Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups and redirects - more than one infection (I think)


  • This topic is locked This topic is locked
10 replies to this topic

#1 neil1

neil1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 27 December 2015 - 05:43 AM

Hi guys,

 

So I've got Google and other sites randomly redirecting to scammy-looking sales pages, and popups appear stating that various issues are occurring. Sometimes an Offers4U window appears over pages as well.

 

Note: Just read that I should mention specific issues so I'll give a couple of examples:

 

- A popup that says to call a number because something is being blocked (couldn't copy and paste or copy directly, as it wouldn't let me do anything until I closed it)

- A website was redirected to a page called 2015 Annual Visitor Survey, asking questions and promising a prize

- An ad appears at the top of the page with "Ads by DNS-Keeper" in the corneer.

 

I normally keep things under control with AVG, MalwareBytes, and Adwcleaner. However, none of these are picking up anything. 

 

Thanks in advance!

 

Here are the contents of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by neil (administrator) on NEIL-WIN7 (27-12-2015 21:32:05)
Running from C:\Users\neil\Downloads
Loaded Profiles: neil (Available Profiles: neil)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\neil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-08-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119872 2015-11-12] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-09] (Dropbox, Inc.)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [Spotify Web Helper] => C:\Users\neil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-21] (Spotify Ltd)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [uTorrent] => C:\Users\neil\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-25] (BitTorrent Inc.)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [GoogleChromeAutoLaunch_941D50D7A4ED5B16E198FA23E3479587] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [Google Update] => C:\Users\neil\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-20] (Google Inc.)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-06-21]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-4058758161-2977935132-2057762346-1001] => eduproxy:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6a90c12a-b2a2-48d6-ae62-97a355d0ca51}: [DhcpNameServer] 10.138.40.38 10.138.40.35
Tcpip\..\Interfaces\{75a351ab-a320-47d4-b5d1-d3b122377f26}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6F5887F5-DA9C-49BB-BC00-BBE1841AD14D}&mid=5a445081b81447d29dc524fed38defa1-fb75dd54eb1ac2fe2bdeec03e3e860caeefe8e86&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-13 11:17:56&v=4.1.4.948&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001 -> DefaultScope {3129578A-DF02-4617-8BB8-7190094A5177} URL = 
SearchScopes: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001 -> {3129578A-DF02-4617-8BB8-7190094A5177} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [2014-01-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [2014-01-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-25] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4058758161-2977935132-2057762346-1001: @citrixonline.com/appdetectorplugin -> C:\Users\neil\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-4058758161-2977935132-2057762346-1001: @tools.google.com/Google Update;version=3 -> C:\Users\neil\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-4058758161-2977935132-2057762346-1001: @tools.google.com/Google Update;version=9 -> C:\Users\neil\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-12] ()
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-19] [not signed]
 
Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://google.com.au/
CHR StartupUrls: Profile 2 -> "hxxp://google.com.au/"
CHR Profile: C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (Dimensions) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\baocaagndhipibgklemoalmkljaimfdj [2014-10-22]
CHR Extension: (Hootsuite Hootlet) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (Stop Tony Meow) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dilmdkcidhplbhnpehjmiahegnkpilnf [2014-05-20]
CHR Extension: (Bye Rupert) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdikikkfbfjjemfadgggcohkjoggoof [2014-12-29]
CHR Extension: (Page Analytics (by Google)) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2014-10-27]
CHR Extension: (Pin It Button) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-13]
CHR Extension: (InstaTwit) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhalcamddihdpdgdjkjbgikgobnbbpif [2014-05-30]
CHR Extension: (Google Keep - notes and lists) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-03-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-06-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-10-16]
CHR Extension: (Google Wallet) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-13]
CHR Extension: (Buffer) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2015-02-27]
CHR Extension: (Gmail) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-13]
CHR Profile: C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-14]
CHR Extension: (Docs) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-14]
CHR Extension: (Google Drive) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-14]
CHR Extension: (Google Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-14]
CHR Extension: (Google Sheets) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-14]
CHR Extension: (Gmail) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-14]
CHR Profile: C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (Google Drive) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Dimensions) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\baocaagndhipibgklemoalmkljaimfdj [2015-07-16]
CHR Extension: (ColorZilla) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-06-26]
CHR Extension: (Hootsuite Hootlet) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2015-12-18]
CHR Extension: (YouTube) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Cast) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-12]
CHR Extension: (OneTab) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-03-14]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-12-25]
CHR Extension: (Google Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (FB Pixel Helper) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-12-04]
CHR Extension: (Google Sheets) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Page Analytics (by Google)) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Tailwind Publisher) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkbhgdhhefdphpikedbinecandoigdel [2015-12-12]
CHR Extension: (Pin It Button) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (TweetDeck by Twitter) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-09-15]
CHR Extension: (Google Keep - notes and lists) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-12-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-03-14]
CHR Extension: (Giphy for Chrome) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jlleokkdhkflpmghiioglgmnminbekdi [2015-09-17]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2015-12-25]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2015-03-14]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-05-29]
CHR Extension: (AVG Secure Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Buffer) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2015-11-21]
CHR Extension: (Gmail) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-05-16] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-15] (Intel Corporation)
R2 MySQL; c:\program files (x86)\mysql\mysql server 5.6\bin\mysqld.exe [10982912 2014-07-18] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-12] (Synaptics Incorporated)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-13] (Acer Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-07-10] (ASIX Electronics Corp.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-27] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-12] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-12-27] ()
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-27 21:23 - 2015-12-27 21:23 - 00016148 _____ C:\WINDOWS\system32\NEIL-WIN7_neil_HistoryPrediction.bin
2015-12-27 20:36 - 2015-12-27 20:37 - 00065470 _____ C:\Users\neil\Downloads\Addition.txt
2015-12-27 20:35 - 2015-12-27 21:32 - 00039154 _____ C:\Users\neil\Downloads\FRST.txt
2015-12-27 20:35 - 2015-12-27 21:32 - 00000000 ____D C:\FRST
2015-12-27 20:35 - 2015-12-27 20:35 - 02370560 _____ (Farbar) C:\Users\neil\Downloads\FRST64.exe
2015-12-27 20:27 - 2015-12-27 20:27 - 00000000 _____ C:\autoexec.bat
2015-12-27 20:25 - 2015-12-27 20:25 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\neil\Downloads\SpyHunter-Installer.exe
2015-12-27 20:25 - 2015-12-27 20:25 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-27 18:59 - 2015-12-27 19:24 - 00000000 ____D C:\Users\neil\AppData\Local\NPE
2015-12-27 18:59 - 2015-12-27 18:59 - 03088296 _____ (Symantec Corporation) C:\Users\neil\Downloads\NPE.exe
2015-12-27 18:25 - 2015-12-27 18:27 - 22908888 _____ (Malwarebytes ) C:\Users\neil\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-27 17:25 - 2015-12-27 17:25 - 00000000 ____D C:\Users\neil\Dropbox\PHOTOS TO SORT & USE
2015-12-26 19:19 - 2015-12-26 19:19 - 00000000 ____D C:\Users\neil\Dropbox\TO WATCH
2015-12-23 16:08 - 2015-12-23 16:43 - 00000000 ____D C:\Users\neil\Dropbox\Mermaid Pools - Sussex
2015-12-18 20:30 - 2015-12-27 21:02 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-12-12 16:22 - 2015-12-12 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-12 16:13 - 2015-12-12 16:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-12 16:13 - 2015-12-12 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-09 18:21 - 2015-12-01 16:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 18:21 - 2015-12-01 15:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 18:21 - 2015-11-25 16:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 18:21 - 2015-11-25 16:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 18:21 - 2015-11-25 16:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 18:21 - 2015-11-25 16:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 18:21 - 2015-11-25 15:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 18:21 - 2015-11-25 15:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 18:21 - 2015-11-25 15:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 18:21 - 2015-11-25 15:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 18:21 - 2015-11-25 15:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 18:21 - 2015-11-25 15:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 18:21 - 2015-11-25 15:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 18:21 - 2015-11-25 15:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 18:21 - 2015-11-25 15:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 18:21 - 2015-11-25 15:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 18:21 - 2015-11-25 15:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 18:21 - 2015-11-25 15:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 18:21 - 2015-11-25 15:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 18:21 - 2015-11-25 15:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 18:21 - 2015-11-25 15:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 18:21 - 2015-11-25 15:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 18:21 - 2015-11-25 15:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 18:21 - 2015-11-25 15:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 18:21 - 2015-11-25 15:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 18:21 - 2015-11-25 15:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 18:21 - 2015-11-25 15:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 18:21 - 2015-11-25 15:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 18:20 - 2015-12-01 18:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 18:20 - 2015-12-01 17:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 18:20 - 2015-12-01 16:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 18:20 - 2015-12-01 16:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 18:20 - 2015-12-01 16:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 18:20 - 2015-11-25 16:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 18:20 - 2015-11-25 16:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 18:20 - 2015-11-25 16:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 18:20 - 2015-11-25 16:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 18:20 - 2015-11-25 16:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 18:20 - 2015-11-25 16:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 18:20 - 2015-11-25 16:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 18:20 - 2015-11-25 15:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 18:20 - 2015-11-25 15:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 18:20 - 2015-11-25 15:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 18:20 - 2015-11-25 15:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 18:20 - 2015-11-25 15:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 18:20 - 2015-11-25 15:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 18:20 - 2015-11-25 15:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 18:20 - 2015-11-25 15:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 18:20 - 2015-11-25 15:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 18:20 - 2015-11-25 15:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 18:20 - 2015-11-25 15:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 18:20 - 2015-11-25 15:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 18:20 - 2015-11-25 15:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 18:20 - 2015-11-25 15:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 18:20 - 2015-11-25 15:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 18:20 - 2015-11-25 15:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 18:20 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 18:20 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 18:20 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 18:20 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 18:20 - 2015-11-25 15:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 18:20 - 2015-11-25 15:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 18:20 - 2015-11-25 15:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 18:20 - 2015-11-25 15:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 18:20 - 2015-11-25 15:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 18:20 - 2015-11-25 15:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 18:20 - 2015-11-25 15:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 18:20 - 2015-11-25 15:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 18:20 - 2015-11-25 15:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 18:20 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 18:20 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 18:20 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 18:20 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 18:20 - 2015-11-25 13:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 18:20 - 2015-11-25 13:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-03 12:37 - 2015-12-03 12:37 - 00520155 _____ C:\Users\neil\Downloads\SecondEditionLKMtnTrailsMap.pdf
2015-11-30 21:54 - 2015-11-30 21:54 - 00000000 ____D C:\Users\neil\AppData\LocalLow\Temp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-27 21:25 - 2013-11-07 13:43 - 00000000 ___RD C:\Users\neil\Dropbox
2015-12-27 21:24 - 2013-11-08 12:41 - 00000000 ____D C:\Users\neil\Documents\Outlook Files
2015-12-27 21:19 - 2014-01-05 21:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-27 21:15 - 2014-01-26 09:14 - 00000000 ____D C:\ProgramData\MFAData
2015-12-27 21:13 - 2015-10-08 19:00 - 00000000 ____D C:\Users\neil\AppData\Roaming\Skype
2015-12-27 21:09 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-27 21:08 - 2013-11-07 13:43 - 00000000 __SHD C:\Users\neil\Dropbox\.dropbox.cache
2015-12-27 21:07 - 2013-11-07 13:41 - 00000000 ____D C:\Users\neil\AppData\Roaming\Dropbox
2015-12-27 21:06 - 2015-10-06 13:37 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-27 21:06 - 2015-08-12 10:07 - 00000000 __SHD C:\Users\neil\IntelGraphicsProfiles
2015-12-27 21:06 - 2015-08-12 09:59 - 00816454 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-27 21:06 - 2015-08-12 09:49 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-27 21:06 - 2015-07-10 22:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-27 21:06 - 2013-10-25 15:41 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-27 21:04 - 2013-10-25 15:41 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-27 21:02 - 2015-07-10 23:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-27 21:02 - 2013-06-21 08:11 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-12-27 21:01 - 2015-07-10 20:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-27 21:01 - 2013-11-04 09:35 - 00000000 ____D C:\Users\neil\AppData\Local\Adobe
2015-12-27 20:59 - 2015-06-20 18:33 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4058758161-2977935132-2057762346-1001UA.job
2015-12-27 20:42 - 2015-10-06 13:37 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-27 20:36 - 2015-07-10 20:05 - 00000000 ____D C:\Windows
2015-12-27 20:33 - 2015-07-16 21:26 - 00000000 ____D C:\Users\neil\AppData\Local\CrashDumps
2015-12-27 18:59 - 2013-06-21 08:17 - 00000000 ____D C:\ProgramData\Norton
2015-12-27 18:56 - 2013-12-10 11:16 - 00000000 ____D C:\Users\neil\AppData\Local\Citrix
2015-12-27 18:55 - 2015-11-23 10:40 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-27 17:16 - 2013-11-06 18:04 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A91C7C8F-EF97-487E-AA95-53DAF3A727B4}
2015-12-26 19:18 - 2015-03-11 12:36 - 00000000 ____D C:\Users\neil\Dropbox\WORK
2015-12-26 19:09 - 2013-11-03 17:24 - 00000000 ____D C:\Users\neil\Dropbox\Business Stuff
2015-12-25 21:25 - 2015-04-14 12:34 - 00000000 ____D C:\AdwCleaner
2015-12-25 21:06 - 2015-07-26 10:34 - 00000000 ____D C:\Users\neil\Dropbox\Post to instagram
2015-12-24 22:35 - 2015-06-29 19:26 - 00000000 ___RD C:\Users\neil\Dropbox\Book GOR Edited
2015-12-22 16:01 - 2015-07-10 22:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-22 12:29 - 2015-07-10 20:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-22 09:03 - 2015-05-07 11:30 - 00000000 ___RD C:\Users\neil\Dropbox\Camera Uploads
2015-12-17 13:59 - 2015-06-20 18:33 - 00000872 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4058758161-2977935132-2057762346-1001Core.job
2015-12-16 09:52 - 2013-11-06 10:35 - 00002236 ____H C:\Users\neil\Documents\Default.rdp
2015-12-14 14:30 - 2013-11-10 11:45 - 00001456 _____ C:\Users\neil\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-12-14 08:55 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-12 20:19 - 2013-11-03 17:29 - 00000000 ____D C:\Users\neil\AppData\Roaming\FileZilla
2015-12-12 17:16 - 2013-10-25 13:35 - 00000000 ____D C:\Users\neil\AppData\Local\Packages
2015-12-12 16:23 - 2013-11-03 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-12-12 16:23 - 2013-11-03 17:29 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-12-12 16:22 - 2015-10-06 13:37 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-12 16:13 - 2015-10-08 19:00 - 00000000 ____D C:\Users\neil\AppData\Local\Skype
2015-12-12 16:13 - 2015-10-08 19:00 - 00000000 ____D C:\ProgramData\Skype
2015-12-12 16:12 - 2015-07-10 23:20 - 05121584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 20:50 - 2014-03-13 08:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 20:50 - 2014-03-13 08:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 20:49 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-09 18:32 - 2013-11-03 17:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 18:31 - 2015-05-14 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-09 18:31 - 2014-07-15 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2015-12-09 18:31 - 2014-07-15 12:04 - 00000000 ____D C:\Program Files\Microsoft Lync
2015-12-09 18:31 - 2014-07-15 12:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2015-12-09 18:29 - 2014-03-13 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 18:28 - 2013-10-28 16:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 18:22 - 2015-07-10 21:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 18:22 - 2014-08-18 09:35 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-04 13:54 - 2015-06-20 18:33 - 00004040 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4058758161-2977935132-2057762346-1001UA
2015-12-04 13:54 - 2015-06-20 18:33 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4058758161-2977935132-2057762346-1001Core
2015-12-02 13:59 - 2013-10-25 15:41 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 13:59 - 2013-10-25 15:41 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 11:32 - 2015-10-05 22:49 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 11:32 - 2015-10-05 22:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 21:30 - 2015-08-13 03:47 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-30 21:28 - 2015-10-30 20:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-30 08:50 - 2015-11-12 21:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-29 17:47 - 2013-11-02 20:29 - 00000000 ____D C:\Users\neil\AppData\Roaming\Spotify
2015-11-29 17:46 - 2013-11-02 20:29 - 00000000 ____D C:\Users\neil\AppData\Local\Spotify
 
==================== Files in the root of some directories =======
 
2013-11-14 10:06 - 2013-11-14 10:06 - 0000132 _____ () C:\Users\neil\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-08-14 13:50 - 2015-11-07 14:35 - 0000132 _____ () C:\Users\neil\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-11-10 11:45 - 2015-12-14 14:30 - 0001456 _____ () C:\Users\neil\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-08-12 09:49 - 2015-08-12 09:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\neil\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw7ih8k.dll
C:\Users\neil\AppData\Local\Temp\sqlite3.dll
C:\Users\neil\AppData\Local\Temp\sqlite3.exe
C:\Users\neil\AppData\Local\Temp\UNINSTALL.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-25 19:40
 
==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 neil1

neil1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 27 December 2015 - 06:29 AM

Hi guys,
 
So I've got Google and other sites randomly redirecting to scammy-looking sales pages, and popups appear stating that various issues are occurring. Sometimes an Offers4U window appears over pages as well.
 
Note: Just read that I should mention specific issues so I'll give a couple of examples:
 
- A popup that says to call a number because something is being blocked (couldn't copy and paste or copy directly, as it wouldn't let me do anything until I closed it)
- A website was redirected to a page called 2015 Annual Visitor Survey, asking questions and promising a prize
- An ad appears at the top of the page with "Ads by DNS-Keeper" in the corneer.
 
I normally keep things under control with AVG, MalwareBytes, and Adwcleaner. However, none of these are picking up anything.
 
Thanks in advance!
 
Here are the contents of FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by neil (administrator) on NEIL-WIN7 (27-12-2015 21:32:05)
Running from C:\Users\neil\Downloads
Loaded Profiles: neil (Available Profiles: neil)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\neil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-08-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119872 2015-11-12] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-09] (Dropbox, Inc.)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [Spotify Web Helper] => C:\Users\neil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-21] (Spotify Ltd)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [uTorrent] => C:\Users\neil\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-25] (BitTorrent Inc.)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [GoogleChromeAutoLaunch_941D50D7A4ED5B16E198FA23E3479587] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [Google Update] => C:\Users\neil\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-20] (Google Inc.)
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-06-21]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-4058758161-2977935132-2057762346-1001] => eduproxy:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6a90c12a-b2a2-48d6-ae62-97a355d0ca51}: [DhcpNameServer] 10.138.40.38 10.138.40.35
Tcpip\..\Interfaces\{75a351ab-a320-47d4-b5d1-d3b122377f26}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6F5887F5-DA9C-49BB-BC00-BBE1841AD14D}&mid=5a445081b81447d29dc524fed38defa1-fb75dd54eb1ac2fe2bdeec03e3e860caeefe8e86&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-13 11:17:56&v=4.1.4.948&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001 -> DefaultScope {3129578A-DF02-4617-8BB8-7190094A5177} URL =
SearchScopes: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001 -> {3129578A-DF02-4617-8BB8-7190094A5177} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [2014-01-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [2014-01-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-25] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4058758161-2977935132-2057762346-1001: @citrixonline.com/appdetectorplugin -> C:\Users\neil\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-4058758161-2977935132-2057762346-1001: @tools.google.com/Google Update;version=3 -> C:\Users\neil\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-4058758161-2977935132-2057762346-1001: @tools.google.com/Google Update;version=9 -> C:\Users\neil\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-12] ()
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-19] [not signed]
 
Chrome:
=======
CHR HomePage: Profile 2 -> hxxp://google.com.au/
CHR StartupUrls: Profile 2 -> "hxxp://google.com.au/"
CHR Profile: C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (Dimensions) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\baocaagndhipibgklemoalmkljaimfdj [2014-10-22]
CHR Extension: (Hootsuite Hootlet) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (Stop Tony Meow) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dilmdkcidhplbhnpehjmiahegnkpilnf [2014-05-20]
CHR Extension: (Bye Rupert) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdikikkfbfjjemfadgggcohkjoggoof [2014-12-29]
CHR Extension: (Page Analytics (by Google)) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2014-10-27]
CHR Extension: (Pin It Button) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-13]
CHR Extension: (InstaTwit) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhalcamddihdpdgdjkjbgikgobnbbpif [2014-05-30]
CHR Extension: (Google Keep - notes and lists) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-03-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-06-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-10-16]
CHR Extension: (Google Wallet) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-13]
CHR Extension: (Buffer) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2015-02-27]
CHR Extension: (Gmail) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-13]
CHR Profile: C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-14]
CHR Extension: (Docs) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-14]
CHR Extension: (Google Drive) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-14]
CHR Extension: (Google Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-14]
CHR Extension: (Google Sheets) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-14]
CHR Extension: (Gmail) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-14]
CHR Profile: C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (Google Drive) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Dimensions) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\baocaagndhipibgklemoalmkljaimfdj [2015-07-16]
CHR Extension: (ColorZilla) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-06-26]
CHR Extension: (Hootsuite Hootlet) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2015-12-18]
CHR Extension: (YouTube) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Cast) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-12]
CHR Extension: (OneTab) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-03-14]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-12-25]
CHR Extension: (Google Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (FB Pixel Helper) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-12-04]
CHR Extension: (Google Sheets) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Page Analytics (by Google)) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Tailwind Publisher) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkbhgdhhefdphpikedbinecandoigdel [2015-12-12]
CHR Extension: (Pin It Button) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (TweetDeck by Twitter) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-09-15]
CHR Extension: (Google Keep - notes and lists) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-12-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-03-14]
CHR Extension: (Giphy for Chrome) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jlleokkdhkflpmghiioglgmnminbekdi [2015-09-17]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2015-12-25]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2015-03-14]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-05-29]
CHR Extension: (AVG Secure Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Buffer) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2015-11-21]
CHR Extension: (Gmail) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-05-16] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-15] (Intel Corporation)
R2 MySQL; c:\program files (x86)\mysql\mysql server 5.6\bin\mysqld.exe [10982912 2014-07-18] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-12] (Synaptics Incorporated)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-13] (Acer Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-07-10] (ASIX Electronics Corp.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-27] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-12] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-12-27] ()
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-27 21:23 - 2015-12-27 21:23 - 00016148 _____ C:\WINDOWS\system32\NEIL-WIN7_neil_HistoryPrediction.bin
2015-12-27 20:36 - 2015-12-27 20:37 - 00065470 _____ C:\Users\neil\Downloads\Addition.txt
2015-12-27 20:35 - 2015-12-27 21:32 - 00039154 _____ C:\Users\neil\Downloads\FRST.txt
2015-12-27 20:35 - 2015-12-27 21:32 - 00000000 ____D C:\FRST
2015-12-27 20:35 - 2015-12-27 20:35 - 02370560 _____ (Farbar) C:\Users\neil\Downloads\FRST64.exe
2015-12-27 20:27 - 2015-12-27 20:27 - 00000000 _____ C:\autoexec.bat
2015-12-27 20:25 - 2015-12-27 20:25 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\neil\Downloads\SpyHunter-Installer.exe
2015-12-27 20:25 - 2015-12-27 20:25 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-27 18:59 - 2015-12-27 19:24 - 00000000 ____D C:\Users\neil\AppData\Local\NPE
2015-12-27 18:59 - 2015-12-27 18:59 - 03088296 _____ (Symantec Corporation) C:\Users\neil\Downloads\NPE.exe
2015-12-27 18:25 - 2015-12-27 18:27 - 22908888 _____ (Malwarebytes ) C:\Users\neil\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-27 17:25 - 2015-12-27 17:25 - 00000000 ____D C:\Users\neil\Dropbox\PHOTOS TO SORT & USE
2015-12-26 19:19 - 2015-12-26 19:19 - 00000000 ____D C:\Users\neil\Dropbox\TO WATCH
2015-12-23 16:08 - 2015-12-23 16:43 - 00000000 ____D C:\Users\neil\Dropbox\Mermaid Pools - Sussex
2015-12-18 20:30 - 2015-12-27 21:02 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-12-12 16:22 - 2015-12-12 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-12 16:13 - 2015-12-12 16:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-12 16:13 - 2015-12-12 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-09 18:21 - 2015-12-01 16:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 18:21 - 2015-12-01 15:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 18:21 - 2015-11-25 16:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 18:21 - 2015-11-25 16:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 18:21 - 2015-11-25 16:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 18:21 - 2015-11-25 16:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 18:21 - 2015-11-25 15:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 18:21 - 2015-11-25 15:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 18:21 - 2015-11-25 15:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 18:21 - 2015-11-25 15:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 18:21 - 2015-11-25 15:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 18:21 - 2015-11-25 15:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 18:21 - 2015-11-25 15:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 18:21 - 2015-11-25 15:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 18:21 - 2015-11-25 15:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 18:21 - 2015-11-25 15:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 18:21 - 2015-11-25 15:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 18:21 - 2015-11-25 15:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 18:21 - 2015-11-25 15:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 18:21 - 2015-11-25 15:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 18:21 - 2015-11-25 15:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 18:21 - 2015-11-25 15:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 18:21 - 2015-11-25 15:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 18:21 - 2015-11-25 15:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 18:21 - 2015-11-25 15:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 18:21 - 2015-11-25 15:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 18:21 - 2015-11-25 15:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 18:21 - 2015-11-25 15:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 18:20 - 2015-12-01 18:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 18:20 - 2015-12-01 17:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 18:20 - 2015-12-01 16:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 18:20 - 2015-12-01 16:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 18:20 - 2015-12-01 16:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 18:20 - 2015-11-25 16:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 18:20 - 2015-11-25 16:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 18:20 - 2015-11-25 16:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 18:20 - 2015-11-25 16:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 18:20 - 2015-11-25 16:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 18:20 - 2015-11-25 16:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 18:20 - 2015-11-25 16:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 18:20 - 2015-11-25 15:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 18:20 - 2015-11-25 15:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 18:20 - 2015-11-25 15:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 18:20 - 2015-11-25 15:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 18:20 - 2015-11-25 15:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 18:20 - 2015-11-25 15:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 18:20 - 2015-11-25 15:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 18:20 - 2015-11-25 15:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 18:20 - 2015-11-25 15:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 18:20 - 2015-11-25 15:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 18:20 - 2015-11-25 15:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 18:20 - 2015-11-25 15:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 18:20 - 2015-11-25 15:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 18:20 - 2015-11-25 15:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 18:20 - 2015-11-25 15:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 18:20 - 2015-11-25 15:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 18:20 - 2015-11-25 15:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 18:20 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 18:20 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 18:20 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 18:20 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 18:20 - 2015-11-25 15:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 18:20 - 2015-11-25 15:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 18:20 - 2015-11-25 15:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 18:20 - 2015-11-25 15:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 18:20 - 2015-11-25 15:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 18:20 - 2015-11-25 15:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 18:20 - 2015-11-25 15:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 18:20 - 2015-11-25 15:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 18:20 - 2015-11-25 15:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 18:20 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 18:20 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 18:20 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 18:20 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 18:20 - 2015-11-25 13:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 18:20 - 2015-11-25 13:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-03 12:37 - 2015-12-03 12:37 - 00520155 _____ C:\Users\neil\Downloads\SecondEditionLKMtnTrailsMap.pdf
2015-11-30 21:54 - 2015-11-30 21:54 - 00000000 ____D C:\Users\neil\AppData\LocalLow\Temp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-27 21:25 - 2013-11-07 13:43 - 00000000 ___RD C:\Users\neil\Dropbox
2015-12-27 21:24 - 2013-11-08 12:41 - 00000000 ____D C:\Users\neil\Documents\Outlook Files
2015-12-27 21:19 - 2014-01-05 21:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-27 21:15 - 2014-01-26 09:14 - 00000000 ____D C:\ProgramData\MFAData
2015-12-27 21:13 - 2015-10-08 19:00 - 00000000 ____D C:\Users\neil\AppData\Roaming\Skype
2015-12-27 21:09 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-27 21:08 - 2013-11-07 13:43 - 00000000 __SHD C:\Users\neil\Dropbox\.dropbox.cache
2015-12-27 21:07 - 2013-11-07 13:41 - 00000000 ____D C:\Users\neil\AppData\Roaming\Dropbox
2015-12-27 21:06 - 2015-10-06 13:37 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-27 21:06 - 2015-08-12 10:07 - 00000000 __SHD C:\Users\neil\IntelGraphicsProfiles
2015-12-27 21:06 - 2015-08-12 09:59 - 00816454 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-27 21:06 - 2015-08-12 09:49 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-27 21:06 - 2015-07-10 22:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-27 21:06 - 2013-10-25 15:41 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-27 21:04 - 2013-10-25 15:41 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-27 21:02 - 2015-07-10 23:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-27 21:02 - 2013-06-21 08:11 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-12-27 21:01 - 2015-07-10 20:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-27 21:01 - 2013-11-04 09:35 - 00000000 ____D C:\Users\neil\AppData\Local\Adobe
2015-12-27 20:59 - 2015-06-20 18:33 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4058758161-2977935132-2057762346-1001UA.job
2015-12-27 20:42 - 2015-10-06 13:37 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-27 20:36 - 2015-07-10 20:05 - 00000000 ____D C:\Windows
2015-12-27 20:33 - 2015-07-16 21:26 - 00000000 ____D C:\Users\neil\AppData\Local\CrashDumps
2015-12-27 18:59 - 2013-06-21 08:17 - 00000000 ____D C:\ProgramData\Norton
2015-12-27 18:56 - 2013-12-10 11:16 - 00000000 ____D C:\Users\neil\AppData\Local\Citrix
2015-12-27 18:55 - 2015-11-23 10:40 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-27 17:16 - 2013-11-06 18:04 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A91C7C8F-EF97-487E-AA95-53DAF3A727B4}
2015-12-26 19:18 - 2015-03-11 12:36 - 00000000 ____D C:\Users\neil\Dropbox\WORK
2015-12-26 19:09 - 2013-11-03 17:24 - 00000000 ____D C:\Users\neil\Dropbox\Business Stuff
2015-12-25 21:25 - 2015-04-14 12:34 - 00000000 ____D C:\AdwCleaner
2015-12-25 21:06 - 2015-07-26 10:34 - 00000000 ____D C:\Users\neil\Dropbox\Post to instagram
2015-12-24 22:35 - 2015-06-29 19:26 - 00000000 ___RD C:\Users\neil\Dropbox\Book GOR Edited
2015-12-22 16:01 - 2015-07-10 22:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-22 12:29 - 2015-07-10 20:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-22 09:03 - 2015-05-07 11:30 - 00000000 ___RD C:\Users\neil\Dropbox\Camera Uploads
2015-12-17 13:59 - 2015-06-20 18:33 - 00000872 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4058758161-2977935132-2057762346-1001Core.job
2015-12-16 09:52 - 2013-11-06 10:35 - 00002236 ____H C:\Users\neil\Documents\Default.rdp
2015-12-14 14:30 - 2013-11-10 11:45 - 00001456 _____ C:\Users\neil\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-12-14 08:55 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-12 20:19 - 2013-11-03 17:29 - 00000000 ____D C:\Users\neil\AppData\Roaming\FileZilla
2015-12-12 17:16 - 2013-10-25 13:35 - 00000000 ____D C:\Users\neil\AppData\Local\Packages
2015-12-12 16:23 - 2013-11-03 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-12-12 16:23 - 2013-11-03 17:29 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-12-12 16:22 - 2015-10-06 13:37 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-12 16:13 - 2015-10-08 19:00 - 00000000 ____D C:\Users\neil\AppData\Local\Skype
2015-12-12 16:13 - 2015-10-08 19:00 - 00000000 ____D C:\ProgramData\Skype
2015-12-12 16:12 - 2015-07-10 23:20 - 05121584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 20:50 - 2014-03-13 08:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 20:50 - 2014-03-13 08:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 20:49 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-09 18:32 - 2013-11-03 17:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 18:31 - 2015-05-14 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-09 18:31 - 2014-07-15 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2015-12-09 18:31 - 2014-07-15 12:04 - 00000000 ____D C:\Program Files\Microsoft Lync
2015-12-09 18:31 - 2014-07-15 12:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2015-12-09 18:29 - 2014-03-13 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 18:28 - 2013-10-28 16:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 18:22 - 2015-07-10 21:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 18:22 - 2014-08-18 09:35 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-04 13:54 - 2015-06-20 18:33 - 00004040 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4058758161-2977935132-2057762346-1001UA
2015-12-04 13:54 - 2015-06-20 18:33 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4058758161-2977935132-2057762346-1001Core
2015-12-02 13:59 - 2013-10-25 15:41 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 13:59 - 2013-10-25 15:41 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 11:32 - 2015-10-05 22:49 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 11:32 - 2015-10-05 22:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 21:30 - 2015-08-13 03:47 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-30 21:28 - 2015-10-30 20:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-30 08:50 - 2015-11-12 21:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-29 17:47 - 2013-11-02 20:29 - 00000000 ____D C:\Users\neil\AppData\Roaming\Spotify
2015-11-29 17:46 - 2013-11-02 20:29 - 00000000 ____D C:\Users\neil\AppData\Local\Spotify
 
==================== Files in the root of some directories =======
 
2013-11-14 10:06 - 2013-11-14 10:06 - 0000132 _____ () C:\Users\neil\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-08-14 13:50 - 2015-11-07 14:35 - 0000132 _____ () C:\Users\neil\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-11-10 11:45 - 2015-12-14 14:30 - 0001456 _____ () C:\Users\neil\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-08-12 09:49 - 2015-08-12 09:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\neil\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw7ih8k.dll
C:\Users\neil\AppData\Local\Temp\sqlite3.dll
C:\Users\neil\AppData\Local\Temp\sqlite3.exe
C:\Users\neil\AppData\Local\Temp\UNINSTALL.exe
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-12-25 19:40
 
==================== End of FRST.txt ============================
 
 

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 27 December 2015 - 11:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6F5887F5-DA9C-49BB-BC00-BBE1841AD14D}&mid=5a445081b81447d29dc524fed38defa1-fb75dd54eb1ac2fe2bdeec03e3e860caeefe8e86&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-13 11:17:56&v=4.1.4.948&pid=wtu&sg=&sap=hp
Toolbar: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-05-29]
CHR Extension: (AVG Secure Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-14]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
CustomCLSID: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\neil\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\neil\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\neil\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\neil\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0F833CD9-EA7C-4777-A4F7-D658B6B73FC4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {209B7A0D-DAE4-4445-B5DF-93AD105DA48C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {292A4B9F-8D4A-4435-9D96-3426B4048FDC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {32C59891-3788-4DBC-823A-4F5263DCAACD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {388800C2-E357-4B30-9C95-3D4C049A6E2B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {80E721FD-81BC-40B4-8B50-DB8B96B78187} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8DCB4F98-DC6D-478B-A893-59C77542CA6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C6FC764B-F668-4E3E-B3AD-547D36BB5F3E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D14E42B4-4C3E-48EB-800B-ACD4E7B7EB43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D6B6831E-8A50-4A12-B0FA-00916203150D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D6BE0571-034E-43D5-B975-4E7A3C57873D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
===

How is the computer running now?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 27 December 2015 - 11:39 AM

Hi.

Is this a duplicate post?

http://www.bleepingcomputer.com/forums/t/600557/popups-and-redirects-more-than-one-infection-i-think/

#5 neil1

neil1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 27 December 2015 - 06:42 PM

It is! Sorry about that. :/ Will work through the other one now.



#6 neil1

neil1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 27 December 2015 - 07:21 PM

Hi nasdaq,

 

Thanks very much for helping me. I've pasted the contents of the fix log below.

 

Cheers

Neil

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by neil (2015-12-28 10:46:25) Run:1
Running from C:\Users\neil\Downloads
Loaded Profiles: neil (Available Profiles: neil)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6F5887F5-DA9C-49BB-BC00-BBE1841AD14D}&mid=5a445081b81447d29dc524fed38defa1-fb75dd54eb1ac2fe2bdeec03e3e860caeefe8e86&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-13 11:17:56&v=4.1.4.948&pid=wtu&sg=&sap=hp
Toolbar: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-05-29]
CHR Extension: (AVG Secure Search) - C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-14]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
CustomCLSID: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\neil\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\neil\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\neil\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\neil\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0F833CD9-EA7C-4777-A4F7-D658B6B73FC4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {209B7A0D-DAE4-4445-B5DF-93AD105DA48C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {292A4B9F-8D4A-4435-9D96-3426B4048FDC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {32C59891-3788-4DBC-823A-4F5263DCAACD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {388800C2-E357-4B30-9C95-3D4C049A6E2B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {80E721FD-81BC-40B4-8B50-DB8B96B78187} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8DCB4F98-DC6D-478B-A893-59C77542CA6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C6FC764B-F668-4E3E-B3AD-547D36BB5F3E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D14E42B4-4C3E-48EB-800B-ACD4E7B7EB43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D6B6831E-8A50-4A12-B0FA-00916203150D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D6BE0571-034E-43D5-B975-4E7A3C57873D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4058758161-2977935132-2057762346-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp => moved successfully
C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => moved successfully
wfpcapture => service removed successfully
"HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-4058758161-2977935132-2057762346-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F833CD9-EA7C-4777-A4F7-D658B6B73FC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F833CD9-EA7C-4777-A4F7-D658B6B73FC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{209B7A0D-DAE4-4445-B5DF-93AD105DA48C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{209B7A0D-DAE4-4445-B5DF-93AD105DA48C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{292A4B9F-8D4A-4435-9D96-3426B4048FDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{292A4B9F-8D4A-4435-9D96-3426B4048FDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32C59891-3788-4DBC-823A-4F5263DCAACD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32C59891-3788-4DBC-823A-4F5263DCAACD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{388800C2-E357-4B30-9C95-3D4C049A6E2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{388800C2-E357-4B30-9C95-3D4C049A6E2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80E721FD-81BC-40B4-8B50-DB8B96B78187}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80E721FD-81BC-40B4-8B50-DB8B96B78187}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DCB4F98-DC6D-478B-A893-59C77542CA6C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DCB4F98-DC6D-478B-A893-59C77542CA6C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6FC764B-F668-4E3E-B3AD-547D36BB5F3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6FC764B-F668-4E3E-B3AD-547D36BB5F3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D14E42B4-4C3E-48EB-800B-ACD4E7B7EB43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14E42B4-4C3E-48EB-800B-ACD4E7B7EB43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6B6831E-8A50-4A12-B0FA-00916203150D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6B6831E-8A50-4A12-B0FA-00916203150D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6BE0571-034E-43D5-B975-4E7A3C57873D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6BE0571-034E-43D5-B975-4E7A3C57873D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"C:\Users\neil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp" => not found.
EmptyTemp: => 4.2 GB temporary data Removed.
 

The system needed a reboot.
 
==== End of Fixlog 10:48:11 ====

 


PS. It seems okay now but the problem was intermittent, so it's hard to tell for sure.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 28 December 2015 - 08:29 AM

Duplicate post. It will be closed.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 28 December 2015 - 08:30 AM

I locked the duplicate post.

Waiting for your logs.

#9 neil1

neil1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 28 December 2015 - 09:17 PM

You locked the wrong one sorry mate. I posted the log in the other one before you locked it. Anyways, it seems to be fixed now. Thanks!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 29 December 2015 - 08:30 AM

I have now merged the topics. So we can now see the whole picture.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

Edited by nasdaq, 29 December 2015 - 08:30 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 04 January 2016 - 02:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users