Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Click on Gmail link in Chrome brings up Ads in new Tab


  • This topic is locked This topic is locked
2 replies to this topic

#1 Drawn

Drawn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 09 November 2015 - 07:45 PM

Click on Gmail link in Chrome brings up Gmail but also an Ad in new Tab.

Visiting websites in Chrome and soon the webpage is covered by Ad popup windows.

 

============== FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Drawn (administrator) on DELL-6430U (09-11-2015 19:32:20)
Running from C:\Programs\Utils\Computer\Malware\Farbar Recovery Scan Tool
Loaded Profiles: Drawn (Available Profiles: Drawn & Greg)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fork, Ltd.) C:\Program Files (x86)\Computer\Security\Prey\wpxsvc.exe
(Joyent, Inc) C:\Program Files (x86)\Computer\Security\Prey\versions\1.3.6\bin\node.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Fork, Ltd.) C:\Program Files (x86)\Computer\Security\Prey\versions\1.3.6\node_modules\triggers\bin\lightevt.exe
(Microsoft) C:\Programs\Utils\Media\Audio\Starkey\Starkey.InspireSupport.Service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
( ) C:\Windows\System32\lxducoms.exe
(Microsoft Corporation) C:\ProgramData\Starkey Laboratories\PatientBase\MSSQL10_50.PATIENTBASE\MSSQL\Binn\sqlservr.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(Starkey Hearing Technologies) C:\Program Files (x86)\Starkey Laboratories\Inspire OS\PatientBaseSync\Starkey.PatientBase.Sync.Service.Host.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Paramount Software UK Ltd) C:\Programs\Utils\Computer\Backup\MacriumReflect\ReflectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Programs\Utils\Media\Audio\Starkey\InspireUpdaterSDK.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dyn, Inc.) C:\Programs\Utils\Internet\Dyn\DynUpSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Dyn, Inc.) C:\Programs\Utils\Internet\Dyn\DynTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [131752 2010-02-04] (Lexmark International Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-10-28] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\Media\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [lxdumon.exe] => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM-x32\...\Run: [lxduamon] => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] ()
HKLM-x32\...\Run: [Lexmark 5600-6600 Series] => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\fm3032.exe [311976 2010-02-04] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\...\Run: [BatteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe [796160 2015-10-25] (Filipe Lourenço)
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\...\Policies\Explorer: [HideSCAPower] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\Users\Drawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk [2013-10-29]
ShortcutTarget: Dyn Updater Tray Icon.lnk -> C:\Programs\Utils\Internet\Dyn\DynTray.exe (Dyn, Inc.)
Startup: C:\Users\Drawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk [2015-11-09]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicyUsers\S-1-5-21-641602505-2303457879-1818575265-1003\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{057A0C77-B0DF-4689-978A-7948F06CDBEE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{057A0C77-B0DF-4689-978A-7948F06CDBEE}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3B20B909-F4F6-466B-BA18-2308A7E350C9}: [DhcpNameServer] 10.11.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-641602505-2303457879-1818575265-1001 -> {9B307798-DD47-405B-B8EE-83758EF6527C} URL =
SearchScopes: HKU\S-1-5-21-641602505-2303457879-1818575265-1001 -> {CBE7517C-CD9D-4CC5-BE86-D2D1C6F2726E} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-27] (Microsoft Corporation)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2010-02-04] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {ACCD6812-5384-4B4F-A155-C3047B08C7A9} hxxps://vlabs.holsystems.com/vlabs/RequirementsChecker/RequirementsCheck.CAB
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-04-17] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-641602505-2303457879-1818575265-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Drawn\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-641602505-2303457879-1818575265-1001: @microsoft.com/Office on Demand;version=1 -> C:\Users\Drawn\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll [2012-11-10] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-641602505-2303457879-1818575265-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Drawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-641602505-2303457879-1818575265-1001: @talk.google.com/O1DPlugin -> C:\Users\Drawn\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-641602505-2303457879-1818575265-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Drawn\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-641602505-2303457879-1818575265-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Drawn\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-641602505-2303457879-1818575265-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Drawn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Drawn\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-11-18] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Drawn\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Drawn\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.google.ca/","hxxps://login.yahoo.com/config/mail?.intl=ca&.done=https%3A%2F%2Fca%2Dmg6.mail.yahoo.com%3A443%2Fneo%2Flaunch%3F.rand%3Deelal9djvfe37","hxxp://ca.indeed.com/jobs?as_and=&as_phr=%22computer+science%22&as_any=%22call+centre%22+phone&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=SQL&as_phr=&as_any=%22call+centre%22+phone&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=databases&as_phr=&as_any=%22call+centre%22+phone&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=&as_phr=%22post-secondary%22&as_any=%22call+centre%22+phone&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=technology&as_phr=&as_any=%22call+centre%22+phone&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=technical&as_phr=&as_any=%22call+centre%22+phone&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=%22call+centre%22&as_phr=&as_any=+%22background+in+*+technology%22+%22technical+background%22+%22background+in+*+computers%22+%22computer+background%22&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=phone&as_phr=&as_any=%22background+in+*+technology%22+%22technical+background%22+%22background+in+*+computers%22+%22computer+background%22&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://www.indeed.ca/jobs?as_and=&as_phr=&as_any=&as_not=&as_ttl=Systems+or+System+or+administrator&as_cmp=&jt=all&st=&sr=directhire&radius=50&l=Toronto,+ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=&as_phr=%22computer+science%22&as_any=&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=&as_phr=&as_any=SQL+databases&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=technology&as_phr=&as_any=&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=technical&as_phr=&as_any=&as_not=&as_ttl=-senior+-executive+-lead+-director+-manager+sales&as_cmp=&jt=all&st=&sr=directhire&salary=&radius=50&l=Toronto,ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://www.indeed.ca/jobs?q=title%3A%28%22MS+Access%22+or+VBA%29&l=Toronto%2C+ON&radius=50&sort=date","hxxp://www.indeed.ca/jobs?as_and=&as_phr=&as_any=&as_not=&as_ttl=Android+-Senior&as_cmp=&jt=all&st=&sr=directhire&radius=50&l=Toronto,+ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://www.indeed.ca/jobs?as_and=&as_phr=&as_any=&as_not=&as_ttl=Android&as_cmp=&jt=all&st=&sr=directhire&radius=50&l=Toronto,+ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://www.indeed.ca/jobs?as_and=Android&as_phr=&as_any=&as_not=&as_ttl=&as_cmp=&jt=all&st=&sr=directhire&radius=50&l=Toronto,+ON&fromage=any&limit=50&sort=date&psf=advsrch","hxxp://ca.indeed.com/jobs?as_and=&as_phr=&as_any=&as_not=&as_ttl=Foxpro+or+%22Fox+Pro%22&as_cmp=&jt=all&st=&salary=&radius=50&l=Toronto,+ON&fromage=any&limit=50&sort=&psf=advsrch","hxxp://www.indeed.ca/jobs?q=&l=Toronto%2C+ON&radius=0&sr=directhire"
CHR DefaultSearchKeyword: Default -> bm
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Media\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Media\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Media\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Media\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Media\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Drawn\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (PDF Architect 2) - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Drawn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Drawn\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll => No File
CHR Plugin: (Microsoft Office 2013) - C:\Users\Drawn\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
CHR Plugin: (Google Talk Plugin) - C:\Users\Drawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Drawn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Cargly) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofoinpakbknmlddhnclgllplgppdade [2014-12-15]
CHR Extension: (Google Docs) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-08-10]
CHR Extension: (YouTube) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-02-25]
CHR Extension: (Webpage Screenshot) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-02-07]
CHR Extension: (Google Search) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Search by Image (by Google)) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-11-07]
CHR Extension: (8 Ball Pool Multiplayer) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddfplgpeamcbpecnihfpikllkfojgkai [2014-10-03]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2015-10-10]
CHR Extension: (Google+) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-03-11]
CHR Extension: (Google Calendar) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (YoWindow Free Weather) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2015-11-07]
CHR Extension: (Spritzify) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fceffhfbpdmobooodincobcfofgffngj [2015-02-07]
CHR Extension: (Google Finance) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-02-11]
CHR Extension: (Save as Shortcut) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flehofiklehmnnolpjcamplcnmhgcbkk [2015-05-08]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-04]
CHR Extension: (HTTPS Everywhere) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-08-17]
CHR Extension: (Google Docs Offline) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Relaxing Sounds - Giovesoft) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgbpbpobbgnaognooilkmncoonaedao [2015-02-07]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-24]
CHR Extension: (Bookmark Search) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhmokalkpaiacdofbcddkogifepbaijk [2015-02-07]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-10-30]
CHR Extension: (Pixlr Express) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-04-10]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2015-02-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (PIE Transformer) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jafbohhbdpejlcfpkbbpkegglokegjid [2015-09-27]
CHR Extension: (Disconnect) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-07-27]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-02-07]
CHR Extension: (Google Hangouts) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-11-09]
CHR Extension: (Google Play) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-22]
CHR Extension: (Google Maps) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-17]
CHR Extension: (Kijiji.ca & LesPAC.com Enhancer) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\milbijkclehoicmkjkaogiobhhpalokf [2015-02-07]
CHR Extension: (Google Play Books) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-05-11]
CHR Extension: (Time Tracker) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mokmnbikneoaenmckfmgjgjimphfojkd [2015-11-07]
CHR Extension: (Lumosity) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllechagamlfp [2013-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Draftback) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnajoiemfpldioamchanognpjmocgkbg [2015-03-25]
CHR Extension: (Better History) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2015-11-07]
CHR Extension: (Recent Bookmarks) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2015-02-07]
CHR Extension: (Picasa) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-07-11]
CHR Extension: (Instagram for Chrome) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2015-11-06]
CHR Extension: (Gmail) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (History Trends Unlimited) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmchffiealhkdloeffcdnbgdnedheme [2015-11-02]
CHR Profile: C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKU\S-1-5-21-641602505-2303457879-1818575265-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Drawn\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-28]
CHR HKU\S-1-5-21-641602505-2303457879-1818575265-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 CronService; C:\Program Files (x86)\Computer\Security\Prey\wpxsvc.exe [611854 2015-02-07] (Fork, Ltd.) [File not signed]
S2 dsiasrv; C:\Program Files (x86)\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149560 2012-09-25] (Dell Inc.)
R2 Dyn Updater; C:\Programs\Utils\Internet\Dyn\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-10-28] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-11-21] (Intel Corporation)
R2 InspireSupportService; C:\Programs\Utils\Media\Audio\Starkey\Starkey.InspireSupport.Service.exe [39936 2015-02-26] (Microsoft) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
S2 MBAMService; C:\Programs\Utils\Computer\Malware\Malwarebytes\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQL$PATIENTBASE; c:\ProgramData\Starkey Laboratories\PatientBase\MSSQL10_50.PATIENTBASE\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 PatientBaseSyncService; C:\Program Files (x86)\Starkey Laboratories\Inspire OS\PatientBaseSync\Starkey.PatientBase.Sync.Service.Host.exe [9216 2015-03-23] (Starkey Hearing Technologies) [File not signed]
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-17] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-17] (pdfforge GmbH)
R2 ReflectService.exe; C:\Programs\Utils\Computer\Backup\MacriumReflect\ReflectService.exe [1142768 2014-01-24] (Paramount Software UK Ltd)
S4 SQLAgent$PATIENTBASE; c:\ProgramData\Starkey Laboratories\PatientBase\MSSQL10_50.PATIENTBASE\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 UpdaterService; C:\Programs\Utils\Media\Audio\Starkey\InspireUpdaterSDK.exe [8192 2015-02-26] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
S2 Apache2.2; "D:\Programs\Internet\WebServer\xampp\apache\bin\httpd.exe" -k runservice [X]
S2 MySQL; "D:\Programs\Internet\WebServer\xampp\mysql\bin\mysqld.exe" --defaults-file="D:\Programs\Internet\WebServer\xampp\mysql\bin\my.ini" MySQL

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [103184 2012-03-01] (Ericsson AB)
S3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2011-01-14] (Ericsson AB)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [86584 2015-02-09] (O2Micro)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2014-11-18] (Intel  Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46016 2012-07-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443648 2013-04-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [455936 2013-04-22] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [22272 2013-04-22] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [508160 2013-04-22] (MCCI Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [76408 2013-08-01] (Paramount Software UK Ltd)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)
R3 WinRing0_1_2_0; C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2014-03-22] (OpenLibSys.org)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-22] (Ericsson AB)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 17:55 - 2015-11-09 17:55 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-11-09 17:37 - 2015-11-09 17:37 - 00000000 ___HD C:\OneDriveTemp
2015-11-09 17:37 - 2015-11-09 17:37 - 00000000 _____ C:\Windows\invcol.tmp
2015-11-09 17:36 - 2015-11-09 17:36 - 00437904 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-09 17:36 - 2015-11-09 17:36 - 00000056 _____ C:\Windows\setupact.log
2015-11-09 17:36 - 2015-11-09 17:36 - 00000000 _____ C:\Windows\setuperr.log
2015-11-08 12:38 - 2015-11-08 12:38 - 00112232 _____ C:\Users\Drawn\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-08 11:25 - 2015-11-09 19:32 - 00000000 ____D C:\FRST
2015-11-07 21:19 - 2015-11-07 21:19 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-07 19:14 - 2015-11-08 15:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-07 19:13 - 2015-11-07 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2015-11-07 19:13 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-07 19:13 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-07 12:17 - 2015-11-07 12:17 - 00000000 ____D C:\Users\Drawn\AppData\Local\TempTaskUpdateDetection54FCC42C-900C-4C44-B649-85AAFD37ECEF
2015-11-07 11:36 - 2015-11-07 12:48 - 00000000 ____D C:\Qoobox
2015-11-07 11:36 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-07 11:36 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-07 11:36 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-07 11:36 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-07 11:36 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-07 11:36 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-07 11:36 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-07 11:36 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-05 09:43 - 2015-11-05 09:43 - 00007616 _____ C:\Windows\srtpoq.xml
2015-11-04 19:02 - 2015-11-04 19:02 - 00000089 _____ C:\Users\Drawn\Desktop\Takagi TK-JR vibrating noise - Fixya.url
2015-10-30 17:13 - 2015-10-30 17:13 - 00215617 _____ C:\Users\Drawn\Downloads\will.zip
2015-10-25 15:35 - 2015-10-25 15:35 - 00000089 _____ C:\Users\Drawn\Documents\Takagi TK-JR vibrating noise - Fixya.url
2015-10-23 09:35 - 2015-10-23 09:35 - 00001186 _____ C:\Users\Drawn\Desktop\TurningPoint Sessions.lnk
2015-10-23 08:32 - 2015-10-23 08:32 - 00001608 _____ C:\Users\Drawn\Desktop\PowerPoint Recovery Folder.lnk
2015-10-22 19:07 - 2015-10-23 09:35 - 00000000 ____D C:\Users\Drawn\Documents\TurningPoint
2015-10-22 19:07 - 2015-10-22 19:07 - 00002251 _____ C:\Users\Drawn\Desktop\TurningPoint 2008.lnk
2015-10-22 19:07 - 2015-10-22 19:07 - 00000000 ____D C:\Users\Drawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turning Technologies, LLC
2015-10-21 21:25 - 2015-10-21 21:25 - 00001735 _____ C:\Users\Drawn\Desktop\MS Office UnsavedFiles.lnk
2015-10-21 21:22 - 2015-10-21 21:22 - 00001608 _____ C:\Users\Drawn\Desktop\PowerPoint Autorecovery.lnk
2015-10-21 18:14 - 2015-10-21 18:14 - 00001601 _____ C:\Users\Drawn\Desktop\Google Drive Sync.lnk
2015-10-21 18:12 - 2015-10-21 18:12 - 00001201 _____ C:\Users\Drawn\Desktop\DOTS Google Drive.lnk
2015-10-21 18:10 - 2015-11-07 11:48 - 00000000 ____D C:\Users\DOTS
2015-10-21 18:10 - 2015-10-28 19:49 - 00001701 _____ C:\Users\Drawn\Desktop\Google Drive.lnk
2015-10-21 18:10 - 2015-10-21 18:11 - 00000000 ___RD C:\Users\DOTS\Google Drive
2015-10-12 07:39 - 2015-10-12 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-10-11 14:42 - 2015-11-09 17:37 - 00000000 ___RD C:\Users\Drawn\OneDrive
2015-10-09 13:17 - 2015-10-22 19:07 - 00000000 ____D C:\Program Files (x86)\Turning Technologies
2015-10-09 13:17 - 2015-10-09 13:17 - 00000000 ____D C:\Users\Drawn\AppData\Roaming\Turning Technologies
2015-10-09 13:12 - 2015-10-09 13:17 - 00000000 ____D C:\ProgramData\Turning Technologies
2015-10-09 12:26 - 2015-10-09 12:26 - 00002510 _____ C:\Users\Drawn\Desktop\GoToMeeting Quick Connect.lnk
2015-10-09 12:00 - 2015-10-09 12:00 - 00000000 ____D C:\Users\Drawn\Documents\Fitness
2015-10-09 11:57 - 2015-11-09 19:16 - 00000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-641602505-2303457879-1818575265-1001.job
2015-10-09 11:57 - 2015-11-09 18:13 - 00000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-641602505-2303457879-1818575265-1001.job
2015-10-09 11:57 - 2015-10-29 19:21 - 00003668 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-641602505-2303457879-1818575265-1001
2015-10-09 11:57 - 2015-10-29 19:21 - 00003572 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-641602505-2303457879-1818575265-1001
2015-10-09 11:57 - 2015-10-09 11:57 - 00000000 ____D C:\Users\Drawn\AppData\Local\Citrix
2015-10-09 11:57 - 2015-10-09 11:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-09-25 21:48 - 2015-09-25 21:48 - 00000091 _____ C:\Users\Drawn\Documents\overnight 124.txt
2015-09-22 15:24 - 2015-09-22 15:24 - 00099444 _____ C:\Users\Drawn\Downloads\Shared_Image_20150916_205623.jpeg
2015-09-21 16:53 - 2015-09-21 16:54 - 00000000 ____D C:\Users\Drawn\Documents\Building
2015-09-21 16:28 - 2015-09-21 16:28 - 00000139 _____ C:\Users\Drawn\Documents\Reaching Goals.txt
2015-09-19 14:14 - 2015-09-19 14:14 - 00000125 _____ C:\Users\Drawn\Desktop\Coding ‘boot camps’ promise fast, rewarding career in tech – for a price  Globalnews.ca.url
2015-09-18 11:05 - 2015-09-18 11:05 - 00002193 _____ C:\Users\Drawn\Desktop\Notch8300HzLEF.wav - Shortcut.lnk
2015-09-17 15:02 - 2015-09-17 15:02 - 00174458 _____ C:\Users\Drawn\Downloads\Shared_Image_20150829_140252.jpeg
2015-09-16 19:21 - 2015-09-16 19:21 - 00000065 _____ C:\Users\Drawn\Documents\youtube video.txt
2015-09-12 22:07 - 2015-09-12 22:07 - 00000176 _____ C:\Users\Drawn\Downloads\CPO - Member Search.url
2015-09-05 11:29 - 2015-09-05 11:29 - 00000100 _____ C:\Users\Drawn\Documents\okCupid Questions.txt
2015-09-04 10:24 - 2015-09-04 10:24 - 00000171 _____ C:\Users\Drawn\Downloads\BDO  Careers  Technical Support Specialist - evening shift.url
2015-08-26 18:16 - 2015-08-26 18:16 - 00000650 _____ C:\Users\Drawn\Downloads\qr_code.zip
2015-08-26 16:04 - 2015-08-26 16:04 - 04587520 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2015-08-26 15:57 - 2015-08-26 15:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-26 15:57 - 2015-08-26 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-22 20:01 - 2015-08-22 20:01 - 00000083 _____ C:\Users\Drawn\Desktop\Technical service sales consultant (Managed Services Sales Specialist) - Toronto, ON - Job Posting - Job Bank.url
2015-08-19 15:34 - 2015-11-05 09:46 - 00002430 _____ C:\Users\Drawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pixlr.com.lnk
2015-08-19 13:13 - 2015-08-19 13:13 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
2015-08-19 13:12 - 2015-08-19 13:13 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2015-08-19 13:10 - 2015-08-19 13:10 - 00000000 ____D C:\ProgramData\Cisco Systems
2015-08-18 07:38 - 2015-08-18 07:38 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-08-18 07:38 - 2015-08-18 07:38 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-08-15 12:12 - 2015-08-15 12:12 - 00000119 _____ C:\Users\Drawn\Desktop\Inspire Cable Connections.url
2015-08-15 12:11 - 2015-08-15 12:11 - 00000107 _____ C:\Users\Drawn\Desktop\Xino Tinnitus Initial Inspire Adjustments.url
2015-08-15 11:17 - 2015-08-15 11:17 - 00000000 ____D C:\Users\Drawn\AppData\Local\Starkey
2015-08-15 11:17 - 2015-08-15 11:17 - 00000000 ____D C:\ProgramData\Starkey
2015-08-15 11:17 - 2015-08-15 11:17 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-08-15 11:08 - 2015-08-15 11:08 - 00002290 _____ C:\Users\Drawn\Desktop\Inspire with PatientBase.lnk
2015-08-15 11:08 - 2015-08-15 11:08 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2015-08-15 11:08 - 2015-08-15 11:08 - 00000000 ____D C:\Program Files (x86)\Starkey Laboratories
2015-08-15 11:07 - 2015-08-15 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2015-08-15 11:07 - 2015-08-15 11:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2015-08-15 11:07 - 2012-06-29 00:22 - 00082888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$PATIENTBASE-sqlctr10.52.4000.0.dll
2015-08-15 11:07 - 2012-06-29 00:22 - 00057288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.PATIENTBASE-sqlagtctr.dll
2015-08-15 11:06 - 2015-08-15 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2015-08-15 11:06 - 2015-08-15 11:06 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-08-15 11:06 - 2015-08-15 11:06 - 00000000 ____D C:\Windows\system32\1033
2015-08-15 11:05 - 2015-08-15 11:06 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-08-15 10:53 - 2015-08-15 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My archive shortcuts
2015-08-15 10:52 - 2015-08-15 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starkey Laboratories
2015-08-15 10:52 - 2015-08-15 11:03 - 00000000 ____D C:\Users\Drawn\AppData\Local\Starkey Laboratories
2015-08-15 10:52 - 2015-08-15 10:52 - 00000000 ____D C:\ProgramData\Inspire Updater
2015-08-15 10:51 - 2015-08-15 10:51 - 00000000 ____D C:\Program Files\Starkey Laboratories
2015-08-15 10:50 - 2015-08-15 10:50 - 00053612 _____ C:\ProgramData\InstallOnDemand.xml
2015-08-15 10:49 - 2015-08-15 11:07 - 00000000 ____D C:\ProgramData\Starkey Laboratories
2015-08-13 15:18 - 2015-08-13 15:18 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Mythicsoft
2015-08-11 09:03 - 2015-08-11 09:03 - 317520044 _____ C:\Users\Drawn\Documents\WhiteNoise 9200Hz.wav

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 19:27 - 2015-05-18 18:35 - 00005014 _____ C:\Windows\System32\Tasks\WSCEAA
2015-11-09 18:56 - 2013-09-03 15:42 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-641602505-2303457879-1818575265-1001UA.job
2015-11-09 18:47 - 2013-07-26 14:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-09 18:36 - 2013-07-19 04:18 - 01201748 _____ C:\Windows\WindowsUpdate.log
2015-11-09 17:46 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-09 17:46 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-09 17:43 - 2013-07-26 13:04 - 00000000 ____D C:\Users\Drawn
2015-11-09 17:41 - 2009-07-14 00:13 - 00891450 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-09 17:37 - 2015-07-22 18:47 - 00000000 ___RD C:\Users\Drawn\Google Drive
2015-11-09 17:37 - 2015-02-04 22:54 - 00000492 _____ C:\Windows\Tasks\DellBackup Full Exact Copy of HDD.job
2015-11-09 17:37 - 2014-11-08 00:09 - 00000000 ____D C:\Users\Greg\AppData\Local\TSVNCache
2015-11-09 17:37 - 2013-07-26 14:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 17:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-08 16:12 - 2013-07-31 12:33 - 00000000 ____D C:\Output Files
2015-11-08 14:51 - 2013-07-27 16:05 - 00000000 ____D C:\Users\Drawn\AppData\Roaming\BatteryCare
2015-11-08 12:48 - 2014-11-08 00:09 - 00000000 ____D C:\Users\Drawn\AppData\Local\TSVNCache
2015-11-08 11:55 - 2013-07-28 15:53 - 00000000 ____D C:\Users\Drawn\AppData\Roaming\Skype
2015-11-07 21:11 - 2014-02-28 16:59 - 00000000 ____D C:\AdwCleaner
2015-11-07 19:25 - 2014-03-19 15:13 - 00000000 ____D C:\Program Files (x86)\BitLord 2
2015-11-07 19:13 - 2014-02-04 16:18 - 00000000 ____D C:\Users\Drawn\AppData\Roaming\Malwarebytes
2015-11-07 19:13 - 2014-02-04 16:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-07 12:48 - 2013-07-26 14:11 - 00000000 ____D C:\Users\Drawn\AppData\Local\Apps\2.0
2015-11-07 12:34 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-11-07 12:17 - 2014-02-04 15:45 - 00000000 ____D C:\Windows\erdnt
2015-11-07 09:56 - 2013-09-03 15:42 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-641602505-2303457879-1818575265-1001Core.job
2015-11-05 09:46 - 2015-07-28 08:16 - 00003047 _____ C:\Users\Drawn\Desktop\WhosHere.lnk
2015-11-05 09:46 - 2015-07-28 05:39 - 00003175 _____ C:\Users\Drawn\Desktop\Nearby Live.lnk
2015-11-05 09:46 - 2015-07-13 19:37 - 00002430 _____ C:\Users\Drawn\Desktop\Ted Reeve - Wikipedia.lnk
2015-11-05 09:46 - 2015-05-27 22:35 - 00003465 _____ C:\Users\Drawn\Desktop\Smashing Magazine.lnk
2015-11-05 09:46 - 2015-05-27 22:35 - 00002911 _____ C:\Users\Drawn\Desktop\FieldTest.lnk
2015-11-05 09:46 - 2015-05-16 00:09 - 00002520 _____ C:\Users\Drawn\Desktop\Gideon Dsouza - How to get the current location, address and send it to a server on android.lnk
2015-11-05 09:46 - 2015-05-16 00:09 - 00002452 _____ C:\Users\Drawn\Desktop\Android Tutorials and Snippets_ Acquiring GPS location fix.lnk
2015-11-05 09:46 - 2015-05-14 21:54 - 00003215 _____ C:\Users\Drawn\Desktop\[FAQ - All You Need] GT-S7560M Galaxy Ace II.lnk
2015-11-05 09:46 - 2015-04-30 21:26 - 00002468 _____ C:\Users\Drawn\Desktop\android - Create NumberPicker dialog in preference - Stack Overflow.lnk
2015-11-05 09:46 - 2015-04-30 21:26 - 00002432 _____ C:\Users\Drawn\Desktop\site_stackoverflow.com _numberpicker_ - Google Search.lnk
2015-11-05 09:46 - 2015-03-06 16:42 - 00002338 _____ C:\Users\Drawn\Desktop\The Exchange.lnk
2015-11-05 09:46 - 2015-02-13 16:38 - 00002691 _____ C:\Users\Drawn\Desktop\Canada Weather.lnk
2015-11-05 09:46 - 2014-09-14 23:17 - 00002655 _____ C:\Users\Drawn\Desktop\8 Ball Pool.lnk
2015-11-05 09:46 - 2014-08-22 09:50 - 00003055 _____ C:\Users\Drawn\Desktop\Tinnitus Treatment Sound Therapy.lnk
2015-11-05 09:46 - 2014-03-01 11:38 - 00003375 _____ C:\Users\Drawn\Desktop\Khan Academy.lnk
2015-11-04 19:59 - 2013-08-07 15:37 - 04644352 ___SH C:\Users\Drawn\Documents\Thumbs.db
2015-11-04 19:58 - 2014-09-17 16:27 - 00000000 ____D C:\Users\Drawn\AppData\Roaming\avidemux
2015-11-01 17:19 - 2014-12-25 23:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-29 19:52 - 2009-07-14 00:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-28 21:32 - 2013-07-27 16:05 - 00000000 ____D C:\Program Files (x86)\BatteryCare
2015-10-28 19:49 - 2015-06-22 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare
2015-10-27 18:27 - 2013-08-02 13:35 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 18:11 - 2014-02-19 15:15 - 00002162 _____ C:\Users\Drawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-10-24 07:32 - 2014-06-09 14:06 - 00002332 _____ C:\Users\Drawn\Documents\Public Documents.lnk
2015-10-24 07:32 - 2014-01-05 05:42 - 00001001 _____ C:\Users\Drawn\Documents\OneDrive.lnk
2015-10-20 16:49 - 2015-07-22 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-18 18:30 - 2013-07-26 13:06 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2015-10-18 18:19 - 2015-02-07 14:51 - 00000000 ____D C:\Windows\Prey
2015-10-18 18:19 - 2014-07-04 18:28 - 00000000 ____D C:\Users\Greg
2015-10-18 18:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-10-17 18:53 - 2015-02-20 11:55 - 00000000 ____D C:\Users\Drawn\Documents\POF
2015-10-17 11:58 - 2013-07-28 15:53 - 00000000 ____D C:\ProgramData\Skype
2015-10-13 18:38 - 2015-05-15 08:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-12 07:39 - 2014-04-01 16:34 - 00003722 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-12 07:39 - 2014-04-01 16:34 - 00003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-10-11 10:24 - 2013-08-02 13:39 - 00000000 ___RD C:\Users\Drawn\SkyDrive

==================== Files in the root of some directories =======

2014-02-16 19:20 - 2014-02-16 19:20 - 0000432 _____ () C:\Users\Drawn\AppData\Roaming\.backup.dm
2013-07-26 13:05 - 2013-07-30 19:51 - 0026387 _____ () C:\Users\Drawn\AppData\Roaming\AbsoluteReminder.xml
2013-12-11 12:33 - 2014-12-18 21:16 - 0000000 _____ () C:\Users\Drawn\AppData\Roaming\bitlord_log.txt
2015-01-14 17:34 - 2015-09-17 12:27 - 0007680 _____ () C:\Users\Drawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-03 09:40 - 2015-05-03 09:40 - 0000779 _____ () C:\Users\Drawn\AppData\Local\recently-used.xbel
2013-07-27 19:24 - 2013-07-27 19:24 - 0000017 _____ () C:\Users\Drawn\AppData\Local\resmon.resmoncfg
2013-07-28 21:03 - 2013-07-28 21:06 - 0033395 _____ () C:\Users\Drawn\AppData\Local\WiDiSetupLog.20130728.220353.wdl
2014-02-25 22:36 - 2014-02-25 22:54 - 0025212 _____ () C:\Users\Drawn\AppData\Local\WiDiSetupLog.20140225.223646.wdl
2015-05-02 08:45 - 2015-05-02 08:46 - 0028600 _____ () C:\Users\Drawn\AppData\Local\WiDiSetupLog.20150502.084553.txt
2015-05-02 08:55 - 2015-05-02 08:55 - 0028673 _____ () C:\Users\Drawn\AppData\Local\WiDiSetupLog.20150502.085540.txt
2013-07-26 13:41 - 2013-07-26 13:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-06 16:00 - 2014-06-06 16:00 - 0000252 _____ () C:\ProgramData\FastPics.log
2015-08-15 10:50 - 2015-08-15 10:50 - 0053612 _____ () C:\ProgramData\InstallOnDemand.xml
2014-06-06 13:20 - 2015-04-14 12:49 - 0000776 _____ () C:\ProgramData\lxdu.log
2014-06-06 13:24 - 2015-04-14 12:49 - 0001216 _____ () C:\ProgramData\lxduDiagnostics.log
2014-06-06 14:17 - 2014-06-06 14:17 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-31 10:37

==================== End of FRST.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:04 PM

Posted 12 November 2015 - 10:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicyUsers\S-1-5-21-641602505-2303457879-1818575265-1003\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-641602505-2303457879-1818575265-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Drawn\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Google Update) - C:\Users\Drawn\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll => No File
S2 Apache2.2; "D:\Programs\Internet\WebServer\xampp\apache\bin\httpd.exe" -k runservice [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:04 PM

Posted 18 November 2015 - 09:38 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users