-17 01:05 - 2015-08-03 18:04 - 00000000 ____D C:\Users\BJG\Documents\GENEAL 2 online
2016-04-15 23:13 - 2016-03-05 18:53 - 00007661 _____ C:\Users\BJG\AppData\Local\resmon.resmoncfg
2016-04-12 13:01 - 2015-06-18 12:57 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-12 12:59 - 2016-02-04 17:42 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
 
==================== Files in the root of some directories =======
 
2016-03-30 14:12 - 2016-05-10 20:32 - 0187868 _____ () C:\Users\BJG\AppData\Local\ars.cache
2016-03-30 14:13 - 2016-05-10 20:32 - 0766422 _____ () C:\Users\BJG\AppData\Local\census.cache
2016-02-05 01:09 - 2016-05-10 20:51 - 0000036 _____ () C:\Users\BJG\AppData\Local\housecall.guid.cache
2016-03-05 18:53 - 2016-04-15 23:13 - 0007661 _____ () C:\Users\BJG\AppData\Local\resmon.resmoncfg
2016-02-05 16:29 - 2016-05-10 20:26 - 0000010 _____ () C:\Users\BJG\AppData\Local\sponge.last.runtime.cache
2015-06-18 12:34 - 2015-06-18 12:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-18 12:48 - 2015-06-18 12:48 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-06-18 12:44 - 2015-06-18 12:45 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-06-18 12:46 - 2015-06-18 12:46 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-06-18 12:47 - 2015-06-18 12:48 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-06-18 12:44 - 2015-06-18 12:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by BJG (2016-05-11 18:37:38)
Running from C:\Users\BJG\Desktop
Windows 8.1 (X64) (2016-02-04 21:41:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3183088221-2008294496-3976423610-500 - Administrator - Disabled) => C:\Users\Administrator
BJG (S-1-5-21-3183088221-2008294496-3976423610-1001 - Administrator - Enabled) => C:\Users\BJG
Guest (S-1-5-21-3183088221-2008294496-3976423610-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Internet Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Internet Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7B3E057E-F356-4DB0-A664-4FF813C73F20}) (Version: 2.1.59.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.59.0 - Dell Inc.) Hidden
Dell Power Manager Lite (HKLM-x32\...\InstallShield_{BF1F9D57-57A1-4E87-A8E8-41F2B2AD6F53}) (Version: 1.0.0.1 - Compal Inc.)
Dell Power Manager Lite (x32 Version: 1.0.0.1 - Compal Inc.) Hidden
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell System Detect (HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\58d94f3ce2c27db0) (Version: 7.4.0.3 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.67.0 - HTC)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.5073.103 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6868.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7433 - Realtek Semiconductor Corp.)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1189 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
True Color (HKLM-x32\...\{4304f329-6a74-49c6-96bb-090a35343a6e}) (Version: 6.0.0.15 - Entertainment Experience)
True Color (Version: 6.0.0.15 - Entertainment Experience LLC) Hidden
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\3DC4DFAE92A9892CF4BE9BD6C2D01F667462A0E8) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3183088221-2008294496-3976423610-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\BJG\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3183088221-2008294496-3976423610-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\BJG\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06DA4132-C908-48B3-A423-5EFC98C64088} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {0975B0FD-BDDF-4468-8B6C-89EB2645338D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {0EB6A7C4-316C-405D-8ED1-01DF0087A620} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {238BB7D3-C063-4C0F-99AA-F81D4248A09B} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-04] (Realtek Semiconductor)
Task: {250B40CB-9D42-44E6-BCCB-3CEDFF9AFD11} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {2A664528-7762-4C20-BF0F-CB7EE9CC8EE4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-26] (Intel Corporation)
Task: {307B24E9-455C-42BB-9670-0B7E2630739B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-29] (Microsoft Corporation)
Task: {332D044F-8F80-4F61-B762-610942DFD13F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {3A8921B3-42B9-47F7-80EF-722A54A61727} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {40CDDC33-A518-448A-AE9D-49D445D584F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {478588CD-E031-4921-935E-8C3F383CD638} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {56127FA8-43EE-4FAA-A236-950D1A45D063} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation)
Task: {6009DCF0-0022-4419-AA39-1DE5FC4CBA3E} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2015-07-16] (Trend Micro Inc.)
Task: {994E153B-0942-4B70-8840-78E970DA5551} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {9ADB3BA2-3A10-4DF5-AEAA-72E69BF169FB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3183088221-2008294496-3976423610-1001 => C:\Users\BJG\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-23] (Microsoft Corporation)
Task: {9B957260-D96D-4AC5-A939-FA9CED611443} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B30980DC-6056-446D-B736-A3700F551201} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {C1475F96-C4F7-479F-993B-9C867B523BA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {DE185AAC-BAF4-4505-A882-C8EC0425FC1F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-26] (Intel Corporation)
Task: {E33ED5C9-0E73-4E70-B68D-FBCC376828A6} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {E4DD2BA1-911D-4B1C-AAF0-463AF75E9489} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2015-08-21] (Kephyr)
Task: {E5DCDA5D-7003-4133-91D3-B8102A0E2006} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {E6DCC77A-FC7A-4E73-A68C-70674C907327} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe
Task: {F30A044C-BD9D-476F-91DE-87A46555904E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\BJG\Pictures\BG Pics\1 - A- PIC EDIT online\Photo editor _ PicMonkey_ Free Online Photo Editing.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.picmonkey.com/
ShortcutWithArgument: C:\Users\BJG\Documents\ZZ Docs\A - ADOPTION - Walter\World Vital Records\Search Family History and Genealogy Resources _ WorldVitalRecords.com.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.worldvitalrecords.com/contentsearch.aspx?placeheader=state
ShortcutWithArgument: C:\Users\BJG\Documents\GENEAL 2 online\Social Security Death Master File\Social Security Death Master File free.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://ssdmf.info/
ShortcutWithArgument: C:\Users\BJG\Documents\Family Tree Maker\Help, Notes, Tips\A - NEW March 2012\www.unpuzzling.com_Guide to Documentation.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.unpuzzling.com/Guide%20to%20Documentation.pdf
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\(8) Fit For Her!.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.facebook.com/fitforherowasso
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\1940 United States Federal Census - Ancestry.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://search.ancestry.com/cgi-bin/sse.dll?db=1940usfedcen&h=89346209&indiv=try&o_cvc=Image:OtherRecord
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Ancestry.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.youtube.com/watch?v=Uv6BQ1vsRng&feature=relmfu
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Billie Bosworth Muscari _ Tulsa World.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.tulsaworld.com/ourlives/article.aspx?subjectid=426&articleid=20100311_Ob_obsl_7228152
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\citation family tree maker examples - Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.google.com/#q=citation+family+tree+maker+examples&hl=en&prmd=imvns&ei=_sQtT-ijDZOXtwfC5s3TCQ&sqi=2&start=10&sa=N&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=a737fc1750451a33&biw=1186&bih=609
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Find A County.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.naco.org/Counties/Pages/FindACounty.aspx
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Free Family Photos _ Search Old Family History Photos _ Genealogy Pictures - AncientFaces.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.ancientfaces.com/
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\HGTV Dream Home 2013 Giveaway Enter _ Dream Home _ Home & Garden Television.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.hgtv.com/hgtv-dream-home-2013-giveaway-enter/package/index.html?affiliate=blocker&omnisource=SEM&c1=2013_Dream_Home&c2=Google&c3=HGTV_Brand&c4=hgtv
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.fitforherbrookside.com/
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Interview Request - Find My Family Adoption Search and Reunion Registry.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.findmyfamily.org/press.htm
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\James Day b. 1873 GA-living 1926 - Nolan - Family History & Genealogy Message Board - Ancestry.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://boards.ancestry.com/localities.northam.usa.states.texas.counties.nolan/701.743/mb.ashx
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\sources photograph family tree maker bowling - Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.google.com/#q=SOURCES+PHOTOGRAPH+family+tree+maker+bowling&hl=en&prmd=imvns&ei=wEmPT_PjEpPW9QTqoOGDBA&sqi=2&start=10&sa=N&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=d06f1b201f57f957&biw=1280&bih=709
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\sources _descendants of_ bolding - Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.google.com/#hl=en&sugexp=frgbld&gs_nf=1&tok=WpxaMd7dY7Tn0Wa5_dDjsQ&pq=microfilm%20book%20photograph%20sources%20%22descendants%20of%22%20bolding&cp=0&gs_id=7&xhr=t&q=sources+%22descendants+of%22+bolding&pf=p&sclient=psy-ab&oq=sources+%22des
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\SuperAntiSpyware Free Edition - CNET Download.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\The ANI Report.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://anireport.com/lookup/5126329763/
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\US-CERT - Publications PER BJG - HOW TO SECURE COMPUTER.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.us-cert.gov/reading_room/
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\wolffrum _kay county_ - Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.google.com/webhp?source=search_app#hl=en&gs_nf=1&tok=qcO8-ngygWFeIqW8EGEPHQ&pq=%22wolffrum%20lenita%20g%22&cp=21&gs_id=2h&xhr=t&q=wolffrum+%22kay+county%22&pf=p&sclient=psy-ab&oq=wolffrum+%22kay+county%22&aq=f&aqi=&aql=&gs_l=&pbx=1&bav=on.2
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\www.nysba.org_AM_Template.cfm_Section=Downloadable_Forms&Template=_CM_ContentDisplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.nysba.org/AM/Template.cfm?Section=Downloadable_Forms&Template=/CM/ContentDisplay.cfm&ContentID=51334
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Yasni result for http___members.boardhost.com_magoffin_msg_1200954150.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.yasni.com/ext.php?url=http%3A%2F%2Fmembers.boardhost.com%2Fmagoffin%2Fmsg%2F1200954150.html&name=Rebecca+Dranikoski+Sizemore&cat=other&showads=1
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\ySearch.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.ysearch.org/alphalist_lastname.asp?uid=&region=&letter=B&searchtype=exact&lastname=Bowling
 
 
THANKS


#4 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:51 AM

Posted 12 May 2016 - 02:07 AM

Attach.txt is incomplete. Please post it again.

 

Thanks


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 meomy

meomy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 12 May 2016 - 03:24 PM

Everything I have is below.  If you need more just let me know exactly what 's missing.

 

Reposting (2) files again FRST.txt & Addition.txt. Also posting for 1st time (found where I was able to download) SECURITYCHECKUP.EXE from your site only at: http://www.bleepingcomputer.com/download/securitycheck/dl/123/
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by BJG (administrator) on BRENDA (11-05-2016 18:35:49)
Running from C:\Users\BJG\Desktop
Loaded Profiles: BJG (Available Profiles: BJG & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Audio Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19494864 2015-04-02] (Entertainment Experience)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2047216 2015-06-29] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\Run: [GoogleChromeAutoLaunch_7FD620E7CCEF09DF160B5711F3E3CB17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.)
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\MountPoints2: {c1db8c6b-db40-11e5-825f-e4f89c00de0c} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\MountPoints2: {c1db98b9-db40-11e5-825f-e4f89c00de0c} - "G:\HTC_Sync_Manager_PC.exe" 
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
Startup: C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{411D60D8-2AAB-4F8B-A649-1AF8B46AE109}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3183088221-2008294496-3976423610-1001 -> DefaultScope {1D3186DC-D4DB-414E-A6E5-62057028DBAF} URL = 
SearchScopes: HKU\S-1-5-21-3183088221-2008294496-3976423610-1001 -> {1D3186DC-D4DB-414E-A6E5-62057028DBAF} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-29] (Microsoft Corporation)
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-29] (Microsoft Corporation)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
 
FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2016-05-02]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-05-02]
 
Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.google.com/
CHR Profile: C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-05]
CHR Extension: (Nimbus Screenshot App) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2016-04-01]
CHR Extension: (Google Docs) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-05]
CHR Extension: (Google Drive) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-05]
CHR Extension: (YouTube) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-05]
CHR Extension: (Google Search) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Search by Image (by Google)) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-02-05]
CHR Extension: (Box for Chrome OS Beta) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikonaebkejmpbpcnnmfaeopkaenicgf [2016-02-05]
CHR Extension: (Pixlr-o-matic) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2016-02-05]
CHR Extension: (Google Sheets) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (Citrix Receiver) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\haiffjcadagjlijoggckpgfnoeiflnem [2016-04-18]
CHR Extension: (INTROFLAKE) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibplmbbicegddkocpglcajhhjajcndp [2016-02-05]
CHR Extension: (Google Hangouts) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-04-01]
CHR Extension: (File System for Windows) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnnfciefdpolbelmfkpmhhmlkehbdf [2016-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Trend Micro Toolbar) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-04-01]
CHR Extension: (Gmail) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-05]
CHR Profile: C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-06]
CHR Extension: (Google Docs) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (YouTube) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Google Search) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (Google Sheets) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-06]
CHR Extension: (Trend Micro Toolbar) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-02-07]
CHR Extension: (Gmail) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR Profile: C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-06]
CHR Extension: (Google Docs) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (YouTube) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Google Search) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (What is clickonce_bootstrap.exe?) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cpgfbcobbcnikanclkpphhemojnpdijn [2016-03-31]
CHR Extension: (Google Sheets) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (CCleaner v5.15.5513 Review (A Free Sy...) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jcfbmippfgigplibkicjopbbphojjnhi [2016-03-21]
CHR Extension: (How to Safely Download & Install Soft...) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jmkfimgmjkghmfgfohiijoddjdpiomdl [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR Profile: C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-06]
CHR Extension: (Google Docs) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (YouTube) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Google Search) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (Google Sheets) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-06]
CHR Extension: (Trend Micro Toolbar) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-02-07]
CHR Extension: (Gmail) - C:\Users\BJG\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911464 2016-04-29] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [36200 2016-01-11] ()
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-11] (SurfRight B.V.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-12-14] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [363440 2015-11-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202288 2016-04-28] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor)
S3 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2020240 2015-01-23] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [92624 2015-04-02] ()
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [230128 2014-12-03] (Intel Corporation)
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2016-04-30] (Trend Micro Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2014-12-08] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [91536 2015-06-28] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [116528 2015-06-26] (Trend Micro Inc.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U3 McMPFSvc; no ImagePath
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-11 18:35 - 2016-05-11 18:37 - 00032789 _____ C:\Users\BJG\Desktop\FRST.txt
2016-05-11 18:35 - 2016-05-11 18:35 - 00000000 ____D C:\FRST
2016-05-11 18:26 - 2016-05-11 18:26 - 02381312 _____ (Farbar) C:\Users\BJG\Desktop\FRST64.exe
2016-05-11 01:51 - 2016-05-11 01:51 - 00000151 _____ C:\Users\BJG\Desktop\Winnie Parrish Hughes (1810 - 1863) - Find A Grave Memorial.url
2016-05-11 01:48 - 2016-05-11 01:48 - 00000116 _____ C:\Users\BJG\Desktop\Slow browser-Erratic Mouse - Malware or what- - Virus, Trojan, Spyware, and Malware Removal Logs.url
2016-05-10 22:13 - 2016-05-10 22:13 - 00014637 _____ C:\Users\BJG\Documents\A - HijackThis LOG.txt
2016-05-10 20:33 - 2016-05-10 20:33 - 00000000 ____D C:\Program Files\WinPcap
2016-05-10 15:55 - 2016-04-22 15:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 15:55 - 2016-04-22 15:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 15:55 - 2016-04-22 15:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 15:55 - 2016-04-22 15:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 15:55 - 2016-04-22 15:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 15:55 - 2016-04-22 15:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 15:55 - 2016-04-22 14:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 15:55 - 2016-04-22 14:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 15:55 - 2016-04-22 14:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 15:55 - 2016-04-22 14:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 15:55 - 2016-04-22 14:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-10 15:55 - 2016-04-22 14:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-10 15:55 - 2016-04-22 14:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-10 15:55 - 2016-04-22 13:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 15:55 - 2016-04-22 13:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 15:55 - 2016-04-22 13:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-10 15:55 - 2016-04-22 13:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-10 15:55 - 2016-04-22 13:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 15:55 - 2016-04-22 13:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-10 15:55 - 2016-04-22 13:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 15:55 - 2016-03-31 01:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 15:55 - 2016-03-30 22:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 15:54 - 2016-04-22 14:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-10 15:54 - 2016-04-22 14:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-10 15:54 - 2016-04-22 14:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-10 15:54 - 2016-04-22 13:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-10 15:54 - 2016-04-22 13:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-10 15:54 - 2016-04-22 13:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-10 15:54 - 2016-04-22 13:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-10 15:54 - 2016-04-22 13:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-10 15:54 - 2016-04-22 13:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-10 15:53 - 2016-04-10 02:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 15:53 - 2016-04-10 02:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 15:53 - 2016-04-09 16:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 15:53 - 2016-04-09 16:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 15:53 - 2016-04-06 16:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-10 15:53 - 2016-04-06 16:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-10 15:53 - 2016-04-06 13:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-10 15:53 - 2016-04-06 13:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-10 15:53 - 2016-04-06 13:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-10 15:53 - 2016-04-06 12:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-10 15:53 - 2016-04-06 12:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-10 15:53 - 2016-04-06 11:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-10 15:53 - 2016-04-06 11:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 15:53 - 2016-04-06 11:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-10 15:53 - 2016-04-06 10:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 15:53 - 2016-03-28 20:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 15:52 - 2016-04-11 01:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-10 15:52 - 2016-04-10 00:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 15:52 - 2016-04-09 23:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 15:52 - 2016-04-09 23:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 15:52 - 2016-04-09 23:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 15:52 - 2016-04-09 18:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-10 15:52 - 2016-04-09 17:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 00:48 - 2016-05-10 15:06 - 00000000 ____D C:\Users\BJG\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
2016-05-09 22:56 - 2016-05-11 18:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 22:55 - 2016-05-09 22:55 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-09 22:55 - 2016-05-09 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-09 22:55 - 2016-05-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-09 22:55 - 2016-05-09 22:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-09 22:55 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-09 22:55 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-09 22:55 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-09 16:41 - 2016-05-09 16:45 - 00000000 ____D C:\ProgramData\SystemExplorer
2016-05-09 16:41 - 2016-05-09 16:41 - 00001104 _____ C:\Users\Public\Desktop\System Explorer.lnk
2016-05-09 16:41 - 2016-05-09 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2016-05-09 16:41 - 2016-05-09 16:41 - 00000000 ____D C:\Program Files (x86)\System Explorer
2016-05-09 14:50 - 2016-05-09 14:50 - 00001911 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-05-09 14:50 - 2016-05-09 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-09 14:50 - 2016-05-09 14:50 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-09 14:49 - 2016-05-09 15:48 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-09 14:44 - 2016-05-09 14:44 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-05-09 14:44 - 2016-05-09 14:44 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-09 14:44 - 2016-05-09 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-09 14:44 - 2016-05-09 14:44 - 00000000 ____D C:\Program Files\CCleaner
2016-05-07 11:33 - 2016-05-07 11:33 - 00000088 _____ C:\Users\BJG\Desktop\Mary Jane -Mollie- Seay Hughes (1873 - 1952) - Find A Grave Memorial.url
2016-05-06 18:52 - 2016-05-06 18:52 - 00003718 _____ C:\Users\BJG\Documents\A - SLOW LP.txt
2016-05-06 16:10 - 2016-03-10 12:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-06 16:10 - 2016-03-10 11:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-06 16:10 - 2016-03-08 09:44 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-05-06 16:09 - 2016-03-15 20:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-06 16:09 - 2016-03-15 20:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-06 16:09 - 2016-03-14 11:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-06 16:09 - 2016-03-11 19:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-06 16:09 - 2016-03-11 19:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-06 16:09 - 2016-03-11 19:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-06 16:09 - 2016-03-10 11:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-06 16:09 - 2016-03-10 11:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-06 16:09 - 2016-03-10 11:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-06 16:09 - 2016-03-05 12:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-06 16:09 - 2016-03-05 12:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-06 16:09 - 2016-02-27 13:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-06 16:09 - 2016-02-27 12:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-06 16:09 - 2016-02-27 12:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-06 16:09 - 2016-02-27 11:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-02 13:15 - 2016-05-02 13:15 - 00000000 ___HD C:\TMRescueDisk
2016-05-02 13:11 - 2016-05-02 13:11 - 00001391 _____ C:\Users\BJG\Desktop\Trend Micro Internet Security.lnk
2016-05-02 13:11 - 2016-05-02 13:11 - 00000000 ____D C:\WINDOWS\SysWOW64\tmumh
2016-05-02 13:11 - 2016-05-02 13:11 - 00000000 ____D C:\WINDOWS\system32\tmumh
2016-05-02 13:11 - 2016-05-02 13:11 - 00000000 ____D C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security
2016-05-02 13:11 - 2015-11-23 03:47 - 00324912 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-05-02 13:11 - 2015-11-23 03:47 - 00133424 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmactmon.sys
2016-05-02 13:11 - 2015-11-23 03:47 - 00099632 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2016-05-02 13:11 - 2015-06-28 21:38 - 00091536 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMUMH.sys
2016-05-02 13:11 - 2015-06-26 05:20 - 00116528 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmusa.sys
2016-05-02 13:11 - 2015-06-22 21:49 - 00039056 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmel.sys
2016-05-02 13:11 - 2015-06-11 03:54 - 00059712 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC64.sys
2016-05-02 13:11 - 2015-06-08 00:54 - 00116576 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeevw.sys
2016-05-02 13:11 - 2015-05-28 05:26 - 00416608 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2016-05-02 13:09 - 2016-05-02 13:09 - 00000059 _____ C:\WINDOWS\system32\SupportTool.exe.bat
2016-05-02 13:07 - 2016-05-02 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2016-05-02 01:32 - 2016-05-05 20:29 - 00000000 ____D C:\ProgramData\Trend Micro Installer
2016-04-30 22:22 - 2016-04-30 22:22 - 00067408 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\kbfilter.sys
2016-04-30 22:22 - 2016-04-30 22:22 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-30 22:19 - 2016-04-30 22:27 - 00003540 _____ C:\WINDOWS\System32\Tasks\Trend Micro Inspect of Platinum
2016-04-29 14:51 - 2016-05-05 15:55 - 13247498 _____ C:\Users\BJG\Documents\Backup of A - INPUT IN DNA ONLINE - PPPP1 thru12-edible - DEL LATER.wbk
2016-04-23 16:37 - 2016-04-23 16:37 - 00002298 _____ C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-21 21:45 - 2016-05-05 15:54 - 00002524 _____ C:\Users\BJG\Documents\AXXX.txt
2016-04-18 10:16 - 2016-05-09 14:38 - 00000318 _____ C:\WINDOWS\Tasks\FreeFixer background scan.job
2016-04-18 10:16 - 2016-04-18 10:16 - 00002958 _____ C:\WINDOWS\System32\Tasks\FreeFixer background scan
2016-04-18 10:16 - 2016-04-18 10:16 - 00000000 ____D C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-04-15 23:15 - 2016-04-15 23:15 - 00000000 ____D C:\Users\BJG\Documents\HTC
2016-04-13 16:45 - 2016-04-15 23:04 - 01263868 _____ C:\Users\BJG\Documents\Backup of A - PICS save to paint for DNA ANCES TREE .wbk
2016-04-13 16:45 - 2016-04-14 01:56 - 01263603 _____ C:\Users\BJG\Documents\Backup of A - PICS save to paint for DNA ANCES TREE.wbk
2016-04-12 15:47 - 2016-04-12 15:47 - 00012332 _____ C:\Users\BJG\Documents\Backup of Sizemore, James L. 1915-2015 - Obit.wbk
2016-04-12 12:59 - 2016-04-04 01:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-12 12:59 - 2016-04-02 08:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-12 12:59 - 2016-04-02 08:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-12 12:59 - 2016-03-30 18:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-12 12:59 - 2016-03-30 18:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-12 12:59 - 2016-03-30 18:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-12 12:59 - 2016-03-30 18:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-12 12:59 - 2016-03-30 18:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-12 12:59 - 2016-03-28 08:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-12 12:59 - 2016-03-11 09:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 12:59 - 2016-03-10 14:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-12 12:59 - 2016-03-10 12:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-12 12:59 - 2016-03-10 12:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 12:59 - 2016-03-10 12:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 12:59 - 2016-03-10 11:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 12:59 - 2016-03-10 11:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 12:59 - 2016-03-10 11:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 12:59 - 2016-03-03 11:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 12:59 - 2016-03-03 11:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 12:59 - 2016-03-03 11:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 12:59 - 2016-03-02 20:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-12 12:59 - 2016-03-02 20:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-11 00:02 - 2016-04-17 23:26 - 00108364 _____ C:\Users\BJG\Documents\A - SCRAP DEL.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-11 18:37 - 2016-02-05 17:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 18:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-11 18:05 - 2016-02-05 17:24 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 18:04 - 2015-08-02 13:56 - 00000000 __SHD C:\Users\BJG\IntelGraphicsProfiles
2016-05-11 18:03 - 2016-02-04 16:45 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-05-11 16:13 - 2016-02-04 16:51 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3183088221-2008294496-3976423610-1001
2016-05-11 16:06 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-11 16:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-11 16:04 - 2016-02-07 16:10 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 16:04 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-10 22:21 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-10 22:20 - 2016-02-24 18:45 - 00000000 ____D C:\Users\BJG\AppData\Local\HTC MediaHub
2016-05-10 22:17 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-10 22:16 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-10 22:14 - 2014-11-20 23:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 20:51 - 2016-02-05 01:09 - 00000036 _____ C:\Users\BJG\AppData\Local\housecall.guid.cache
2016-05-10 20:32 - 2016-03-30 14:13 - 00766422 _____ C:\Users\BJG\AppData\Local\census.cache
2016-05-10 20:32 - 2016-03-30 14:12 - 00187868 _____ C:\Users\BJG\AppData\Local\ars.cache
2016-05-10 20:32 - 2016-02-05 17:24 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:32 - 2016-02-05 17:24 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 20:26 - 2016-02-05 16:29 - 00000010 _____ C:\Users\BJG\AppData\Local\sponge.last.runtime.cache
2016-05-10 20:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-10 19:01 - 2015-08-04 01:20 - 00000000 ____D C:\Users\BJG\Downloads\BJG downloads
2016-05-10 18:52 - 2013-08-22 09:44 - 00484264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-10 18:48 - 2016-02-06 19:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-10 18:38 - 2016-02-06 19:20 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 17:57 - 2015-06-18 12:59 - 00000000 ____D C:\Temp
2016-05-10 15:43 - 2016-03-21 21:49 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 15:43 - 2016-03-21 21:49 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-10 15:43 - 2016-03-21 21:49 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-10 15:43 - 2016-03-21 21:49 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 15:43 - 2016-03-21 21:49 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-10 15:43 - 2016-03-21 21:49 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-10 15:43 - 2016-03-21 21:49 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-05-10 00:11 - 2015-08-03 23:03 - 00000000 ____D C:\Users\BJG\Documents\ZZ Docs
2016-05-09 23:52 - 2015-08-04 01:23 - 00000000 ____D C:\Users\BJG\Desktop\BJG Desktop files
2016-05-09 23:22 - 2016-02-05 01:04 - 00000000 ____D C:\Users\BJG\AppData\Roaming\DropboxOEM
2016-05-09 16:21 - 2016-02-05 17:23 - 00000000 ____D C:\Users\BJG\AppData\Local\Deployment
2016-05-09 14:46 - 2016-04-02 00:27 - 00000000 ____D C:\Users\BJG\AppData\Local\CrashDumps
2016-05-07 11:36 - 2016-02-04 16:39 - 00000000 ____D C:\Users\BJG
2016-05-06 19:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-06 18:55 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-06 18:54 - 2015-06-18 12:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-06 16:13 - 2016-02-07 16:10 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-06 16:13 - 2016-02-07 16:10 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-06 15:21 - 2016-02-05 01:16 - 00000000 ____D C:\Users\BJG\AppData\Roaming\Trend Micro
2016-05-05 20:39 - 2016-02-05 01:00 - 00000000 ____D C:\Users\BJG\AppData\Local\Trend Micro
2016-05-05 15:55 - 2016-04-02 00:24 - 00005544 _____ C:\Users\BJG\Documents\A - USE in BJG DNA Ances Tree online.txt
2016-05-02 23:33 - 2016-02-05 17:24 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-02 20:15 - 2016-02-07 16:15 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-02 20:15 - 2016-02-07 16:15 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-02 13:12 - 2016-02-05 01:11 - 00000000 ____D C:\ProgramData\Trend Micro
2016-05-02 13:11 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-05-02 13:09 - 2016-02-05 01:15 - 00000000 ____D C:\ProgramData\TMDP_Setup
2016-05-02 13:09 - 2016-02-05 01:15 - 00000000 ____D C:\ProgramData\TMDP_Log
2016-05-02 13:09 - 2016-02-05 01:14 - 00000000 ____D C:\Program Files\Trend Micro
2016-05-02 13:09 - 2013-08-22 08:25 - 00000292 _____ C:\WINDOWS\win.ini
2016-04-30 16:40 - 2016-02-14 18:37 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-04-23 18:17 - 2014-11-20 23:42 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-23 16:37 - 2016-02-05 00:51 - 00003172 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3183088221-2008294496-3976423610-1001
2016-04-18 10:01 - 2016-02-05 17:28 - 00000000 ____D C:\Users\BJG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-04-17 01:05 - 2015-08-03 18:04 - 00000000 ____D C:\Users\BJG\Documents\GENEAL 2 online
2016-04-15 23:13 - 2016-03-05 18:53 - 00007661 _____ C:\Users\BJG\AppData\Local\resmon.resmoncfg
2016-04-12 13:01 - 2015-06-18 12:57 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-12 12:59 - 2016-02-04 17:42 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
 
==================== Files in the root of some directories =======
 
2016-03-30 14:12 - 2016-05-10 20:32 - 0187868 _____ () C:\Users\BJG\AppData\Local\ars.cache
2016-03-30 14:13 - 2016-05-10 20:32 - 0766422 _____ () C:\Users\BJG\AppData\Local\census.cache
2016-02-05 01:09 - 2016-05-10 20:51 - 0000036 _____ () C:\Users\BJG\AppData\Local\housecall.guid.cache
2016-03-05 18:53 - 2016-04-15 23:13 - 0007661 _____ () C:\Users\BJG\AppData\Local\resmon.resmoncfg
2016-02-05 16:29 - 2016-05-10 20:26 - 0000010 _____ () C:\Users\BJG\AppData\Local\sponge.last.runtime.cache
2015-06-18 12:34 - 2015-06-18 12:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-18 12:48 - 2015-06-18 12:48 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-06-18 12:44 - 2015-06-18 12:45 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-06-18 12:46 - 2015-06-18 12:46 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-06-18 12:47 - 2015-06-18 12:48 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-06-18 12:44 - 2015-06-18 12:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNEXTxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
                                  ADDITION.TXT
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by BJG (2016-05-11 18:37:38)
Running from C:\Users\BJG\Desktop
Windows 8.1 (X64) (2016-02-04 21:41:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3183088221-2008294496-3976423610-500 - Administrator - Disabled) => C:\Users\Administrator
BJG (S-1-5-21-3183088221-2008294496-3976423610-1001 - Administrator - Enabled) => C:\Users\BJG
Guest (S-1-5-21-3183088221-2008294496-3976423610-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Internet Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Internet Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7B3E057E-F356-4DB0-A664-4FF813C73F20}) (Version: 2.1.59.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.59.0 - Dell Inc.) Hidden
Dell Power Manager Lite (HKLM-x32\...\InstallShield_{BF1F9D57-57A1-4E87-A8E8-41F2B2AD6F53}) (Version: 1.0.0.1 - Compal Inc.)
Dell Power Manager Lite (x32 Version: 1.0.0.1 - Compal Inc.) Hidden
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell System Detect (HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\58d94f3ce2c27db0) (Version: 7.4.0.3 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.67.0 - HTC)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.5073.103 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6868.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3183088221-2008294496-3976423610-1001\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7433 - Realtek Semiconductor Corp.)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1189 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
True Color (HKLM-x32\...\{4304f329-6a74-49c6-96bb-090a35343a6e}) (Version: 6.0.0.15 - Entertainment Experience)
True Color (Version: 6.0.0.15 - Entertainment Experience LLC) Hidden
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\3DC4DFAE92A9892CF4BE9BD6C2D01F667462A0E8) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3183088221-2008294496-3976423610-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\BJG\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3183088221-2008294496-3976423610-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\BJG\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06DA4132-C908-48B3-A423-5EFC98C64088} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {0975B0FD-BDDF-4468-8B6C-89EB2645338D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {0EB6A7C4-316C-405D-8ED1-01DF0087A620} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {238BB7D3-C063-4C0F-99AA-F81D4248A09B} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-04] (Realtek Semiconductor)
Task: {250B40CB-9D42-44E6-BCCB-3CEDFF9AFD11} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {2A664528-7762-4C20-BF0F-CB7EE9CC8EE4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-26] (Intel Corporation)
Task: {307B24E9-455C-42BB-9670-0B7E2630739B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-29] (Microsoft Corporation)
Task: {332D044F-8F80-4F61-B762-610942DFD13F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {3A8921B3-42B9-47F7-80EF-722A54A61727} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {40CDDC33-A518-448A-AE9D-49D445D584F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {478588CD-E031-4921-935E-8C3F383CD638} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {56127FA8-43EE-4FAA-A236-950D1A45D063} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation)
Task: {6009DCF0-0022-4419-AA39-1DE5FC4CBA3E} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2015-07-16] (Trend Micro Inc.)
Task: {994E153B-0942-4B70-8840-78E970DA5551} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {9ADB3BA2-3A10-4DF5-AEAA-72E69BF169FB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3183088221-2008294496-3976423610-1001 => C:\Users\BJG\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-23] (Microsoft Corporation)
Task: {9B957260-D96D-4AC5-A939-FA9CED611443} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B30980DC-6056-446D-B736-A3700F551201} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {C1475F96-C4F7-479F-993B-9C867B523BA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {DE185AAC-BAF4-4505-A882-C8EC0425FC1F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-26] (Intel Corporation)
Task: {E33ED5C9-0E73-4E70-B68D-FBCC376828A6} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {E4DD2BA1-911D-4B1C-AAF0-463AF75E9489} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2015-08-21] (Kephyr)
Task: {E5DCDA5D-7003-4133-91D3-B8102A0E2006} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {E6DCC77A-FC7A-4E73-A68C-70674C907327} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe
Task: {F30A044C-BD9D-476F-91DE-87A46555904E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\BJG\Pictures\BG Pics\1 - A- PIC EDIT online\Photo editor _ PicMonkey_ Free Online Photo Editing.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.picmonkey.com/
ShortcutWithArgument: C:\Users\BJG\Documents\ZZ Docs\A - ADOPTION - Walter\World Vital Records\Search Family History and Genealogy Resources _ WorldVitalRecords.com.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.worldvitalrecords.com/contentsearch.aspx?placeheader=state
ShortcutWithArgument: C:\Users\BJG\Documents\GENEAL 2 online\Social Security Death Master File\Social Security Death Master File free.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://ssdmf.info/
ShortcutWithArgument: C:\Users\BJG\Documents\Family Tree Maker\Help, Notes, Tips\A - NEW March 2012\www.unpuzzling.com_Guide to Documentation.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.unpuzzling.com/Guide%20to%20Documentation.pdf
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\(8) Fit For Her!.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.facebook.com/fitforherowasso
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\1940 United States Federal Census - Ancestry.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://search.ancestry.com/cgi-bin/sse.dll?db=1940usfedcen&h=89346209&indiv=try&o_cvc=Image:OtherRecord
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Ancestry.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.youtube.com/watch?v=Uv6BQ1vsRng&feature=relmfu
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Billie Bosworth Muscari _ Tulsa World.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.tulsaworld.com/ourlives/article.aspx?subjectid=426&articleid=20100311_Ob_obsl_7228152
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\citation family tree maker examples - Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.google.com/#q=citation+family+tree+maker+examples&hl=en&prmd=imvns&ei=_sQtT-ijDZOXtwfC5s3TCQ&sqi=2&start=10&sa=N&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=a737fc1750451a33&biw=1186&bih=609
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Find A County.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.naco.org/Counties/Pages/FindACounty.aspx
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Free Family Photos _ Search Old Family History Photos _ Genealogy Pictures - AncientFaces.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.ancientfaces.com/
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\HGTV Dream Home 2013 Giveaway Enter _ Dream Home _ Home & Garden Television.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.hgtv.com/hgtv-dream-home-2013-giveaway-enter/package/index.html?affiliate=blocker&omnisource=SEM&c1=2013_Dream_Home&c2=Google&c3=HGTV_Brand&c4=hgtv
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.fitforherbrookside.com/
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Interview Request - Find My Family Adoption Search and Reunion Registry.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.findmyfamily.org/press.htm
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\James Day b. 1873 GA-living 1926 - Nolan - Family History & Genealogy Message Board - Ancestry.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://boards.ancestry.com/localities.northam.usa.states.texas.counties.nolan/701.743/mb.ashx
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\sources photograph family tree maker bowling - Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.google.com/#q=SOURCES+PHOTOGRAPH+family+tree+maker+bowling&hl=en&prmd=imvns&ei=wEmPT_PjEpPW9QTqoOGDBA&sqi=2&start=10&sa=N&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=d06f1b201f57f957&biw=1280&bih=709
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\sources _descendants of_ bolding - Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.google.com/#hl=en&sugexp=frgbld&gs_nf=1&tok=WpxaMd7dY7Tn0Wa5_dDjsQ&pq=microfilm%20book%20photograph%20sources%20%22descendants%20of%22%20bolding&cp=0&gs_id=7&xhr=t&q=sources+%22descendants+of%22+bolding&pf=p&sclient=psy-ab&oq=sources+%22des
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\SuperAntiSpyware Free Edition - CNET Download.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\The ANI Report.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://anireport.com/lookup/5126329763/
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\US-CERT - Publications PER BJG - HOW TO SECURE COMPUTER.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.us-cert.gov/reading_room/
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\wolffrum _kay county_ - Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.google.com/webhp?source=search_app#hl=en&gs_nf=1&tok=qcO8-ngygWFeIqW8EGEPHQ&pq=%22wolffrum%20lenita%20g%22&cp=21&gs_id=2h&xhr=t&q=wolffrum+%22kay+county%22&pf=p&sclient=psy-ab&oq=wolffrum+%22kay+county%22&aq=f&aqi=&aql=&gs_l=&pbx=1&bav=on.2
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\www.nysba.org_AM_Template.cfm_Section=Downloadable_Forms&Template=_CM_ContentDisplay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.nysba.org/AM/Template.cfm?Section=Downloadable_Forms&Template=/CM/ContentDisplay.cfm&ContentID=51334
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\Yasni result for http___members.boardhost.com_magoffin_msg_1200954150.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.yasni.com/ext.php?url=http%3A%2F%2Fmembers.boardhost.com%2Fmagoffin%2Fmsg%2F1200954150.html&name=Rebecca+Dranikoski+Sizemore&cat=other&showads=1
ShortcutWithArgument: C:\Users\BJG\Desktop\BJG Desktop files\OLD\ySearch.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.ysearch.org/alphalist_lastname.asp?uid=&region=&letter=B&searchtype=exact&lastname=Bowling
 
 
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNEXTxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Trend Micro Internet Security   
Windows Defender                
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (49.0.2623.112) 
 Google Chrome (50.0.2661.94) 
 Google Chrome (SetupMetrics.pma..) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro Titanium plugin Pt\PtSvcHost.exe 
 Trend Micro Titanium plugin Pt\PtWatchDog.exe 
 Trend Micro TMIDS PwmSvc.exe  
 Trend Micro Titanium plugin Pt\PtSessionAgent.exe 
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
THANKS



#6 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:51 AM

Posted 12 May 2016 - 04:37 PM

Well done on the SecurityCheck link - my mistake :orange: .

 

There is no sign of Malware on your computer.
 

cleaned
out REGISTRY (only what's familiar to me)

That’s not advisable unless you’re an expert.

===================================================

CNET

I suggest you remove the Cnet shortcut from your desktop.

See this.

===================================================

I also suggest you start a topic in our Windows forum to see if they can find a reason for this behaviour.

Let me know if you want to investigate further or if you’re satisfied to do that.

Nina


Edited by satchfan, 12 May 2016 - 04:38 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 meomy

meomy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 13 May 2016 - 01:01 AM

If this is all that you can help me with them I'll move on.  Which windows forum should I post in?



#8 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:51 AM

Posted 13 May 2016 - 02:00 AM

The Windows 8 & 8.1 forum.

 

Sorry to not be of more help.

 

Although I have an idea about what may be causing the problem, if it's not malware-related then I'm not qualified enough to give reliable advice and you'd be better off asking someone who is.

 

Good luck.

 

Nina


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:51 AM

Posted 14 May 2016 - 04:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users