Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirects to ads that wont let me do close them


  • This topic is locked This topic is locked
5 replies to this topic

#1 Sazal

Sazal

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 06 December 2015 - 09:46 AM

When I search for something on google it redirects me to another site usually an ad, but sometimes it also redirects me to a webpage that i cannot reach the bottom of it while in laptop mode, this website also make beeping noises. Only when I change to tablet mode and use the laptop in a vertical position I am able to reach the bottom and click the box and it will then disappear.

I did not think it was anything but I then searched online for anyone experiencing a similar problem and was shocked to discover it was a virus. So I downloaded a few virus checkers but they did not find anything. I tried TDSSKILLER and GMER but nothing was found. So please can you help me.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by user (administrator) on LENOVO-PC (06-12-2015 14:17:35)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PaperDisplay\x86\PaperLookingSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
() C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Pokki) C:\Users\user\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
() C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\user\AppData\Local\Viber\Viber.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Skype Technologies S.A.) C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\SkypeShell.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [609200 2015-03-01] (Waves Audio Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-09-19] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791368 2015-04-17] ()
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe [107776 2015-01-15] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-04-17] (Lenovo)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [559896 2014-11-19] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [HarmonyPicks] => C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe [5243160 2014-12-24] (Lenovo)
HKLM-x32\...\Run: [HarmonySetting] => C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe [2696448 2015-01-04] (Lenovo)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\...\Run: [Viber] => C:\Users\user\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{438CAF58-9C79-459C-A4BB-DD36C8CC02B0}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{A54EF39F-172C-42D9-BA10-A6A82591B4FF}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVdF8OUA4SGRhAcw1bTA0SRQUOeFoJUhREGQITI1gMUgtAF1AFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==
hxxp://mystart.lenovo.com
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> DefaultScope {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> OldSearch URL = 
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> {7AEE52B6-5F6B-4CCC-B18A-FB69DFB1A458} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-11-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-11-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files (x86)\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-11-13] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-09-28] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3709492034-2646253011-3486674909-1001: SkypePlugin -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi.dll [2015-10-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3709492034-2646253011-3486674909-1001: SkypePlugin64 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi-x64.dll [2015-10-22] (Skype Technologies S.A.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-20] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/?type=994519&fr=yo-yhp-ch
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (Skype Calling) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-04]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-05]
CHR Extension: (Readium) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-06]
CHR Extension: (Apps Launcher) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2015-11-09]
CHR Extension: (Sticky Notes) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbjdhgkkhefpifbifjiflpaajchdkhpg [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-05]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [599024 2014-08-05] (Lenovo Corporation)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [624568 2015-02-12] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [448400 2014-03-24] (Nuance Communications, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-24] (Dropbox, Inc.)
R2 esifsvc; C:\windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191512 2014-11-20] (Lenovo) [File not signed]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1115064 2015-02-12] ()
R2 HarmonySettingService; C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe [17688 2014-12-24] (Lenovo) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-13] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2014-12-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-10-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2544408 2014-11-19] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2005320 2014-10-13] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [727536 2014-08-05] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-04-17] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2015-12-06] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-26] (Lenovo(beijing) Limited)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-17] (Lenovo(beijing) Limited)
R2 PaperLookingSrv; C:\Program Files (x86)\Lenovo\PaperDisplay\x86\PaperLookingSrv.exe [173848 2014-11-25] (Lenovo)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [524552 2014-05-28] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-04-17] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-04-17] (Lenovo)
S2 PLHotkeyService; C:\Program Files (x86)\Lenovo\PaperDisplay\x86\PLHotkeyService.exe [26392 2014-11-25] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-04-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32512 2015-01-15] (Lenovo)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
S3 AvgAMPS; "C:\Program Files (x86)\AVG\Av\avgamps.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2014-11-20] (Windows ® Win 7 DDK provider) [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [219592 2014-08-13] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79528 2014-09-04] (Intel Corporation)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2015-01-20] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-09-19] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [694944 2014-11-06] (Sunplus)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 14:17 - 2015-12-06 14:18 - 00033620 _____ C:\Users\user\Downloads\FRST.txt
2015-12-06 14:17 - 2015-12-06 14:17 - 00000000 ____D C:\FRST
2015-12-06 14:16 - 2015-12-06 14:16 - 02369024 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-12-06 13:50 - 2015-12-06 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-06 13:44 - 2015-12-06 13:44 - 00291472 _____ C:\windows\Minidump\120615-5000-01.dmp
2015-12-06 06:48 - 2015-12-06 06:50 - 00249022 _____ C:\TDSSKiller.3.1.0.7_06.12.2015_06.48.46_log.txt
2015-12-06 03:44 - 2015-12-06 03:44 - 04400959 _____ C:\Users\user\Downloads\attachment_73890587961292fd6375e354bb70ea2e
2015-12-06 03:23 - 2015-12-06 03:23 - 08064462 _____ C:\Users\user\Downloads\Muscle Rap!.mp4
2015-12-06 03:04 - 2015-12-06 03:04 - 06263957 _____ C:\Users\user\Downloads\The Heart Song.mp4
2015-12-06 03:02 - 2015-12-06 03:03 - 239792312 _____ C:\Users\user\Downloads\Atrial Fibrillation made simple Part 2.mp4
2015-12-06 03:01 - 2015-12-06 03:02 - 119152233 _____ C:\Users\user\Downloads\Atrial Fibrillation made simple Part 1.mp4
2015-12-06 02:56 - 2015-12-06 02:56 - 04194649 _____ C:\Users\user\Downloads\The ST Elevation Song!  (What to Look for on an EKG).mp4
2015-12-06 02:51 - 2015-12-06 02:51 - 43438863 _____ C:\Users\user\Downloads\Pneumonia Explained Clearly - 3 of 3.mp4
2015-12-06 02:50 - 2015-12-06 02:50 - 67358595 _____ C:\Users\user\Downloads\Pneumonia Explained Clearly - 2 of 3.mp4
2015-12-06 01:27 - 2015-12-06 13:44 - 00000000 ____D C:\windows\Minidump
2015-12-06 01:27 - 2015-12-06 01:27 - 01214680 _____ C:\windows\Minidump\120615-7812-01.dmp
2015-12-06 00:58 - 2015-12-06 00:58 - 46683339 _____ C:\Users\user\Downloads\Pneumonia Explained Clearly.mp4
2015-12-06 00:57 - 2015-12-06 00:57 - 40845323 _____ C:\Users\user\Downloads\Heart Failure Explained Clearly - 3 of 3.mp4
2015-12-06 00:56 - 2015-12-06 00:56 - 58681119 _____ C:\Users\user\Downloads\Heart Failure Explained Clearly - 2 of 3.mp4
2015-12-06 00:50 - 2015-12-06 00:50 - 43864916 _____ C:\Users\user\Downloads\Heart Failure Explained Clearly.mp4
2015-12-06 00:31 - 2015-12-06 00:33 - 00249152 _____ C:\TDSSKiller.3.1.0.7_06.12.2015_00.31.49_log.txt
2015-12-06 00:31 - 2015-12-06 00:31 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2015-12-06 00:03 - 2015-12-06 00:04 - 00380416 _____ C:\Users\user\Downloads\76epo01w.exe
2015-12-04 12:52 - 2015-12-04 13:24 - 00000000 ____D C:\Users\user\Documents\UserTesting
2015-12-04 12:48 - 2015-12-04 13:06 - 00000000 ____D C:\Users\user\AppData\Local\UserTestingPlugin
2015-12-04 12:48 - 2015-12-04 12:48 - 24394248 _____ C:\Users\user\Downloads\InstallUserTestingPlugin-v1.8.exe
2015-12-04 00:56 - 2015-12-04 00:56 - 00049701 _____ C:\Users\user\Downloads\Police_report_Mark_bristow_ENG_sh1t_translation.pdf
2015-12-03 19:13 - 2015-12-03 19:13 - 02334665 _____ C:\Users\user\Downloads\attachment_303704861e24213ec3989bd1d34dbc42.pdf
2015-12-03 01:43 - 2015-12-03 01:43 - 57899340 _____ C:\Users\user\Downloads\Asthma Explained Clearly - 2 of 2.mp4
2015-12-03 01:43 - 2015-12-03 01:43 - 45901655 _____ C:\Users\user\Downloads\Asthma Explained Clearly.mp4
2015-12-03 01:42 - 2015-12-03 01:42 - 42099100 _____ C:\Users\user\Downloads\Jugular Venous Pulse (JVP) Explained Clearly - 2 of 2.mp4
2015-12-03 01:42 - 2015-12-03 01:42 - 41620468 _____ C:\Users\user\Downloads\Jugular Venous Pulse (JVP) Explained Clearly.mp4
2015-12-03 01:01 - 2015-12-03 01:01 - 46473679 _____ C:\Users\user\Downloads\Pulmonary Embolism Explained Clearly - 4 of 4.mp4
2015-12-03 01:01 - 2015-12-03 01:01 - 42502750 _____ C:\Users\user\Downloads\Pulmonary Embolism Explained Clearly - 3 of 4.mp4
2015-12-03 01:01 - 2015-12-03 01:01 - 40333742 _____ C:\Users\user\Downloads\Pulmonary Embolism Explained Clearly - 2 of 4.mp4
2015-12-03 01:00 - 2015-12-03 01:00 - 38013380 _____ C:\Users\user\Downloads\Pulmonary Embolism Explained Clearly.mp4
2015-12-03 00:57 - 2015-12-03 00:57 - 20233892 _____ C:\Users\user\Downloads\CT Scan of the Chest Explained Clearly.mp4
2015-12-03 00:37 - 2015-12-03 00:37 - 48997692 _____ C:\Users\user\Downloads\Diabetic Ketoacidosis (DKA) Treatment Explained Clearly.mp4
2015-12-03 00:36 - 2015-12-03 00:37 - 54104659 _____ C:\Users\user\Downloads\Diabetic Ketoacidosis (DKA) Explained Clearly.mp4
2015-12-03 00:36 - 2015-12-03 00:36 - 29970312 _____ C:\Users\user\Downloads\Hypoxemia Explained Clearly.mp4
2015-12-03 00:32 - 2015-12-03 00:32 - 74269002 _____ C:\Users\user\Downloads\Shock Explained Clearly.mp4
2015-12-03 00:31 - 2015-12-03 00:31 - 78385839 _____ C:\Users\user\Downloads\Shock and Sepsis Treatment Explained Clearly.mp4
2015-12-02 21:06 - 2015-12-02 21:06 - 00461514 _____ C:\Users\user\Downloads\attachment_141006586f2334e69bde2e9c54af92c2.pdf
2015-12-02 19:50 - 2015-12-04 12:54 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2015-12-02 19:45 - 2015-12-02 19:45 - 00143357 _____ C:\Users\user\Downloads\microsoftaccounts.diagcab
2015-11-30 20:08 - 2015-12-02 13:57 - 00032256 _____ C:\Users\user\Documents\Keywords.xls
2015-11-30 02:19 - 2015-11-30 02:19 - 00000000 ____D C:\Users\user\Downloads\Medcram
2015-11-30 01:57 - 2015-11-30 01:57 - 12030721 _____ C:\Users\user\Downloads\NeprOtic syndromes.mp4
2015-11-30 01:38 - 2015-11-30 01:38 - 38167742 _____ C:\Users\user\Downloads\Pericarditis - USMLE Step 2 Review.mp4
2015-11-30 01:17 - 2015-11-30 01:18 - 74164559 _____ C:\Users\user\Downloads\Interpretation of ECG.mp4
2015-11-30 01:16 - 2015-11-30 01:16 - 15351341 _____ C:\Users\user\Downloads\Zollinger-Ellison Syndrome.mp4
2015-11-30 01:15 - 2015-11-30 01:16 - 68605687 _____ C:\Users\user\Downloads\Chest X-Ray (CXR) Analysis in a Nutshell.mp4
2015-11-29 22:36 - 2015-11-29 22:36 - 03440128 _____ C:\Users\user\Downloads\MND.ppt
2015-11-29 22:36 - 2015-11-29 22:36 - 02608128 _____ C:\Users\user\Downloads\Lec 1. Congenital  Respiratory disorders_Masters (1).ppt
2015-11-29 22:36 - 2015-11-29 22:36 - 02421248 _____ C:\Users\user\Downloads\Lecture 2. Upper respiratory tract infections (1).ppt
2015-11-29 22:35 - 2015-11-29 22:36 - 09178624 _____ C:\Users\user\Downloads\spinal cord lesion 2.ppt
2015-11-29 22:35 - 2015-11-29 22:35 - 06066688 _____ C:\Users\user\Downloads\Neuromuscular dis.ppt
2015-11-29 22:35 - 2015-11-29 22:35 - 00717824 _____ C:\Users\user\Downloads\Ataxia.ppt
2015-11-29 22:35 - 2015-11-29 22:35 - 00069120 _____ C:\Users\user\Downloads\neuropathy.ppt
2015-11-29 22:34 - 2015-11-29 22:35 - 12172288 _____ C:\Users\user\Downloads\gyni..ppt
2015-11-29 10:54 - 2015-11-29 10:54 - 00226708 _____ C:\Users\user\Downloads\attachment_145499c9feeb7c9daa6209f563157211.pdf
2015-11-27 09:50 - 2015-11-27 09:50 - 00348160 _____ C:\Users\user\Documents\Database1.accdb
2015-11-24 18:32 - 2015-11-24 18:32 - 00274927 _____ C:\Users\user\Downloads\attachment_e2e14fdded91b39a638916672d6f8e59.pdf
2015-11-24 18:08 - 2015-12-06 13:48 - 00000000 ___RD C:\Users\user\Dropbox
2015-11-24 18:08 - 2015-11-24 18:08 - 00001257 _____ C:\Users\user\Desktop\Dropbox.lnk
2015-11-24 18:07 - 2015-11-24 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-24 18:06 - 2015-11-24 18:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2015-11-24 17:58 - 2015-12-06 14:03 - 00000924 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-24 17:58 - 2015-12-06 13:48 - 00000000 ____D C:\Users\user\AppData\Local\Dropbox
2015-11-24 17:58 - 2015-12-06 13:47 - 00000920 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-24 17:58 - 2015-11-24 18:07 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-24 17:58 - 2015-11-24 17:58 - 00660960 _____ (Dropbox, Inc.) C:\Users\user\Downloads\DropboxInstaller.exe
2015-11-24 17:58 - 2015-11-24 17:58 - 00003896 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-11-24 17:58 - 2015-11-24 17:58 - 00003660 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-11-24 17:58 - 2015-11-24 17:58 - 00000000 ____D C:\ProgramData\Dropbox
2015-11-23 15:16 - 2015-11-23 15:16 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sun
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 15:15 - 2015-11-23 15:15 - 00000000 ____D C:\Users\user\AppData\LocalLow\Oracle
2015-11-22 13:15 - 2015-11-22 13:16 - 90542657 _____ C:\Users\user\Downloads\Arabic copy check.zip
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\Users\user\AppData\Local\WinZip
2015-11-21 21:41 - 2015-11-21 21:41 - 06447834 _____ C:\Users\user\Downloads\attachment_7aa78be348beca2b11e4b27c4e2da03c
2015-11-21 01:00 - 2015-11-21 01:00 - 00000000 ____D C:\Users\user\AppData\Roaming\TuneUp Software
2015-11-21 00:51 - 2015-11-21 14:29 - 00000000 ____D C:\ProgramData\MFAData
2015-11-21 00:51 - 2015-11-21 00:51 - 00000000 ____D C:\Users\user\AppData\Local\MFAData
2015-11-21 00:50 - 2015-11-21 00:50 - 00000950 _____ C:\Users\Public\Desktop\AVG.lnk
2015-11-21 00:50 - 2015-11-21 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-11-21 00:47 - 2015-11-21 01:00 - 00000000 ____D C:\ProgramData\Avg
2015-11-21 00:47 - 2015-11-21 00:59 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-21 00:00 - 2015-11-21 14:29 - 00000000 ____D C:\Users\user\AppData\Local\AvgSetupLog
2015-11-21 00:00 - 2015-11-21 00:00 - 00000000 ____D C:\Users\user\AppData\Local\Avg
2015-11-20 23:59 - 2015-11-21 00:00 - 02924672 _____ (AVG Technologies) C:\Users\user\Downloads\AVG_Protection_Free_698.exe
2015-11-20 23:17 - 2015-11-20 23:17 - 00000000 ____D C:\Users\user\Documents\Custom Office Templates
2015-11-18 14:10 - 2015-11-18 14:10 - 00489377 _____ C:\Users\user\Documents\Kij9MKyiq.jpeg
2015-11-18 12:25 - 2015-11-18 12:25 - 02421248 _____ C:\Users\user\Downloads\Lecture 2. Upper respiratory tract infections.ppt
2015-11-18 12:24 - 2015-11-18 12:24 - 15714304 _____ C:\Users\user\Downloads\renal.ppt
2015-11-18 12:24 - 2015-11-18 12:24 - 14667264 _____ C:\Users\user\Downloads\obs.ppt
2015-11-18 12:24 - 2015-11-18 12:24 - 04212736 _____ C:\Users\user\Downloads\Movement disorders 2012.ppt
2015-11-18 12:24 - 2015-11-18 12:24 - 02608128 _____ C:\Users\user\Downloads\Lec 1. Congenital  Respiratory disorders_Masters.ppt
2015-11-18 00:11 - 2015-11-18 00:12 - 00000000 ____D C:\ProgramData\WinZip
2015-11-18 00:11 - 2015-11-18 00:11 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-11-18 00:11 - 2015-11-18 00:11 - 00002008 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-11-18 00:11 - 2015-11-18 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-11-18 00:11 - 2015-11-18 00:11 - 00000000 ____D C:\Program Files (x86)\WinZip
2015-11-17 23:47 - 2015-11-17 23:47 - 77074336 _____ C:\Users\user\Downloads\Surgical Recall 7th Edition 2014 PDF.rar
2015-11-15 18:19 - 2015-11-17 23:05 - 00000000 ____D C:\Users\user\Downloads\surgery
2015-11-15 18:11 - 2015-11-17 23:01 - 00000000 ____D C:\Users\user\Downloads\radiology
2015-11-15 18:00 - 2015-11-15 18:04 - 00000000 ____D C:\Users\user\Downloads\paed
2015-11-15 17:25 - 2015-11-15 17:59 - 00000000 ____D C:\Users\user\Downloads\internal medicine
2015-11-15 01:09 - 2015-12-06 00:29 - 00000000 ____D C:\Users\user\Documents\ViberDownloads
2015-11-15 01:08 - 2015-12-06 13:47 - 00000000 ____D C:\Users\user\AppData\Roaming\ViberPC
2015-11-15 01:08 - 2015-11-15 01:08 - 00000978 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2015-11-15 01:08 - 2015-11-15 01:08 - 00000976 _____ C:\Users\user\Desktop\Viber.lnk
2015-11-15 01:08 - 2015-11-15 01:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2015-11-15 01:07 - 2015-12-02 15:18 - 00000000 ____D C:\Users\user\AppData\Local\Viber
2015-11-15 01:07 - 2015-11-15 01:07 - 101213136 _____ (Viber Media Inc.) C:\Users\user\Downloads\ViberSetup.exe
2015-11-15 01:07 - 2015-11-15 01:07 - 00000000 ____D C:\Users\user\AppData\Local\Package Cache
2015-11-13 20:27 - 2015-11-13 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-13 20:26 - 2015-11-13 20:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-13 19:51 - 2015-11-13 19:51 - 09153168 _____ C:\Users\user\Downloads\brypharmacology1st.zip
2015-11-13 19:48 - 2015-11-13 19:49 - 10613240 _____ C:\Users\user\Downloads\bryneuroanatomy.zip
2015-11-13 19:48 - 2015-11-13 19:48 - 13411640 _____ C:\Users\user\Downloads\bryregional.zip
2015-11-13 19:46 - 2015-11-13 19:46 - 02929695 _____ C:\Users\user\Downloads\brykovacs.zip
2015-11-13 19:44 - 2015-11-13 19:44 - 10250935 _____ C:\Users\user\Downloads\brybones.zip
2015-11-13 18:55 - 2015-11-15 17:31 - 00000000 ____D C:\Users\user\Downloads\gyn
2015-11-13 18:37 - 2015-11-13 18:58 - 00000000 ____D C:\Users\user\Downloads\community
2015-11-13 17:11 - 2015-11-13 17:11 - 00773120 _____ C:\Users\user\Downloads\Viral hepatiis.ppt
2015-11-09 20:32 - 2015-11-09 20:32 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-11-09 15:39 - 2015-11-09 20:58 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-11-09 15:39 - 2015-11-09 15:39 - 00002334 _____ C:\Users\user\Desktop\Chrome App Launcher.lnk
2015-11-09 15:39 - 2015-11-09 15:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-09 15:31 - 2015-11-09 15:32 - 353084892 _____ C:\Users\user\Downloads\Baa Baa Black Sheep and Many More Kids Songs - Popular Nursery Rhymes Collection by ChuChu TV.mp4
2015-11-09 15:19 - 2015-11-09 15:19 - 00001821 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-11-09 15:19 - 2015-11-09 15:19 - 00001821 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-11-09 15:19 - 2015-11-09 15:19 - 00000000 ____D C:\Program Files\Vuze
2015-11-09 15:18 - 2015-11-09 15:18 - 00072496 _____ (Azureus Software, Inc.) C:\Users\user\Downloads\VuzeBittorrentClientInstaller (1).exe
2015-11-08 01:33 - 2015-11-08 01:33 - 01822048 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe
2015-11-08 00:17 - 2015-11-08 00:17 - 00000000 ____D C:\Users\user\.swt
2015-11-08 00:16 - 2015-12-06 01:11 - 00000000 ____D C:\Users\user\AppData\Roaming\Azureus
2015-11-08 00:16 - 2015-12-04 22:40 - 00000000 ____D C:\Users\user\AppData\Local\MalwareProtectionLive
2015-11-08 00:16 - 2015-11-17 23:56 - 00000000 ____D C:\Users\user\Documents\Vuze Downloads
2015-11-08 00:15 - 2015-11-08 00:15 - 00072496 _____ (Azureus Software, Inc.) C:\Users\user\Downloads\VuzeBittorrentClientInstaller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 14:17 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-12-06 14:00 - 2015-11-04 15:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-12-06 13:55 - 2015-04-17 10:40 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2015-12-06 13:52 - 2015-10-11 04:53 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3709492034-2646253011-3486674909-1001
2015-12-06 13:51 - 2014-11-21 04:44 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-06 13:51 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Inf
2015-12-06 13:47 - 2015-11-05 02:23 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-06 13:47 - 2015-10-11 04:48 - 00002262 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Picks Introduction.lnk
2015-12-06 13:47 - 2015-10-11 04:48 - 00001366 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Settings Introduction.lnk
2015-12-06 13:44 - 2015-04-17 10:15 - 00153336 _____ C:\windows\system32\wpbbin.exe
2015-12-06 13:44 - 2015-04-17 10:15 - 00111088 _____ (Lenovo (Beijing) Limited) C:\windows\system32\LenovoCheck.exe
2015-12-06 13:44 - 2015-04-17 10:15 - 00026608 _____ (Lenovo) C:\windows\system32\LenovoUpdate.exe
2015-12-06 13:44 - 2013-08-22 14:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-06 13:39 - 2015-11-05 02:23 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-06 10:46 - 2015-11-04 10:32 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{00023BD4-28D6-41A5-A0AD-B0E6A08BF6D0}
2015-12-06 10:42 - 2015-10-11 04:47 - 00000000 ____D C:\Users\user\AppData\Local\SweetLabs App Platform
2015-12-06 03:58 - 2015-10-11 04:48 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2015-12-06 02:01 - 2015-11-05 02:23 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-12-03 22:34 - 2015-11-05 02:23 - 00003898 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 22:34 - 2015-11-05 02:23 - 00003662 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 18:16 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-12-03 12:36 - 2015-11-05 02:23 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 13:56 - 2013-08-22 15:36 - 00000000 ____D C:\windows\LiveKernelReports
2015-11-28 17:00 - 2015-04-17 10:33 - 00000000 ____D C:\ProgramData\Lenovo
2015-11-21 17:23 - 2015-11-04 20:10 - 00000000 ____D C:\ProgramData\Skype
2015-11-21 14:24 - 2013-08-22 15:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-11-20 23:33 - 2015-04-17 10:40 - 00000000 ____D C:\ProgramData\McAfee
2015-11-20 23:26 - 2015-04-17 10:40 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-20 23:26 - 2013-08-22 14:44 - 00492000 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-20 23:25 - 2015-04-17 10:40 - 00002560 _____ C:\windows\system32\VfService.trf
2015-11-20 23:25 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-20 23:07 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\NDF
2015-11-19 23:01 - 2015-04-17 10:40 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-11-19 23:00 - 2015-11-05 16:00 - 00003064 _____ C:\windows\System32\Tasks\McAfeeLogon
2015-11-19 23:00 - 2015-11-05 16:00 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2015-11-16 20:36 - 2015-11-04 17:56 - 00000000 ____D C:\Users\user\AppData\Local\CyberLink
2015-11-16 20:35 - 2015-04-17 10:45 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-13 20:29 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-11 15:42 - 2013-08-22 15:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-10 15:00 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-10 01:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\rescache
2015-11-09 15:55 - 2015-11-04 20:08 - 00002410 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-11-08 01:23 - 2015-10-11 04:48 - 00001561 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-07 01:28 - 2013-08-22 15:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-07 01:28 - 2013-08-22 13:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-11-07 00:42 - 2015-11-04 14:08 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieUserList
2015-11-07 00:42 - 2015-11-04 14:08 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieBrowserModeList
2015-11-07 00:42 - 2015-11-04 14:07 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList
2015-11-07 00:42 - 2015-11-04 14:07 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList
2015-11-07 00:42 - 2015-11-04 14:07 - 00000000 __SHD C:\Users\user\AppData\Local\EmieBrowserModeList
2015-11-07 00:42 - 2015-11-04 14:06 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieSiteList
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbmwkxu.dll
C:\Users\user\AppData\Local\Temp\i4jdel0.exe
C:\Users\user\AppData\Local\Temp\som_fs.exe
C:\Users\user\AppData\Local\Temp\som_mp4_encoder_2.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-29 05:35
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 07 December 2015 - 10:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this programs in bold via the Programs and Features applet.
(Pokki) C:\Users\user\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVdF8OUA4SGRhAcw1bTA0SRQUOeFoJUhREGQITI1gMUgtAF1AFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==
SearchScopes: HKLM -> DefaultScope {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKLM -> {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> DefaultScope {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> OldSearch URL =
BHO-x32: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files (x86)\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll => No File
S3 AvgAMPS; "C:\Program Files (x86)\AVG\Av\avgamps.exe" [X]
C:\Users\user\AppData\Local\SweetLabs App Platform

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Please post also in your next reply the Addition.txt file that was created by the Farbar tool.

How is the computer running now?

#3 Sazal

Sazal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 09 December 2015 - 01:01 PM

Thank you for your quick reply. I followed the instructions you sent and so far I have not had any problems.

Attached is the fixlog file.

This is the content from the log file from the adwcleaner.

 

 

  # AdwCleaner v5.024 - Logfile created 09/12/2015 at 17:32:38

# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : user - LENOVO-PC
# Running from : C:\Users\user\Downloads\adwcleaner_5.024.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\users\user\AppData\Local\MalwareProtectionLive
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395DA725-A162-43FF-B885-27BD92F112E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04FEAF9C-DC32-41C7-95CA-790E93488E7D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395DA725-A162-43FF-B885-27BD92F112E8}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7AEE52B6-5F6B-4CCC-B18A-FB69DFB1A458}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2145 bytes] ##########
 
If I would like advice concerning something else do I post it as a reply or start a new topic?

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 10 December 2015 - 08:36 AM

Good work.

If you have any questions please post it here.
I will answer it if I can, or advise you where you were to go.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 15 December 2015 - 07:48 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 21 December 2015 - 09:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users