Start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
Tcpip\..\Interfaces\{BD44EB3C-D327-453D-9CFA-F95AD0D73CEE}: [DhcpNameServer] 168.94.0.14 168.94.0.15
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll => No File
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll => No File
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll No File
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll No File
Toolbar: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-26]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
S2 PwmSvc; "C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
2016-07-09 20:58 - 2016-07-12 10:42 - 834007040 _____ C:\Users\User\Downloads\Unconfirmed 26002.crdownload
2016-06-26 22:22 - 2016-06-26 18:37 - 00018432 _____ C:\Users\User\Downloads\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
2016-06-26 22:22 - 2016-06-26 18:37 - 00018432 _____ C:\Users\User\Desktop\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
2016-06-26 22:22 - 2016-06-26 18:37 - 00000000 _____ C:\Users\User\Downloads\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
2016-06-26 22:22 - 2016-06-26 18:37 - 00000000 _____ C:\Users\User\Desktop\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
2015-07-18 14:14 - 2015-07-18 14:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\User\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\User\AppData\Local\Temp\OfficeSetup.exe
C:\Users\User\AppData\Local\Temp\proxy_vole8658733503972905890.dll
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4198864589-2716103951-1576274748-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {CCED6FF9-1B2D-40A7-B4FF-B0D6CB436C06} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\User\Desktop\CKScanner.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\advisorinstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CKScanner.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\msert.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\SandboxieInstall.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Windows-KB890830-x64-V5.37.exe:BDU [0]
Hosts:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end