Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome using 'transparent overlays' (?) to clickjack and re-direct


  • This topic is locked This topic is locked
4 replies to this topic

#1 miles_muso

miles_muso

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 31 October 2015 - 09:46 AM

Hi,

 

I think some sort of 'transparent overlay' layer is clickjacking me in Chrome and re-directing to preferred sites.  I've also noticed that some google search results are not what I expect, where frequently used sites are not at the top of the list, and sites I've never heard of have been mysteriously 'promoted'.  I'm not sure the two problems are related.

 

I hope you can help, and really appreciate the work that you guys do.

 

Thanks

 

Miles

 

 

Here's the FRST report:

Attached File  Addition.txt   43.26KB   2 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Miles (administrator) on DOBBY_5 (31-10-2015 14:29:30)
Running from C:\Users\Miles\Desktop
Loaded Profiles: Miles & Administrator (Available Profiles: Miles & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(LULU Software Limited) C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 8\creator-ws.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(ArcSoft Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Miles\Desktop\FSS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-26] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5306776 2014-11-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [603904 2014-10-17] (Acronis International GmbH)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM-x32\...\Run: [CucusoftNetGuard] => C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe [868352 2013-06-25] (Cucusoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-463510590-2819433291-840635916-1000\...\Run: [GoogleChromeAutoLaunch_70BE97FDFE0DB92E0B8C55B96738517C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [870728 2015-10-20] (Google Inc.)
HKU\S-1-5-21-463510590-2819433291-840635916-1000\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [7119872 2015-09-25] (Sand Studio)
HKU\S-1-5-21-463510590-2819433291-840635916-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9366824 2015-09-01] (Visicom Media Inc.)
HKU\S-1-5-21-463510590-2819433291-840635916-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-03] (Siber Systems)
HKU\S-1-5-21-463510590-2819433291-840635916-1000\...\RunOnce: [Uninstall C:\Users\Miles\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Miles\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-463510590-2819433291-840635916-1000\...\RunOnce: [Uninstall C:\Users\Miles\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Miles\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-463510590-2819433291-840635916-1000\...\Policies\Explorer: [HideSCAPower] 0
HKU\S-1-5-21-463510590-2819433291-840635916-1000\...\MountPoints2: {0a6b1751-6b6f-11e5-8a8a-340286afff86} - F:\autorun.exe
HKU\S-1-5-21-463510590-2819433291-840635916-1000\...\MountPoints2: {4289e839-6770-11e5-a61d-340286afff86} - F:\setup_vmb_lite.exe /checkApplicationPresence
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175040 2014-12-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [157024 2014-12-24] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk [2015-06-26]
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1FC8CC6E-5196-4BD6-A262-86A36750690A}: [DhcpNameServer] 192.168.1.254


Internet Explorer:
==================
HKU\S-1-5-21-463510590-2819433291-840635916-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-463510590-2819433291-840635916-1000\Software\Microsoft\Internet Explorer\Main,Start Page = C:\Program Files\Internet Explorer\pcspecialist.html
HKU\S-1-5-21-463510590-2819433291-840635916-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-463510590-2819433291-840635916-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-463510590-2819433291-840635916-500\Software\Microsoft\Internet Explorer\Main,Start Page = C:\Program Files\Internet Explorer\pcspecialist.html
SearchScopes: HKLM -> DefaultScope {4A516F6D-ACE3-4CBE-AF82-899914C08603} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM -> {4A516F6D-ACE3-4CBE-AF82-899914C08603} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {4A516F6D-ACE3-4CBE-AF82-899914C08603} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> {4A516F6D-ACE3-4CBE-AF82-899914C08603} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKU\S-1-5-21-463510590-2819433291-840635916-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-03] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-27] (Oracle Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-27] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-03] (Siber Systems Inc.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-03] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-463510590-2819433291-840635916-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-03] (Siber Systems Inc.)


FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-01] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-06-01] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-463510590-2819433291-840635916-1000: SkypePlugin -> C:\Users\Miles\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi.dll [2015-09-23] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-463510590-2819433291-840635916-1000: SkypePlugin64 -> C:\Users\Miles\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi-x64.dll [2015-09-23] (Skype Technologies S.A.)
FF HKLM\...\Firefox\Extensions: [soda_pdf_8_conv@sodapdf.com] - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension
FF Extension: Soda PDF 8 Creator - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension [2015-10-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-06-01] [not signed]


Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR DefaultSearchURL: Default -> hxxps://www.google.co.uk/search?newwindow=1&site=&source=hp&q={searchTerms}&&oq=hello&gs_l=hp.3..0l10.2571.3290.0.4323.6.6.0.0.0.0.817.1330.1j3j6-1.5.0.msedr...0...1c.1.64.hp..2.4.512.0.gVcF2mcMIP8
CHR DefaultSearchKeyword: Default -> google.co.uk_
CHR Profile: C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-01]
CHR Extension: (Google Docs) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-01]
CHR Extension: (Google Drive) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-06-20]
CHR Extension: (Skype Calling) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-10-09]
CHR Extension: (YouTube) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (History 2) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2015-07-21]
CHR Extension: (Pushbullet) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-09-17]
CHR Extension: (OneTab) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-10-28]
CHR Extension: (Google Search) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Search by Image (by Google)) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-08-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-06-01]
CHR Extension: (Google Tasks (by Google)) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-01]
CHR Extension: (PicMonkey) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2015-06-01]
CHR Extension: (Stylish) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-09-29]
CHR Extension: (Facebook for Chrome) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2015-08-27]
CHR Extension: (Bulk Download Images(ZIG)) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjhimhkjmipphnaminnnnjpnlneeplk [2015-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-10-08]
CHR Extension: (Save to Google Drive) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-06-01]
CHR Extension: (Wepware - Capture & Share Live Content) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahkfgggehhlbjnjiknajlagabkopglo [2015-06-04]
CHR Extension: (Comic Sans Replacer) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\hogcjpgnoecbkmbamlakaacafkloopbn [2015-06-02]
CHR Extension: (SimpleUndoRecents) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaiblbjjcealhldhdnjhpjmckgclnbca [2015-06-02]
CHR Extension: (Momentum) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-09-04]
CHR Extension: (Chrono Download Manager) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2015-06-01]
CHR Extension: (Hover Zoom) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-10-28]
CHR Extension: (AdBlock Pro) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-10-08]
CHR Extension: (Netflix app) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeibmhgehkbdkoaipjmlbajenkmjohbf [2015-08-31]
CHR Extension: (Evernote Web Clipper) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-09-30]
CHR Extension: (Gmail) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01]
CHR Extension: (0h h1) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfbpnkceanpmmgpdahebjkenffkahfb [2015-09-28]
CHR Extension: (RoboForm Password Manager) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-10-26]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-27]
CHR HKU\S-1-5-21-463510590-2819433291-840635916-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-27]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 CS_AutoUpdate; C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe [44696 2012-07-17] (Cucusoft, Inc.)
R2 CS_BandwidthGuard; C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys [223392 2013-06-21] (Cucusoft, Inc.)
R2 CS_BandwidthGuard64; C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys [292000 2013-06-21] (Cucusoft, Inc.)
R2 CS_SysMsgProxy; C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [255136 2013-06-21] (Cucusoft, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-05-11] (Foxit Software Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-06-17] (Ellora Assets Corp.) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-10-14] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [131312 2015-03-20] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
R2 SODA Manager; C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe [873272 2015-08-11] (LULU Software Limited)
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2242840 2015-10-09] (LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920344 2015-10-09] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 Creator; C:\Program Files\Soda PDF 8\creator-ws.exe [733464 2015-10-09] (LULU SOFTWARE LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-08-30] (Microsoft Corporation)
S4 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [X]


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-11] (Advanced Micro Devices, Inc.)
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-08-21] ()
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [142136 2015-01-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2015-09-29] (Motorola Solutions, Inc.)
U5 C5BC7ABF; C:\Windows\System32\Drivers\C5BC7ABF.sys [478392 2015-09-05] (Kaspersky Lab ZAO)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-23] (Kaspersky Lab UK Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-06-01] (Acronis International GmbH)
R3 HKKbdFltr; C:\Windows\System32\DRIVERS\HKKbdFltr.sys [41160 2014-10-29] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\System32\DRIVERS\HKMouFltr.sys [40136 2014-10-29] (Insyde Software Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-06-01] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-08-18] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [255728 2015-09-29] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-23] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-23] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831672 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-23] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-10-12] (Intel Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [4008176 2015-09-29] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 pefndis; C:\Windows\System32\DRIVERS\pefndis.sys [63152 2015-07-29] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [752856 2015-08-08] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-07-31] (Synaptics Incorporated)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows (R) Win 7 DDK provider)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2015-06-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2015-06-01] (Acronis International GmbH)
S3 wfpcapture; C:\Windows\System32\Drivers\wfpcapture.sys [55472 2015-07-29] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2014-03-22] (OpenLibSys.org)
R3 cpuz134; \??\C:\Users\Miles\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-10-31 14:29 - 2015-10-31 14:29 - 02198016 _____ (Farbar) C:\Users\Miles\Desktop\FRST64.exe
2015-10-31 14:29 - 2015-10-31 14:29 - 00040543 _____ C:\Users\Miles\Desktop\FRST.txt
2015-10-31 14:29 - 2015-10-31 14:29 - 00000000 ____D C:\FRST
2015-10-31 14:25 - 2015-10-31 14:26 - 00002349 _____ C:\Users\Miles\Desktop\FSS.txt
2015-10-31 14:25 - 2015-10-31 14:15 - 00899072 _____ (Farbar) C:\Users\Miles\Desktop\FSS.exe
2015-10-31 14:22 - 2015-10-31 14:22 - 00000634 _____ C:\Users\Miles\Desktop\fixlist.txt
2015-10-28 23:36 - 2015-10-28 23:36 - 00306640 _____ C:\Windows\Minidump\102815-9984-01.dmp
2015-10-28 23:35 - 2015-10-28 23:35 - 00000000 ___HD C:\OneDriveTemp
2015-10-27 14:15 - 2015-10-27 14:15 - 00000000 ____D C:\ProgramData\LULU Software
2015-10-27 14:14 - 2015-10-27 14:19 - 00000000 ____D C:\Program Files (x86)\Soda PDF 8
2015-10-27 14:14 - 2015-10-27 14:16 - 00000000 ____D C:\Program Files\Soda PDF 8
2015-10-26 11:38 - 2015-10-26 11:38 - 04613888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-10-26 11:38 - 2015-10-26 11:38 - 03951402 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-10-26 11:38 - 2015-10-26 11:38 - 03278416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 02997504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 02958904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 02893568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-10-26 11:38 - 2015-10-26 11:38 - 02050184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 02028672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 01976560 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 01743080 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 01352000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00410032 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00110992 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-10-26 11:38 - 2015-10-26 11:38 - 00041096 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2015-10-26 11:38 - 2015-10-26 11:38 - 00023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-10-26 11:37 - 2015-10-26 11:37 - 00981744 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-10-26 11:37 - 2015-10-26 11:37 - 00084072 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-10-17 21:37 - 2015-10-17 21:37 - 00004608 _____ C:\Users\Miles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-17 15:50 - 2015-10-17 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viewer
2015-10-17 08:21 - 2015-10-17 16:45 - 00000000 ____D C:\Users\Miles\AppData\Local\Anvil Studio
2015-10-17 08:20 - 2015-10-17 08:20 - 00002653 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvil Studio 2015.lnk
2015-10-17 08:20 - 2015-10-17 08:20 - 00000000 ____D C:\Program Files (x86)\Anvil Studio 2015
2015-10-16 22:33 - 2015-10-16 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-15 09:40 - 2015-10-28 12:53 - 00000000 _____ C:\Windows\system32\reimage.rep
2015-10-15 09:34 - 2015-10-15 09:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\VirtualStore
2015-10-15 09:34 - 2015-10-15 09:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\EmieUserList
2015-10-15 09:34 - 2015-10-15 09:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\EmieSiteList
2015-10-15 09:34 - 2015-10-15 09:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-10-15 09:34 - 2013-10-14 17:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-10-15 09:34 - 2009-07-13 16:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\tbssvc.dll
2015-10-15 09:34 - 2009-06-10 20:35 - 00145792 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys
2015-10-15 08:50 - 2015-10-28 12:16 - 00012710 _____ C:\Windows\system32\Native.exe
2015-10-15 08:50 - 2015-10-28 12:16 - 00000000 ____D C:\ReimageUndo
2015-10-15 08:37 - 2015-10-15 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-10-15 08:37 - 2015-10-15 08:37 - 00004272 _____ C:\Windows\System32\Tasks\ReimageUpdater
2015-10-15 08:37 - 2015-10-15 08:37 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-10-15 08:36 - 2015-10-31 01:13 - 00000165 _____ C:\Windows\Reimage.ini
2015-10-15 08:36 - 2015-10-31 01:13 - 00000000 ____D C:\rei
2015-10-15 08:36 - 2015-10-15 08:37 - 00000000 ____D C:\Program Files\Reimage
2015-10-13 16:20 - 2015-10-13 16:20 - 00000000 ____D C:\Program Files\Lexmark
2015-10-13 14:33 - 2015-10-13 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Desktop Help
2015-10-13 14:31 - 2015-10-13 14:31 - 00000000 ____D C:\Users\Miles\AppData\Roaming\Motive
2015-10-13 14:30 - 2015-10-13 14:39 - 00000000 ____D C:\ProgramData\Motive
2015-10-13 14:30 - 2015-10-13 14:30 - 00000000 ____D C:\Program Files\Common Files\Motive
2015-10-13 14:30 - 2015-10-13 14:30 - 00000000 ____D C:\Program Files\BT Broadband Desktop Help
2015-10-13 14:29 - 2015-10-13 14:29 - 00000000 ____D C:\Program Files (x86)\BT Broadband Desktop Help
2015-10-12 17:03 - 2015-10-28 23:37 - 00000000 ____D C:\Users\Miles\AppData\Roaming\NetGuard
2015-10-12 17:02 - 2015-10-12 17:02 - 00000000 ____D C:\ProgramData\Cucusoft
2015-10-12 17:02 - 2015-10-12 17:02 - 00000000 ____D C:\Program Files\Cucusoft
2015-10-12 17:02 - 2003-03-18 09:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.DLL
2015-10-12 17:02 - 2003-03-18 08:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\MFC71.DLL
2015-10-12 17:02 - 2003-03-18 08:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP71.DLL
2015-10-12 17:02 - 2003-03-18 07:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.DLL
2015-10-12 17:02 - 2003-02-20 16:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCR71.DLL
2015-10-12 17:02 - 2003-02-20 15:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.DLL
2015-10-12 15:56 - 2015-10-12 15:56 - 00000000 ____D C:\Users\Miles\AppData\Local\IsolatedStorage
2015-10-12 15:55 - 2015-10-12 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Message Analyzer
2015-10-12 15:54 - 2015-10-12 15:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wfpcapture_01011.Wdf
2015-10-12 15:54 - 2015-10-12 15:54 - 00000000 ____D C:\Program Files\Microsoft Message Analyzer
2015-10-12 15:48 - 2015-10-12 15:48 - 00000000 ____D C:\Users\Miles\AppData\Roaming\Apple Computer
2015-10-12 15:48 - 2015-10-12 15:48 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-10-12 15:01 - 2015-10-12 15:01 - 00178976 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2015-10-12 12:37 - 2009-06-10 21:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts - Copy
2015-10-09 18:51 - 2015-10-09 18:51 - 00000000 ____D C:\Users\Miles\AppData\Local\SkypePlugin
2015-10-08 01:15 - 2015-10-12 17:07 - 00000000 ____D C:\ProgramData\Bitmeter2
2015-10-08 01:15 - 2015-10-12 06:21 - 00000000 ____D C:\Users\Miles\AppData\Roaming\Bitmeter2
2015-10-08 01:15 - 2015-10-08 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter
2015-10-08 01:15 - 2015-10-08 01:15 - 00000000 ____D C:\Program Files (x86)\Codebox
2015-10-06 13:05 - 2015-10-08 01:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-10-05 13:44 - 2015-10-19 14:34 - 00000000 ____D C:\Users\Miles\Desktop\Panto
2015-10-02 16:47 - 2015-10-02 16:47 - 00000000 ____D C:\Users\Miles\AppData\Roaming\FLEXnet
2015-10-02 16:37 - 2015-10-05 14:14 - 00000000 ____D C:\Users\Miles\AppData\Roaming\Vodafone
2015-10-02 16:37 - 2015-10-05 14:13 - 00000000 ____D C:\ProgramData\Vodafone
2015-10-02 16:37 - 2015-10-02 16:37 - 00000000 ____D C:\ProgramData\Macrovision
2015-10-02 16:37 - 2015-10-02 16:37 - 00000000 ____D C:\ProgramData\FLEXnet


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-10-31 13:52 - 2015-06-01 17:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 13:46 - 2015-06-24 13:33 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-31 13:34 - 2015-06-01 17:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-31 12:26 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-31 12:26 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-31 10:33 - 2015-08-22 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-10-31 09:40 - 2015-06-24 14:20 - 00000000 ___RD C:\Users\Miles\Dropbox
2015-10-31 08:52 - 2015-06-01 17:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-31 08:46 - 2015-06-24 13:33 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-31 07:03 - 2010-11-21 02:52 - 01707525 _____ C:\Windows\WindowsUpdate.log
2015-10-31 01:23 - 2015-06-03 13:51 - 00002163 _____ C:\Users\Miles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-10-31 01:23 - 2015-06-03 13:51 - 00000000 ___RD C:\Users\Miles\OneDrive
2015-10-31 01:23 - 2015-06-02 12:48 - 04350976 _____ C:\Users\Miles\AppData\Local\SageThumbs.db3
2015-10-31 01:12 - 2015-05-28 13:01 - 00011850 _____ C:\Windows\SysWOW64\Gms.log
2015-10-28 23:43 - 2015-09-29 13:03 - 00000000 ____D C:\Users\Miles\Desktop\Phone
2015-10-28 23:42 - 2009-07-14 05:13 - 00807742 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-28 23:40 - 2015-09-29 23:56 - 00003240 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2015-10-28 23:40 - 2015-06-01 16:38 - 00002872 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Miles)
2015-10-28 23:37 - 2015-06-24 13:33 - 00000000 ____D C:\Users\Miles\AppData\Local\Dropbox
2015-10-28 23:36 - 2015-06-19 23:47 - 00022521 _____ C:\Windows\setupact.log
2015-10-28 23:36 - 2015-06-19 23:47 - 00000000 ____D C:\Windows\Minidump
2015-10-28 23:36 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-28 23:35 - 2009-07-14 03:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-28 13:57 - 2015-06-01 16:21 - 00000000 ___RD C:\Users\Miles\Desktop\System
2015-10-28 12:53 - 2015-06-19 23:47 - 00022372 _____ C:\Windows\PFRO.log
2015-10-28 12:31 - 2015-05-28 20:50 - 00001614 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-28 12:31 - 2015-05-28 20:50 - 00001435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-28 12:31 - 2009-07-14 04:57 - 00001712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-28 12:09 - 2015-06-12 22:40 - 00000000 ____D C:\Users\Miles\AppData\Roaming\uTorrent
2015-10-28 12:04 - 2015-08-25 16:27 - 00001646 _____ C:\Windows\system32\ScanResults.xml
2015-10-28 12:02 - 2015-08-25 16:23 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-10-28 11:35 - 2015-06-01 16:44 - 00000000 ____D C:\Users\Miles\AppData\Roaming\vlc
2015-10-27 14:17 - 2015-06-24 22:10 - 00002902 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Miles
2015-10-27 10:36 - 2015-06-01 16:04 - 00000000 ____D C:\ProgramData\Oracle
2015-10-27 09:06 - 2015-08-31 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-27 09:05 - 2015-08-31 15:29 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-27 09:05 - 2015-08-31 15:29 - 00000000 ____D C:\Users\Miles\.oracle_jre_usage
2015-10-27 09:05 - 2015-08-31 15:29 - 00000000 ____D C:\Program Files\Java
2015-10-26 18:34 - 2015-06-02 13:51 - 00007617 _____ C:\Users\Miles\AppData\Local\resmon.resmoncfg
2015-10-26 13:32 - 2015-06-01 16:21 - 00000000 ____D C:\Users\Miles\Desktop\Video
2015-10-26 12:44 - 2015-06-24 22:11 - 00000000 ____D C:\Users\Miles\AppData\Roaming\BatteryCare
2015-10-26 12:43 - 2015-06-24 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare
2015-10-26 12:43 - 2015-06-24 22:11 - 00000000 ____D C:\Program Files (x86)\BatteryCare
2015-10-26 11:38 - 2015-05-28 20:49 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-10-26 11:37 - 2015-06-01 16:38 - 00000000 ____D C:\ProgramData\ProductData
2015-10-26 11:37 - 2015-05-28 12:40 - 00117824 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-10-19 05:40 - 2009-07-14 04:45 - 00314856 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-17 18:55 - 2015-06-18 17:10 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 18:55 - 2015-06-18 17:10 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 18:04 - 2015-06-01 14:56 - 00074064 _____ C:\Users\Miles\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-17 16:45 - 2015-06-01 16:21 - 00000000 ____D C:\Users\Miles\Desktop\Audio
2015-10-17 11:59 - 2015-06-02 12:43 - 00000000 __SHD C:\Users\Miles\AppData\LocalLow\EmieUserList
2015-10-17 11:59 - 2015-06-02 12:43 - 00000000 __SHD C:\Users\Miles\AppData\LocalLow\EmieSiteList
2015-10-17 11:59 - 2015-06-02 12:43 - 00000000 __SHD C:\Users\Miles\AppData\LocalLow\EmieBrowserModeList
2015-10-16 22:33 - 2015-06-24 13:33 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-15 09:38 - 2015-05-28 20:53 - 00000000 ____D C:\temp
2015-10-15 09:34 - 2015-06-02 12:43 - 00000000 __SHD C:\Users\Miles\AppData\Local\EmieUserList
2015-10-15 09:34 - 2015-06-02 12:43 - 00000000 __SHD C:\Users\Miles\AppData\Local\EmieSiteList
2015-10-15 09:34 - 2015-06-02 12:43 - 00000000 __SHD C:\Users\Miles\AppData\Local\EmieBrowserModeList
2015-10-15 09:34 - 2010-11-21 07:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-15 09:34 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-15 09:34 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-10-15 09:34 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-10-15 09:34 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Dism
2015-10-15 09:33 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-10-15 09:33 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-13 21:13 - 2015-07-13 12:46 - 00000000 ___RD C:\Users\Miles\Desktop\New House
2015-10-12 17:13 - 2015-06-01 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-10-12 15:52 - 2015-06-01 16:38 - 00000000 ____D C:\Program Files (x86)\IObit
2015-10-12 15:48 - 2015-06-01 16:38 - 00000000 ____D C:\Users\Miles\AppData\LocalLow\IObit
2015-10-12 15:48 - 2015-06-01 16:38 - 00000000 ____D C:\ProgramData\IObit
2015-10-12 15:47 - 2015-06-01 16:38 - 00000000 ____D C:\Users\Miles\AppData\Roaming\IObit
2015-10-12 10:29 - 2015-08-22 15:24 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-12 06:43 - 2015-06-13 17:59 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-12 06:39 - 2015-06-01 14:56 - 00000000 ____D C:\Users\Miles
2015-10-12 06:38 - 2015-06-24 22:10 - 00000000 ____D C:\Users\Miles\AppData\Roaming\ProductData
2015-10-12 06:38 - 2015-06-20 14:49 - 00000000 ____D C:\Users\Administrator
2015-10-12 06:38 - 2015-06-02 18:49 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-12 06:38 - 2015-06-01 17:24 - 00000000 ____D C:\Users\Miles\AppData\Roaming\Winamp
2015-10-12 06:38 - 2015-06-01 17:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-12 06:38 - 2015-06-01 16:28 - 00000000 ____D C:\Users\Miles\AppData\Roaming\WM Capture 7
2015-10-12 06:38 - 2010-11-21 07:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-12 06:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\security
2015-10-12 06:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2015-10-11 12:52 - 2015-06-26 15:49 - 00748665 _____ C:\Users\Miles\AppData\Local\ASbs.ac
2015-10-06 09:16 - 2015-05-18 21:16 - 00831672 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-10-06 09:16 - 2014-11-10 16:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-10-02 21:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-02 17:05 - 2015-06-01 16:34 - 00000000 ____D C:\Users\Miles\AppData\Local\ManyCam
2015-10-02 16:36 - 2015-06-26 15:39 - 00000000 ____D C:\Users\Miles\AppData\Local\Downloaded Installations


==================== Files in the root of some directories =======


2015-08-27 15:10 - 2015-08-27 15:10 - 0037607 _____ () C:\Program Files (x86)\Common Files\license.rtf
2015-08-27 15:10 - 2015-08-27 15:10 - 0008046 _____ () C:\Program Files (x86)\Common Files\setupBanner.jpg
2015-06-24 22:19 - 2015-06-24 22:19 - 0000010 _____ () C:\Users\Miles\AppData\Roaming\2.5.0.4
2015-06-26 15:49 - 2015-10-11 12:52 - 0748665 _____ () C:\Users\Miles\AppData\Local\ASbs.ac
2015-10-17 21:37 - 2015-10-17 21:37 - 0004608 _____ () C:\Users\Miles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-09 16:06 - 2015-07-09 16:06 - 0001788 _____ () C:\Users\Miles\AppData\Local\recently-used.xbel
2015-06-02 13:51 - 2015-10-26 18:34 - 0007617 _____ () C:\Users\Miles\AppData\Local\resmon.resmoncfg
2015-06-02 12:48 - 2015-10-31 01:23 - 4350976 _____ () C:\Users\Miles\AppData\Local\SageThumbs.db3
2015-06-01 22:14 - 2015-06-26 15:16 - 0000040 ___SH () C:\ProgramData\.zreglib
2015-06-02 18:42 - 2015-07-07 14:52 - 0001963 _____ () C:\ProgramData\hpzinstall.log


Some files in TEMP:
====================
C:\Users\Miles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3ajosk.dll
C:\Users\Miles\AppData\Local\Temp\proxy_vole337266062438316827.dll
C:\Users\Miles\AppData\Local\Temp\sqlite3.exe




==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2015-10-31 01:58


==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 AM

Posted 02 November 2015 - 10:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold using the Add/Remove Programs applet.
Driver Booster 3.0 (HKLM-x32\...\Driver Booster_is1) (Version: 3.0 - IObit)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.4 - Ellora Assets Corporation)


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-463510590-2819433291-840635916-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-463510590-2819433291-840635916-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-463510590-2819433291-840635916-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [X]
R3 cpuz134; \??\C:\Users\Miles\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
Task: {22CED2AC-7236-4AF4-89A1-776A366F82ED} - \SmartDefrag4_Startup -> No File <==== ATTENTION
Task: {842C0914-1228-454B-8582-5DEFB141F216} - \SmartDefrag4_Defrag -> No File <==== ATTENTION
Task: {963620A5-E127-4665-A2BC-DB532726B041} - \SmartDefrag4_Update -> No File <==== ATTENTION
Task: {BFD33027-EF6F-4C44-8422-A689E311C49E} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
C:\Program Files\Reimage

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
==

How is the computer running now?

#3 miles_muso

miles_muso
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 03 November 2015 - 05:42 AM

Hi Nasdaq (great user name, BTW!)

 

Thanks for all your help.

 

I  ran FRST with the fix: log attached.

 

I ran ADW which removed two Chrome extensions - the log is quite short so here it is:

# AdwCleaner v5.017 - Logfile created 03/11/2015 at 10:18:03
# Updated 03/11/2015 by Xplode
# Database : 2015-11-01.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Miles - DOBBY_5
# Running from : C:\Users\Miles\Desktop\adwcleaner_5.017.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd
[-] Folder Deleted : C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall

***** [ Files ] *****

[-] File Deleted : C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
[-] File Deleted : C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chphlpgkkbolifaimnlloiipkdnihall
[-] [C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dmglolhoplikcoamfgjgammjbgchgjdd

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [1545 bytes] ##########

So far, no evil clickjacks detected!  I'll look out for any more suspicious behaviour.

 

I'm grateful you advised me to delete Driver Boost - it was downloading LOADS of data in the background which was slowing everything down.  I blocked it in Kaspersky, but I should've just deleted it.  More free space on my C drive - Yay!!

 

I'm surprised you asked me to delete Freemake Video Converter.  I've been using it for years without any problems.  Can I re-install it? (making sure to avoid all the BHO and searchbar 'options')?  The Freemake Video Downloader, however, was fairly new and I've never really used it, so no harm done there.

 

I've also reset Chrome, which has forced me to reconsider my Chrome extensions.  I know this is something I should do every few months but never get round to, so thanks again.

 

I'm always amazed at the number of people on forums like this who freely give their time to help people like me.  If the world was run like an advice forum, maybe we'd run out of problems!

  

Thank you so much for your help.

 

Regards,

 

Miles

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 AM

Posted 03 November 2015 - 09:11 AM

I'm surprised you asked me to delete Freemake Video Converter. I've been using it for years without any problems. Can I re-install it? (making sure to avoid all the BHO and searchbar 'options')? The Freemake Video Downloader, however, was fairly new and I've never really used it, so no harm done there.

Yes now the everyting is working well.

Read this review.
http://www.boostbyreason.com/resource-program-983-Freemake-Video-Downloader.aspx

==

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 AM

Posted 09 November 2015 - 10:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users