Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirects to ads that wont let me do close them


  • This topic is locked This topic is locked
1 reply to this topic

#1 Sazal

Sazal

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 06 December 2015 - 09:47 AM

When I search for something on google it redirects me to another site usually an ad, but sometimes it also redirects me to a webpage that i cannot reach the bottom of it while in laptop mode, this website also make beeping noises. Only when I change to tablet mode and use the laptop in a vertical position I am able to reach the bottom and click the box and it will then disappear.

I did not think it was anything but I then searched online for anyone experiencing a similar problem and was shocked to discover it was a virus. So I downloaded a few virus checkers but they did not find anything. I tried TDSSKILLER and GMER but nothing was found. So please can you help me.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by user (administrator) on LENOVO-PC (06-12-2015 14:17:35)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PaperDisplay\x86\PaperLookingSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
() C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Pokki) C:\Users\user\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
() C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\user\AppData\Local\Viber\Viber.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Skype Technologies S.A.) C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\SkypeShell.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [609200 2015-03-01] (Waves Audio Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-09-19] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791368 2015-04-17] ()
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe [107776 2015-01-15] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-04-17] (Lenovo)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [559896 2014-11-19] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [HarmonyPicks] => C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe [5243160 2014-12-24] (Lenovo)
HKLM-x32\...\Run: [HarmonySetting] => C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe [2696448 2015-01-04] (Lenovo)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\...\Run: [Viber] => C:\Users\user\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{438CAF58-9C79-459C-A4BB-DD36C8CC02B0}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{A54EF39F-172C-42D9-BA10-A6A82591B4FF}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVdF8OUA4SGRhAcw1bTA0SRQUOeFoJUhREGQITI1gMUgtAF1AFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==
hxxp://mystart.lenovo.com
HKU\S-1-5-21-3709492034-2646253011-3486674909-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> DefaultScope {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> OldSearch URL = 
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> {2B5723F5-CEE0-4D5D-BA83-27B2442D3D1F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ8MBw9AFlYbbVoLVVpcFVZHcBQAAghCDAAbdwlbAA1CEwQVJR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3709492034-2646253011-3486674909-1001 -> {7AEE52B6-5F6B-4CCC-B18A-FB69DFB1A458} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-11-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-11-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files (x86)\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-11-13] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-09-28] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3709492034-2646253011-3486674909-1001: SkypePlugin -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi.dll [2015-10-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3709492034-2646253011-3486674909-1001: SkypePlugin64 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi-x64.dll [2015-10-22] (Skype Technologies S.A.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-20] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/?type=994519&fr=yo-yhp-ch
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (Skype Calling) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-04]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-05]
CHR Extension: (Readium) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-06]
CHR Extension: (Apps Launcher) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2015-11-09]
CHR Extension: (Sticky Notes) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbjdhgkkhefpifbifjiflpaajchdkhpg [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-05]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [599024 2014-08-05] (Lenovo Corporation)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [624568 2015-02-12] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [448400 2014-03-24] (Nuance Communications, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-24] (Dropbox, Inc.)
R2 esifsvc; C:\windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191512 2014-11-20] (Lenovo) [File not signed]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1115064 2015-02-12] ()
R2 HarmonySettingService; C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe [17688 2014-12-24] (Lenovo) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-13] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2014-12-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-10-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2544408 2014-11-19] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2005320 2014-10-13] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [727536 2014-08-05] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-04-17] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2015-12-06] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-26] (Lenovo(beijing) Limited)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-17] (Lenovo(beijing) Limited)
R2 PaperLookingSrv; C:\Program Files (x86)\Lenovo\PaperDisplay\x86\PaperLookingSrv.exe [173848 2014-11-25] (Lenovo)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [524552 2014-05-28] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-04-17] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-04-17] (Lenovo)
S2 PLHotkeyService; C:\Program Files (x86)\Lenovo\PaperDisplay\x86\PLHotkeyService.exe [26392 2014-11-25] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-04-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32512 2015-01-15] (Lenovo)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
S3 AvgAMPS; "C:\Program Files (x86)\AVG\Av\avgamps.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2014-11-20] (Windows ® Win 7 DDK provider) [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [219592 2014-08-13] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79528 2014-09-04] (Intel Corporation)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2015-01-20] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-09-19] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [694944 2014-11-06] (Sunplus)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 14:17 - 2015-12-06 14:18 - 00033620 _____ C:\Users\user\Downloads\FRST.txt
2015-12-06 14:17 - 2015-12-06 14:17 - 00000000 ____D C:\FRST
2015-12-06 14:16 - 2015-12-06 14:16 - 02369024 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-12-06 13:50 - 2015-12-06 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-06 13:44 - 2015-12-06 13:44 - 00291472 _____ C:\windows\Minidump\120615-5000-01.dmp
2015-12-06 06:48 - 2015-12-06 06:50 - 00249022 _____ C:\TDSSKiller.3.1.0.7_06.12.2015_06.48.46_log.txt
2015-12-06 03:44 - 2015-12-06 03:44 - 04400959 _____ C:\Users\user\Downloads\attachment_73890587961292fd6375e354bb70ea2e
2015-12-06 03:23 - 2015-12-06 03:23 - 08064462 _____ C:\Users\user\Downloads\Muscle Rap!.mp4
2015-12-06 03:04 - 2015-12-06 03:04 - 06263957 _____ C:\Users\user\Downloads\The Heart Song.mp4
2015-12-06 03:02 - 2015-12-06 03:03 - 239792312 _____ C:\Users\user\Downloads\Atrial Fibrillation made simple Part 2.mp4
2015-12-06 03:01 - 2015-12-06 03:02 - 119152233 _____ C:\Users\user\Downloads\Atrial Fibrillation made simple Part 1.mp4
2015-12-06 02:56 - 2015-12-06 02:56 - 04194649 _____ C:\Users\user\Downloads\The ST Elevation Song!  (What to Look for on an EKG).mp4
2015-12-06 02:51 - 2015-12-06 02:51 - 43438863 _____ C:\Users\user\Downloads\Pneumonia Explained Clearly - 3 of 3.mp4
2015-12-06 02:50 - 2015-12-06 02:50 - 67358595 _____ C:\Users\user\Downloads\Pneumonia Explained Clearly - 2 of 3.mp4
2015-12-06 01:27 - 2015-12-06 13:44 - 00000000 ____D C:\windows\Minidump
2015-12-06 01:27 - 2015-12-06 01:27 - 01214680 _____ C:\windows\Minidump\120615-7812-01.dmp
2015-12-06 00:58 - 2015-12-06 00:58 - 46683339 _____ C:\Users\user\Downloads\Pneumonia Explained Clearly.mp4
2015-12-06 00:57 - 2015-12-06 00:57 - 40845323 _____ C:\Users\user\Downloads\Heart Failure Explained Clearly - 3 of 3.mp4
2015-12-06 00:56 - 2015-12-06 00:56 - 58681119 _____ C:\Users\user\Downloads\Heart Failure Explained Clearly - 2 of 3.mp4
2015-12-06 00:50 - 2015-12-06 00:50 - 43864916 _____ C:\Users\user\Downloads\Heart Failure Explained Clearly.mp4
2015-12-06 00:31 - 2015-12-06 00:33 - 00249152 _____ C:\TDSSKiller.3.1.0.7_06.12.2015_00.31.49_log.txt
2015-12-06 00:31 - 2015-12-06 00:31 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2015-12-06 00:03 - 2015-12-06 00:04 - 00380416 _____ C:\Users\user\Downloads\76epo01w.exe
2015-12-04 12:52 - 2015-12-04 13:24 - 00000000 ____D C:\Users\user\Documents\UserTesting
2015-12-04 12:48 - 2015-12-04 13:06 - 00000000 ____D C:\Users\user\AppData\Local\UserTestingPlugin
2015-12-04 12:48 - 2015-12-04 12:48 - 24394248 _____ C:\Users\user\Downloads\InstallUserTestingPlugin-v1.8.exe
2015-12-04 00:56 - 2015-12-04 00:56 - 00049701 _____ C:\Users\user\Downloads\Police_report_Mark_bristow_ENG_sh1t_translation.pdf
2015-12-03 19:13 - 2015-12-03 19:13 - 02334665 _____ C:\Users\user\Downloads\attachment_303704861e24213ec3989bd1d34dbc42.pdf
2015-12-03 01:43 - 2015-12-03 01:43 - 57899340 _____ C:\Users\user\Downloads\Asthma Explained Clearly - 2 of 2.mp4
2015-12-03 01:43 - 2015-12-03 01:43 - 45901655 _____ C:\Users\user\Downloads\Asthma Explained Clearly.mp4
2015-12-03 01:42 - 2015-12-03 01:42 - 42099100 _____ C:\Users\user\Downloads\Jugular Venous Pulse (JVP) Explained Clearly - 2 of 2.mp4
2015-12-03 01:42 - 2015-12-03 01:42 - 41620468 _____ C:\Users\user\Downloads\Jugular Venous Pulse (JVP) Explained Clearly.mp4
2015-12-03 01:01 - 2015-12-03 01:01 - 46473679 _____ C:\Users\user\Downloads\Pulmonary Embolism Explained Clearly - 4 of 4.mp4
2015-12-03 01:01 - 2015-12-03 01:01 - 42502750 _____ C:\Users\user\Downloads\Pulmonary Embolism Explained Clearly - 3 of 4.mp4
2015-12-03 01:01 - 2015-12-03 01:01 - 40333742 _____ C:\Users\user\Downloads\Pulmonary Embolism Explained Clearly - 2 of 4.mp4
2015-12-03 01:00 - 2015-12-03 01:00 - 38013380 _____ C:\Users\user\Downloads\Pulmonary Embolism Explained Clearly.mp4
2015-12-03 00:57 - 2015-12-03 00:57 - 20233892 _____ C:\Users\user\Downloads\CT Scan of the Chest Explained Clearly.mp4
2015-12-03 00:37 - 2015-12-03 00:37 - 48997692 _____ C:\Users\user\Downloads\Diabetic Ketoacidosis (DKA) Treatment Explained Clearly.mp4
2015-12-03 00:36 - 2015-12-03 00:37 - 54104659 _____ C:\Users\user\Downloads\Diabetic Ketoacidosis (DKA) Explained Clearly.mp4
2015-12-03 00:36 - 2015-12-03 00:36 - 29970312 _____ C:\Users\user\Downloads\Hypoxemia Explained Clearly.mp4
2015-12-03 00:32 - 2015-12-03 00:32 - 74269002 _____ C:\Users\user\Downloads\Shock Explained Clearly.mp4
2015-12-03 00:31 - 2015-12-03 00:31 - 78385839 _____ C:\Users\user\Downloads\Shock and Sepsis Treatment Explained Clearly.mp4
2015-12-02 21:06 - 2015-12-02 21:06 - 00461514 _____ C:\Users\user\Downloads\attachment_141006586f2334e69bde2e9c54af92c2.pdf
2015-12-02 19:50 - 2015-12-04 12:54 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2015-12-02 19:45 - 2015-12-02 19:45 - 00143357 _____ C:\Users\user\Downloads\microsoftaccounts.diagcab
2015-11-30 20:08 - 2015-12-02 13:57 - 00032256 _____ C:\Users\user\Documents\Keywords.xls
2015-11-30 02:19 - 2015-11-30 02:19 - 00000000 ____D C:\Users\user\Downloads\Medcram
2015-11-30 01:57 - 2015-11-30 01:57 - 12030721 _____ C:\Users\user\Downloads\NeprOtic syndromes.mp4
2015-11-30 01:38 - 2015-11-30 01:38 - 38167742 _____ C:\Users\user\Downloads\Pericarditis - USMLE Step 2 Review.mp4
2015-11-30 01:17 - 2015-11-30 01:18 - 74164559 _____ C:\Users\user\Downloads\Interpretation of ECG.mp4
2015-11-30 01:16 - 2015-11-30 01:16 - 15351341 _____ C:\Users\user\Downloads\Zollinger-Ellison Syndrome.mp4
2015-11-30 01:15 - 2015-11-30 01:16 - 68605687 _____ C:\Users\user\Downloads\Chest X-Ray (CXR) Analysis in a Nutshell.mp4
2015-11-29 22:36 - 2015-11-29 22:36 - 03440128 _____ C:\Users\user\Downloads\MND.ppt
2015-11-29 22:36 - 2015-11-29 22:36 - 02608128 _____ C:\Users\user\Downloads\Lec 1. Congenital  Respiratory disorders_Masters (1).ppt
2015-11-29 22:36 - 2015-11-29 22:36 - 02421248 _____ C:\Users\user\Downloads\Lecture 2. Upper respiratory tract infections (1).ppt
2015-11-29 22:35 - 2015-11-29 22:36 - 09178624 _____ C:\Users\user\Downloads\spinal cord lesion 2.ppt
2015-11-29 22:35 - 2015-11-29 22:35 - 06066688 _____ C:\Users\user\Downloads\Neuromuscular dis.ppt
2015-11-29 22:35 - 2015-11-29 22:35 - 00717824 _____ C:\Users\user\Downloads\Ataxia.ppt
2015-11-29 22:35 - 2015-11-29 22:35 - 00069120 _____ C:\Users\user\Downloads\neuropathy.ppt
2015-11-29 22:34 - 2015-11-29 22:35 - 12172288 _____ C:\Users\user\Downloads\gyni..ppt
2015-11-29 10:54 - 2015-11-29 10:54 - 00226708 _____ C:\Users\user\Downloads\attachment_145499c9feeb7c9daa6209f563157211.pdf
2015-11-27 09:50 - 2015-11-27 09:50 - 00348160 _____ C:\Users\user\Documents\Database1.accdb
2015-11-24 18:32 - 2015-11-24 18:32 - 00274927 _____ C:\Users\user\Downloads\attachment_e2e14fdded91b39a638916672d6f8e59.pdf
2015-11-24 18:08 - 2015-12-06 13:48 - 00000000 ___RD C:\Users\user\Dropbox
2015-11-24 18:08 - 2015-11-24 18:08 - 00001257 _____ C:\Users\user\Desktop\Dropbox.lnk
2015-11-24 18:07 - 2015-11-24 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-24 18:06 - 2015-11-24 18:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2015-11-24 17:58 - 2015-12-06 14:03 - 00000924 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-24 17:58 - 2015-12-06 13:48 - 00000000 ____D C:\Users\user\AppData\Local\Dropbox
2015-11-24 17:58 - 2015-12-06 13:47 - 00000920 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-24 17:58 - 2015-11-24 18:07 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-24 17:58 - 2015-11-24 17:58 - 00660960 _____ (Dropbox, Inc.) C:\Users\user\Downloads\DropboxInstaller.exe
2015-11-24 17:58 - 2015-11-24 17:58 - 00003896 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-11-24 17:58 - 2015-11-24 17:58 - 00003660 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-11-24 17:58 - 2015-11-24 17:58 - 00000000 ____D C:\ProgramData\Dropbox
2015-11-23 15:16 - 2015-11-23 15:16 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sun
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 15:16 - 2015-11-23 15:16 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 15:15 - 2015-11-23 15:15 - 00000000 ____D C:\Users\user\AppData\LocalLow\Oracle
2015-11-22 13:15 - 2015-11-22 13:16 - 90542657 _____ C:\Users\user\Downloads\Arabic copy check.zip
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\Users\user\AppData\Local\WinZip
2015-11-21 21:41 - 2015-11-21 21:41 - 06447834 _____ C:\Users\user\Downloads\attachment_7aa78be348beca2b11e4b27c4e2da03c
2015-11-21 01:00 - 2015-11-21 01:00 - 00000000 ____D C:\Users\user\AppData\Roaming\TuneUp Software
2015-11-21 00:51 - 2015-11-21 14:29 - 00000000 ____D C:\ProgramData\MFAData
2015-11-21 00:51 - 2015-11-21 00:51 - 00000000 ____D C:\Users\user\AppData\Local\MFAData
2015-11-21 00:50 - 2015-11-21 00:50 - 00000950 _____ C:\Users\Public\Desktop\AVG.lnk
2015-11-21 00:50 - 2015-11-21 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-11-21 00:47 - 2015-11-21 01:00 - 00000000 ____D C:\ProgramData\Avg
2015-11-21 00:47 - 2015-11-21 00:59 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-21 00:00 - 2015-11-21 14:29 - 00000000 ____D C:\Users\user\AppData\Local\AvgSetupLog
2015-11-21 00:00 - 2015-11-21 00:00 - 00000000 ____D C:\Users\user\AppData\Local\Avg
2015-11-20 23:59 - 2015-11-21 00:00 - 02924672 _____ (AVG Technologies) C:\Users\user\Downloads\AVG_Protection_Free_698.exe
2015-11-20 23:17 - 2015-11-20 23:17 - 00000000 ____D C:\Users\user\Documents\Custom Office Templates
2015-11-18 14:10 - 2015-11-18 14:10 - 00489377 _____ C:\Users\user\Documents\Kij9MKyiq.jpeg
2015-11-18 12:25 - 2015-11-18 12:25 - 02421248 _____ C:\Users\user\Downloads\Lecture 2. Upper respiratory tract infections.ppt
2015-11-18 12:24 - 2015-11-18 12:24 - 15714304 _____ C:\Users\user\Downloads\renal.ppt
2015-11-18 12:24 - 2015-11-18 12:24 - 14667264 _____ C:\Users\user\Downloads\obs.ppt
2015-11-18 12:24 - 2015-11-18 12:24 - 04212736 _____ C:\Users\user\Downloads\Movement disorders 2012.ppt
2015-11-18 12:24 - 2015-11-18 12:24 - 02608128 _____ C:\Users\user\Downloads\Lec 1. Congenital  Respiratory disorders_Masters.ppt
2015-11-18 00:11 - 2015-11-18 00:12 - 00000000 ____D C:\ProgramData\WinZip
2015-11-18 00:11 - 2015-11-18 00:11 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-11-18 00:11 - 2015-11-18 00:11 - 00002008 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-11-18 00:11 - 2015-11-18 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-11-18 00:11 - 2015-11-18 00:11 - 00000000 ____D C:\Program Files (x86)\WinZip
2015-11-17 23:47 - 2015-11-17 23:47 - 77074336 _____ C:\Users\user\Downloads\Surgical Recall 7th Edition 2014 PDF.rar
2015-11-15 18:19 - 2015-11-17 23:05 - 00000000 ____D C:\Users\user\Downloads\surgery
2015-11-15 18:11 - 2015-11-17 23:01 - 00000000 ____D C:\Users\user\Downloads\radiology
2015-11-15 18:00 - 2015-11-15 18:04 - 00000000 ____D C:\Users\user\Downloads\paed
2015-11-15 17:25 - 2015-11-15 17:59 - 00000000 ____D C:\Users\user\Downloads\internal medicine
2015-11-15 01:09 - 2015-12-06 00:29 - 00000000 ____D C:\Users\user\Documents\ViberDownloads
2015-11-15 01:08 - 2015-12-06 13:47 - 00000000 ____D C:\Users\user\AppData\Roaming\ViberPC
2015-11-15 01:08 - 2015-11-15 01:08 - 00000978 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2015-11-15 01:08 - 2015-11-15 01:08 - 00000976 _____ C:\Users\user\Desktop\Viber.lnk
2015-11-15 01:08 - 2015-11-15 01:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2015-11-15 01:07 - 2015-12-02 15:18 - 00000000 ____D C:\Users\user\AppData\Local\Viber
2015-11-15 01:07 - 2015-11-15 01:07 - 101213136 _____ (Viber Media Inc.) C:\Users\user\Downloads\ViberSetup.exe
2015-11-15 01:07 - 2015-11-15 01:07 - 00000000 ____D C:\Users\user\AppData\Local\Package Cache
2015-11-13 20:27 - 2015-11-13 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-13 20:26 - 2015-11-13 20:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-13 19:51 - 2015-11-13 19:51 - 09153168 _____ C:\Users\user\Downloads\brypharmacology1st.zip
2015-11-13 19:48 - 2015-11-13 19:49 - 10613240 _____ C:\Users\user\Downloads\bryneuroanatomy.zip
2015-11-13 19:48 - 2015-11-13 19:48 - 13411640 _____ C:\Users\user\Downloads\bryregional.zip
2015-11-13 19:46 - 2015-11-13 19:46 - 02929695 _____ C:\Users\user\Downloads\brykovacs.zip
2015-11-13 19:44 - 2015-11-13 19:44 - 10250935 _____ C:\Users\user\Downloads\brybones.zip
2015-11-13 18:55 - 2015-11-15 17:31 - 00000000 ____D C:\Users\user\Downloads\gyn
2015-11-13 18:37 - 2015-11-13 18:58 - 00000000 ____D C:\Users\user\Downloads\community
2015-11-13 17:11 - 2015-11-13 17:11 - 00773120 _____ C:\Users\user\Downloads\Viral hepatiis.ppt
2015-11-09 20:32 - 2015-11-09 20:32 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-11-09 15:39 - 2015-11-09 20:58 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-11-09 15:39 - 2015-11-09 15:39 - 00002334 _____ C:\Users\user\Desktop\Chrome App Launcher.lnk
2015-11-09 15:39 - 2015-11-09 15:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-09 15:31 - 2015-11-09 15:32 - 353084892 _____ C:\Users\user\Downloads\Baa Baa Black Sheep and Many More Kids Songs - Popular Nursery Rhymes Collection by ChuChu TV.mp4
2015-11-09 15:19 - 2015-11-09 15:19 - 00001821 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-11-09 15:19 - 2015-11-09 15:19 - 00001821 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-11-09 15:19 - 2015-11-09 15:19 - 00000000 ____D C:\Program Files\Vuze
2015-11-09 15:18 - 2015-11-09 15:18 - 00072496 _____ (Azureus Software, Inc.) C:\Users\user\Downloads\VuzeBittorrentClientInstaller (1).exe
2015-11-08 01:33 - 2015-11-08 01:33 - 01822048 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe
2015-11-08 00:17 - 2015-11-08 00:17 - 00000000 ____D C:\Users\user\.swt
2015-11-08 00:16 - 2015-12-06 01:11 - 00000000 ____D C:\Users\user\AppData\Roaming\Azureus
2015-11-08 00:16 - 2015-12-04 22:40 - 00000000 ____D C:\Users\user\AppData\Local\MalwareProtectionLive
2015-11-08 00:16 - 2015-11-17 23:56 - 00000000 ____D C:\Users\user\Documents\Vuze Downloads
2015-11-08 00:15 - 2015-11-08 00:15 - 00072496 _____ (Azureus Software, Inc.) C:\Users\user\Downloads\VuzeBittorrentClientInstaller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 14:17 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-12-06 14:00 - 2015-11-04 15:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-12-06 13:55 - 2015-04-17 10:40 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2015-12-06 13:52 - 2015-10-11 04:53 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3709492034-2646253011-3486674909-1001
2015-12-06 13:51 - 2014-11-21 04:44 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-06 13:51 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Inf
2015-12-06 13:47 - 2015-11-05 02:23 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-06 13:47 - 2015-10-11 04:48 - 00002262 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Picks Introduction.lnk
2015-12-06 13:47 - 2015-10-11 04:48 - 00001366 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Settings Introduction.lnk
2015-12-06 13:44 - 2015-04-17 10:15 - 00153336 _____ C:\windows\system32\wpbbin.exe
2015-12-06 13:44 - 2015-04-17 10:15 - 00111088 _____ (Lenovo (Beijing) Limited) C:\windows\system32\LenovoCheck.exe
2015-12-06 13:44 - 2015-04-17 10:15 - 00026608 _____ (Lenovo) C:\windows\system32\LenovoUpdate.exe
2015-12-06 13:44 - 2013-08-22 14:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-06 13:39 - 2015-11-05 02:23 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-06 10:46 - 2015-11-04 10:32 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{00023BD4-28D6-41A5-A0AD-B0E6A08BF6D0}
2015-12-06 10:42 - 2015-10-11 04:47 - 00000000 ____D C:\Users\user\AppData\Local\SweetLabs App Platform
2015-12-06 03:58 - 2015-10-11 04:48 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2015-12-06 02:01 - 2015-11-05 02:23 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-12-03 22:34 - 2015-11-05 02:23 - 00003898 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 22:34 - 2015-11-05 02:23 - 00003662 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 18:16 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-12-03 12:36 - 2015-11-05 02:23 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 13:56 - 2013-08-22 15:36 - 00000000 ____D C:\windows\LiveKernelReports
2015-11-28 17:00 - 2015-04-17 10:33 - 00000000 ____D C:\ProgramData\Lenovo
2015-11-21 17:23 - 2015-11-04 20:10 - 00000000 ____D C:\ProgramData\Skype
2015-11-21 14:24 - 2013-08-22 15:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-11-20 23:33 - 2015-04-17 10:40 - 00000000 ____D C:\ProgramData\McAfee
2015-11-20 23:26 - 2015-04-17 10:40 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-20 23:26 - 2013-08-22 14:44 - 00492000 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-20 23:25 - 2015-04-17 10:40 - 00002560 _____ C:\windows\system32\VfService.trf
2015-11-20 23:25 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-20 23:07 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\NDF
2015-11-19 23:01 - 2015-04-17 10:40 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-11-19 23:00 - 2015-11-05 16:00 - 00003064 _____ C:\windows\System32\Tasks\McAfeeLogon
2015-11-19 23:00 - 2015-11-05 16:00 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2015-11-16 20:36 - 2015-11-04 17:56 - 00000000 ____D C:\Users\user\AppData\Local\CyberLink
2015-11-16 20:35 - 2015-04-17 10:45 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-13 20:29 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-11 15:42 - 2013-08-22 15:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-10 15:00 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-10 01:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\rescache
2015-11-09 15:55 - 2015-11-04 20:08 - 00002410 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-11-08 01:23 - 2015-10-11 04:48 - 00001561 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-07 01:28 - 2013-08-22 15:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-07 01:28 - 2013-08-22 13:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-11-07 00:42 - 2015-11-04 14:08 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieUserList
2015-11-07 00:42 - 2015-11-04 14:08 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieBrowserModeList
2015-11-07 00:42 - 2015-11-04 14:07 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList
2015-11-07 00:42 - 2015-11-04 14:07 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList
2015-11-07 00:42 - 2015-11-04 14:07 - 00000000 __SHD C:\Users\user\AppData\Local\EmieBrowserModeList
2015-11-07 00:42 - 2015-11-04 14:06 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieSiteList
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbmwkxu.dll
C:\Users\user\AppData\Local\Temp\i4jdel0.exe
C:\Users\user\AppData\Local\Temp\som_fs.exe
C:\Users\user\AppData\Local\Temp\som_mp4_encoder_2.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-29 05:35
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 PM

Posted 07 December 2015 - 10:50 AM

Duplicate this topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users