Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Can't remove Obrona
Message
<blockquote data-quote="Ed_M1" data-source="post: 343652" data-attributes="member: 33756"><p>I believe I got it! The FRST.txt log is pasted below these comments.</p><p></p><p>NB: </p><p>I got 2 pop-ups about errors while it was running. </p><p>In each case I just clicked "OK" and ignored it.</p><p>Here's the errors I got and ignored.</p><p>1) Application Error: Exception EAccessViolation in module ERUNT.exe…</p><p>2) Then my Internet Security software said it was blocking FRST64.exe, but it seems to have run ok anyway. You tell me.</p><p></p><p>Here's the log:</p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015</p><p>Ran by emowrey1 (administrator) on LAPTOP1 on 02-02-2015 11:43:42</p><p>Running from C:\Users\emowrey1\Documents\___My Files\Tech Tips and Questions\MalwareStuffOnLaptop</p><p>Loaded Profiles: emowrey1 (Available profiles: emowrey1 & Administrator)</p><p>Platform: Windows 8.1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: FF)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Intel Corporation) C:\Windows\System32\igfxCUIService.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe</p><p>(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe</p><p>(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dasHost.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe</p><p>() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe</p><p>(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE</p><p>(Microsoft Corporation) C:\Windows\System32\WerFault.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxEM.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxHK.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe</p><p>() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe</p><p>(Akamai Technologies, Inc.) C:\Users\emowrey1\AppData\Local\Akamai\netsession_win.exe</p><p>() C:\Users\emowrey1\AppData\Local\Amazon Music\Amazon Music Helper.exe</p><p>(Akamai Technologies, Inc.) C:\Users\emowrey1\AppData\Local\Akamai\netsession_win.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE</p><p>(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe</p><p>(Microsoft Corporation) C:\Windows\Camera\Camera.exe</p><p>(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe</p><p>(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe</p><p>(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe</p><p>() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe</p><p>(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe</p><p>(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE</p><p>(Microsoft Corporation) C:\Windows\splwow64.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OL\x86\TMAS_OL.exe</p><p>(Microsoft Corporation) C:\Windows\HelpPane.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)</p><p>HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)</p><p>HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()</p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)</p><p>HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.)</p><p>HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.)</p><p>HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [45712 2014-07-20] (Trend Micro Inc.)</p><p>HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)</p><p>HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)</p><p>HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))</p><p>HKU\S-1-5-21-4150287182-2758880135-4216909146-1001\...\Run: [Akamai NetSession Interface] => C:\Users\emowrey1\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)</p><p>HKU\S-1-5-21-4150287182-2758880135-4216909146-1001\...\Run: [Amazon Music] => C:\Users\emowrey1\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-18] ()</p><p>HKU\S-1-5-21-4150287182-2758880135-4216909146-1001\...\Run: [Obrona Block Ads] => C:\Users\emowrey1\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe [1509336 2014-10-16] (RedSky Sp. z o.o.)</p><p>HKU\S-1-5-21-4150287182-2758880135-4216909146-1001\...\MountPoints2: {9b104187-7763-11e4-bed1-8056f2b8ad32} - "E:\TLBootstrap_WPP.exe"</p><p>Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk</p><p>ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)</p><p>Startup: C:\Users\emowrey1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk</p><p>ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>SearchScopes: HKLM -> DefaultScope {36CCD620-C670-435D-A0D0-C4BB88D34C7F} URL = <a href="http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_14_ff&cd=2XzuyEtN2Y1L1QzuzztDyDyC0FtB0Bzz0A0DtAtB0FyCyB0BtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyB0A0Czy0AtBtGzztB0FtAtG0AtBtDzytG0Ezz0C0BtGyEtDtB0C0C0CyBzztCyEtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtByEyC0ByD0EtDtGtDzzyD0AtGtDzy0DtAtGzy0D0C0EtGtB0BtAyBtC0DyCyC0CyE0EtD2Q&cr=1298699287&ir=" target="_blank">http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_14_ff&cd=2XzuyEtN2Y1L1QzuzztDyDyC0FtB0Bzz0A0DtAtB0FyCyB0BtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyB0A0Czy0AtBtGzztB0FtAtG0AtBtDzytG0Ezz0C0BtGyEtDtB0C0C0CyBzztCyEtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtByEyC0ByD0EtDtGtDzzyD0AtGtDzy0DtAtGzy0D0C0EtGtB0BtAyBtC0DyCyC0CyE0EtD2Q&cr=1298699287&ir=</a></p><p>SearchScopes: HKLM -> {36CCD620-C670-435D-A0D0-C4BB88D34C7F} URL = <a href="http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_14_ff&cd=2XzuyEtN2Y1L1QzuzztDyDyC0FtB0Bzz0A0DtAtB0FyCyB0BtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyB0A0Czy0AtBtGzztB0FtAtG0AtBtDzytG0Ezz0C0BtGyEtDtB0C0C0CyBzztCyEtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtByEyC0ByD0EtDtGtDzzyD0AtGtDzy0DtAtGzy0D0C0EtGtB0BtAyBtC0DyCyC0CyE0EtD2Q&cr=1298699287&ir=" target="_blank">http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_14_ff&cd=2XzuyEtN2Y1L1QzuzztDyDyC0FtB0Bzz0A0DtAtB0FyCyB0BtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyB0A0Czy0AtBtGzztB0FtAtG0AtBtDzytG0Ezz0C0BtGyEtDtB0C0C0CyBzztCyEtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtByEyC0ByD0EtDtGtDzzyD0AtGtDzy0DtAtGzy0D0C0EtGtB0BtAyBtC0DyCyC0CyE0EtD2Q&cr=1298699287&ir=</a></p><p>SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = <a href="http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=575&src=ds&p={searchTerms}" target="_blank">http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=575&src=ds&p={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> DefaultScope value is missing.</p><p>SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = <a href="http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=575&src=ds&p={searchTerms}" target="_blank">http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=575&src=ds&p={searchTerms}</a></p><p>BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)</p><p>BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)</p><p>BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)</p><p>BHO-x32: The Amazon 1Button App for IE -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> C:\AmazonAppIE.dll (Amazon Inc.)</p><p>BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)</p><p>BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)</p><p>Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)</p><p>Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)</p><p>Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)</p><p>Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)</p><p>Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)</p><p>Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)</p><p>Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)</p><p>Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)</p><p>Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)</p><p>Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\emowrey1\AppData\Roaming\Mozilla\Firefox\Profiles\92iyrfuh.default-1419819414002</p><p>FF DefaultSearchEngine: Google</p><p>FF Homepage: about:newtab</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml</p><p>FF HKLM\...\Firefox\Extensions: [<a href="mailto:tmbepff@trendmicro.com">tmbepff@trendmicro.com</a>] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension</p><p>FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2014-12-06]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:tmbepff@trendmicro.com">tmbepff@trendmicro.com</a>] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension</p><p>FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension</p><p>FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-12-06]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension</p><p>FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-12-06]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR HomePage: Default -> hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>CHR StartupUrls: Default -> "hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a>"</p><p>CHR Profile: C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Docs) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-02]</p><p>CHR Extension: (Google Drive) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-02]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]</p><p>CHR Extension: (YouTube) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-02]</p><p>CHR Extension: (Google Search) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-02]</p><p>CHR Extension: (Google Wallet) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02]</p><p>CHR Extension: (Trend Micro Toolbar) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-12-28]</p><p>CHR Extension: (Gmail) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-02]</p><p>CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path</p><p>CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - No Path</p><p>CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - No Path</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)</p><p>R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)</p><p>R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-07-20] (Trend Micro Inc.)</p><p>R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()</p><p>R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)</p><p>R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)</p><p>S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)</p><p>R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)</p><p>R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)</p><p>R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)</p><p>R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)</p><p>S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)</p><p>S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)</p><p>S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)</p><p>S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)</p><p>R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)</p><p>R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.)</p><p>R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.)</p><p>R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.)</p><p>R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.)</p><p>S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2014-07-09] (Trend Micro Inc.)</p><p>R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.)</p><p>R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.)</p><p>R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)</p><p>S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)</p><p>U2 TMAgent; No ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-31 22:12 - 2015-01-31 22:12 - 00000000 ___RD () C:\Users\emowrey1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices</p><p>2015-01-31 14:37 - 2015-02-02 11:43 - 00000000 ____D () C:\FRST</p><p>2015-01-31 13:15 - 2015-01-31 13:15 - 00000183 _____ () C:\ProgramData\OutlookFail.20150131.log</p><p>2015-01-26 16:25 - 2015-01-26 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2015-01-13 17:56 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys</p><p>2015-01-13 17:56 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe</p><p>2015-01-13 17:56 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys</p><p>2015-01-13 17:56 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll</p><p>2015-01-13 17:56 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll</p><p>2015-01-13 17:56 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll</p><p>2015-01-13 17:56 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll</p><p>2015-01-13 17:56 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll</p><p>2015-01-13 17:55 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll</p><p>2015-01-13 17:55 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll</p><p>2015-01-13 17:55 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll</p><p>2015-01-13 17:55 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll</p><p>2015-01-13 17:55 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll</p><p>2015-01-13 17:55 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll</p><p>2015-01-13 17:55 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe</p><p>2015-01-13 17:55 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe</p><p>2015-01-13 17:55 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll</p><p>2015-01-13 17:55 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe</p><p>2015-01-13 17:55 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe</p><p>2015-01-13 17:55 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll</p><p>2015-01-13 17:55 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll</p><p>2015-01-13 17:55 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll</p><p>2015-01-13 17:55 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe</p><p>2015-01-13 17:55 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe</p><p>2015-01-13 17:55 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe</p><p>2015-01-13 17:55 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll</p><p>2015-01-13 17:55 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll</p><p>2015-01-13 17:55 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll</p><p>2015-01-13 17:55 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll</p><p>2015-01-13 17:55 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll</p><p>2015-01-13 17:55 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-02-02 11:38 - 2014-10-26 19:46 - 01821185 _____ () C:\WINDOWS\WindowsUpdate.log</p><p>2015-02-02 11:31 - 2014-04-01 21:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job</p><p>2015-02-02 11:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru</p><p>2015-02-02 09:43 - 2014-10-26 19:26 - 00000000 ____D () C:\Users\emowrey1</p><p>2015-02-02 00:01 - 2014-04-07 19:54 - 00000000 ____D () C:\Users\emowrey1\Documents\Outlook Files</p><p>2015-02-01 21:58 - 2014-04-02 06:30 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-02-01 11:22 - 2014-09-24 02:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2015-02-01 11:19 - 2013-08-22 09:46 - 00330954 _____ () C:\WINDOWS\setupact.log</p><p>2015-01-31 22:16 - 2013-11-13 00:05 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery</p><p>2015-01-31 14:40 - 2014-12-28 11:28 - 00236080 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe</p><p>2015-01-29 14:28 - 2014-08-30 20:30 - 00000000 ____D () C:\Users\emowrey1\Documents\___My Files</p><p>2015-01-27 18:32 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp</p><p>2015-01-27 08:02 - 2014-03-31 07:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2015-01-27 02:08 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM</p><p>2015-01-27 02:06 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT</p><p>2015-01-27 02:04 - 2014-09-24 02:03 - 00045042 _____ () C:\WINDOWS\PFRO.log</p><p>2015-01-27 02:04 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI</p><p>2015-01-26 20:51 - 2014-03-27 18:11 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4150287182-2758880135-4216909146-1001</p><p>2015-01-26 20:01 - 2014-04-02 06:31 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2015-01-24 18:46 - 2014-12-06 10:27 - 00000010 _____ () C:\Users\emowrey1\AppData\Local\sponge.last.runtime.cache</p><p>2015-01-24 15:31 - 2014-04-01 21:35 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater</p><p>2015-01-24 15:20 - 2014-09-24 04:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2015-01-24 15:20 - 2014-09-24 04:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-01-21 05:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness</p><p>2015-01-18 09:45 - 2014-04-28 23:09 - 00000000 ____D () C:\ProgramData\Trend Micro</p><p>2015-01-13 18:51 - 2014-03-29 10:38 - 00000000 ____D () C:\WINDOWS\system32\MRT</p><p>2015-01-13 18:45 - 2014-03-29 10:38 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2015-01-11 09:45 - 2014-03-29 09:06 - 00000000 ____D () C:\ProgramData\softthinks</p><p>2015-01-11 09:43 - 2014-08-18 12:49 - 00000000 ____D () C:\Users\emowrey1\AppData\Local\Adobe</p><p>2015-01-10 18:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery</p><p>2015-01-06 21:20 - 2014-04-18 13:55 - 00000000 ____D () C:\Users\emowrey1\AppData\Roaming\vlc</p><p>2015-01-06 14:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF</p><p>2015-01-05 01:19 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2014-04-28 23:08 - 2014-04-28 23:08 - 0000036 _____ () C:\Users\emowrey1\AppData\Local\housecall.guid.cache</p><p>2014-03-29 09:58 - 2014-10-04 15:12 - 0007605 _____ () C:\Users\emowrey1\AppData\Local\resmon.resmoncfg</p><p>2014-12-06 10:27 - 2015-01-24 18:46 - 0000010 _____ () C:\Users\emowrey1\AppData\Local\sponge.last.runtime.cache</p><p>2015-01-31 13:15 - 2015-01-31 13:15 - 0000183 _____ () C:\ProgramData\OutlookFail.20150131.log</p><p>2013-11-13 00:04 - 2013-11-13 00:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log</p><p>2013-11-13 00:00 - 2013-11-13 00:01 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log</p><p>2013-11-13 00:01 - 2013-11-13 00:03 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log</p><p>2013-11-13 00:00 - 2013-11-13 00:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log</p><p>2013-11-13 00:03 - 2013-11-13 00:04 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\emowrey1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcvdp7.dll</p><p>C:\Users\emowrey1\AppData\Local\Temp\ObronaBlockAds.exe</p><p>C:\Users\emowrey1\AppData\Local\Temp\SettingsManagerSetup.exe</p><p>C:\Users\emowrey1\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe</p><p>C:\Users\emowrey1\AppData\Local\Temp\vlc-2.1.5-win32.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p></blockquote><p></p>
[QUOTE="Ed_M1, post: 343652, member: 33756"] I believe I got it! The FRST.txt log is pasted below these comments. NB: I got 2 pop-ups about errors while it was running. In each case I just clicked "OK" and ignored it. Here's the errors I got and ignored. 1) Application Error: Exception EAccessViolation in module ERUNT.exe… 2) Then my Internet Security software said it was blocking FRST64.exe, but it seems to have run ok anyway. You tell me. Here's the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by emowrey1 (administrator) on LAPTOP1 on 02-02-2015 11:43:42 Running from C:\Users\emowrey1\Documents\___My Files\Tech Tips and Questions\MalwareStuffOnLaptop Loaded Profiles: emowrey1 (Available profiles: emowrey1 & Administrator) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\WerFault.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Akamai Technologies, Inc.) C:\Users\emowrey1\AppData\Local\Akamai\netsession_win.exe () C:\Users\emowrey1\AppData\Local\Amazon Music\Amazon Music Helper.exe (Akamai Technologies, Inc.) C:\Users\emowrey1\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Microsoft Corporation) C:\Windows\Camera\Camera.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OL\x86\TMAS_OL.exe (Microsoft Corporation) C:\Windows\HelpPane.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.) HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.) HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.) HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [45712 2014-07-20] (Trend Micro Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations)) HKU\S-1-5-21-4150287182-2758880135-4216909146-1001\...\Run: [Akamai NetSession Interface] => C:\Users\emowrey1\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-4150287182-2758880135-4216909146-1001\...\Run: [Amazon Music] => C:\Users\emowrey1\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-18] () HKU\S-1-5-21-4150287182-2758880135-4216909146-1001\...\Run: [Obrona Block Ads] => C:\Users\emowrey1\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe [1509336 2014-10-16] (RedSky Sp. z o.o.) HKU\S-1-5-21-4150287182-2758880135-4216909146-1001\...\MountPoints2: {9b104187-7763-11e4-bed1-8056f2b8ad32} - "E:\TLBootstrap_WPP.exe" Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\emowrey1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {36CCD620-C670-435D-A0D0-C4BB88D34C7F} URL = [URL]http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_14_ff&cd=2XzuyEtN2Y1L1QzuzztDyDyC0FtB0Bzz0A0DtAtB0FyCyB0BtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyB0A0Czy0AtBtGzztB0FtAtG0AtBtDzytG0Ezz0C0BtGyEtDtB0C0C0CyBzztCyEtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtByEyC0ByD0EtDtGtDzzyD0AtGtDzy0DtAtGzy0D0C0EtGtB0BtAyBtC0DyCyC0CyE0EtD2Q&cr=1298699287&ir=[/URL] SearchScopes: HKLM -> {36CCD620-C670-435D-A0D0-C4BB88D34C7F} URL = [URL]http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_14_ff&cd=2XzuyEtN2Y1L1QzuzztDyDyC0FtB0Bzz0A0DtAtB0FyCyB0BtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyB0A0Czy0AtBtGzztB0FtAtG0AtBtDzytG0Ezz0C0BtGyEtDtB0C0C0CyBzztCyEtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtByEyC0ByD0EtDtGtDzzyD0AtGtDzy0DtAtGzy0D0C0EtGtB0BtAyBtC0DyCyC0CyE0EtD2Q&cr=1298699287&ir=[/URL] SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = [URL]http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=575&src=ds&p={searchTerms}[/URL] SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = [URL]http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=575&src=ds&p={searchTerms}[/URL] BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.) BHO-x32: The Amazon 1Button App for IE -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> C:\AmazonAppIE.dll (Amazon Inc.) BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.) Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.) Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.) Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\emowrey1\AppData\Roaming\Mozilla\Firefox\Profiles\92iyrfuh.default-1419819414002 FF DefaultSearchEngine: Google FF Homepage: about:newtab FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml FF HKLM\...\Firefox\Extensions: [[email]tmbepff@trendmicro.com[/email]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2014-12-06] FF HKLM-x32\...\Firefox\Extensions: [[email]tmbepff@trendmicro.com[/email]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-12-06] FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-12-06] Chrome: ======= CHR HomePage: Default -> hxxp://[URL="http://www.google.com/"]www.google.com/[/URL] CHR StartupUrls: Default -> "hxxp://[URL="http://www.google.com/"]www.google.com/[/URL]" CHR Profile: C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-02] CHR Extension: (Google Drive) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-02] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19] CHR Extension: (YouTube) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-02] CHR Extension: (Google Search) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-02] CHR Extension: (Google Wallet) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02] CHR Extension: (Trend Micro Toolbar) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-12-28] CHR Extension: (Gmail) - C:\Users\emowrey1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-02] CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - No Path CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-07-20] (Trend Micro Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated) R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.) R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.) S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2014-07-09] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.) R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) U2 TMAgent; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 22:12 - 2015-01-31 22:12 - 00000000 ___RD () C:\Users\emowrey1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-01-31 14:37 - 2015-02-02 11:43 - 00000000 ____D () C:\FRST 2015-01-31 13:15 - 2015-01-31 13:15 - 00000183 _____ () C:\ProgramData\OutlookFail.20150131.log 2015-01-26 16:25 - 2015-01-26 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-13 17:56 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-13 17:56 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-13 17:56 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-13 17:56 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-13 17:56 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-13 17:56 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-13 17:56 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-13 17:56 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-13 17:55 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-13 17:55 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-13 17:55 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-13 17:55 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-13 17:55 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-13 17:55 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-13 17:55 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-13 17:55 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-13 17:55 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-13 17:55 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-13 17:55 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-13 17:55 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-13 17:55 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-13 17:55 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-13 17:55 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-13 17:55 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-13 17:55 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-13 17:55 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-13 17:55 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-13 17:55 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-13 17:55 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-13 17:55 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-13 17:55 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 11:38 - 2014-10-26 19:46 - 01821185 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-02 11:31 - 2014-04-01 21:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-02 11:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-02 09:43 - 2014-10-26 19:26 - 00000000 ____D () C:\Users\emowrey1 2015-02-02 00:01 - 2014-04-07 19:54 - 00000000 ____D () C:\Users\emowrey1\Documents\Outlook Files 2015-02-01 21:58 - 2014-04-02 06:30 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-01 11:22 - 2014-09-24 02:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-01 11:19 - 2013-08-22 09:46 - 00330954 _____ () C:\WINDOWS\setupact.log 2015-01-31 22:16 - 2013-11-13 00:05 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-01-31 14:40 - 2014-12-28 11:28 - 00236080 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe 2015-01-29 14:28 - 2014-08-30 20:30 - 00000000 ____D () C:\Users\emowrey1\Documents\___My Files 2015-01-27 18:32 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-27 08:02 - 2014-03-31 07:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 02:08 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-27 02:06 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-27 02:04 - 2014-09-24 02:03 - 00045042 _____ () C:\WINDOWS\PFRO.log 2015-01-27 02:04 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-26 20:51 - 2014-03-27 18:11 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4150287182-2758880135-4216909146-1001 2015-01-26 20:01 - 2014-04-02 06:31 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-24 18:46 - 2014-12-06 10:27 - 00000010 _____ () C:\Users\emowrey1\AppData\Local\sponge.last.runtime.cache 2015-01-24 15:31 - 2014-04-01 21:35 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-24 15:20 - 2014-09-24 04:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 15:20 - 2014-09-24 04:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-21 05:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-18 09:45 - 2014-04-28 23:09 - 00000000 ____D () C:\ProgramData\Trend Micro 2015-01-13 18:51 - 2014-03-29 10:38 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-13 18:45 - 2014-03-29 10:38 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-11 09:45 - 2014-03-29 09:06 - 00000000 ____D () C:\ProgramData\softthinks 2015-01-11 09:43 - 2014-08-18 12:49 - 00000000 ____D () C:\Users\emowrey1\AppData\Local\Adobe 2015-01-10 18:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-01-06 21:20 - 2014-04-18 13:55 - 00000000 ____D () C:\Users\emowrey1\AppData\Roaming\vlc 2015-01-06 14:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-05 01:19 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports ==================== Files in the root of some directories ======= 2014-04-28 23:08 - 2014-04-28 23:08 - 0000036 _____ () C:\Users\emowrey1\AppData\Local\housecall.guid.cache 2014-03-29 09:58 - 2014-10-04 15:12 - 0007605 _____ () C:\Users\emowrey1\AppData\Local\resmon.resmoncfg 2014-12-06 10:27 - 2015-01-24 18:46 - 0000010 _____ () C:\Users\emowrey1\AppData\Local\sponge.last.runtime.cache 2015-01-31 13:15 - 2015-01-31 13:15 - 0000183 _____ () C:\ProgramData\OutlookFail.20150131.log 2013-11-13 00:04 - 2013-11-13 00:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-11-13 00:00 - 2013-11-13 00:01 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-11-13 00:01 - 2013-11-13 00:03 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-11-13 00:00 - 2013-11-13 00:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-11-13 00:03 - 2013-11-13 00:04 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some content of TEMP: ==================== C:\Users\emowrey1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcvdp7.dll C:\Users\emowrey1\AppData\Local\Temp\ObronaBlockAds.exe C:\Users\emowrey1\AppData\Local\Temp\SettingsManagerSetup.exe C:\Users\emowrey1\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe C:\Users\emowrey1\AppData\Local\Temp\vlc-2.1.5-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed [/QUOTE]
Insert quotes…
Verification
Post reply
Top