Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirector - Find-all-you-want.com


  • This topic is locked This topic is locked
4 replies to this topic

#1 jerdria

jerdria

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 11 January 2015 - 11:13 AM

I am and issue with being redirected in ie version 11.09600.1750.  I am continually redirected by Find-all-you-want. After reading a couple posts on this I ran AdwCleaner.exe, then Malwarebytes, then Junkware Removal Tool, then Frst64.   Below are the contents of FRST.  A file called Additional was also created. Let me know if I should paste those contents into a post as well.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by GLaw (administrator) on VRN-CA1074-VP on 11-01-2015 10:42:24
Running from C:\Users\GLaw\Desktop
Loaded Profile: GLaw (Available profiles: GLaw & installer)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files (x86)\AirPrint\airprint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Dell) C:\Users\GLaw\AppData\Local\Apps\2.0\NZN28ZZ7.CGV\15V1TJ10.1OZ\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Dropbox, Inc.) C:\Users\GLaw\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [900992 2011-12-09] (FileOpen Systems Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-08-16] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-01-24] (Memeo Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-02-03] (Symantec Corporation)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1004336348-1500820517-1801674531-1238\...\Run: [Actual Multiple Monitors] => C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1735472 2013-04-13] (Actual Tools)
HKU\S-1-5-21-1004336348-1500820517-1801674531-1238\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1004336348-1500820517-1801674531-1238\...\Run: [Google Update] => C:\Users\GLaw\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-25] (Google Inc.)
HKU\S-1-5-21-1004336348-1500820517-1801674531-1238\...\Run: [DellSystemDetect] => C:\Users\GLaw\AppData\Local\Apps\2.0\NZN28ZZ7.CGV\15V1TJ10.1OZ\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-28] (Dell)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\GLaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\GLaw\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\GLaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1004336348-1500820517-1801674531-1238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKU\S-1-5-21-1004336348-1500820517-1801674531-1238\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1004336348-1500820517-1801674531-1238\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/home-page
HKU\S-1-5-21-1004336348-1500820517-1801674531-1238\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
SearchScopes: HKLM -> {00DCB640-1478-4941-9741-8D5AD9A8194A} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {00DCB640-1478-4941-9741-8D5AD9A8194A} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-1500820517-1801674531-1238 -> {00DCB640-1478-4941-9741-8D5AD9A8194A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} http://jjsfweb02.jjsf.net/jde/axctls/jdewebctlsU.cab
DPF: HKLM-x32 {CF38E898-0A6B-11D6-83C6-0080AD7D6076} http://129.2.3.19/common/NPRemvu.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP12-14923/webex/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} http://jjsfweb02.jjsf.net/jde/axctls/jdeexpimpU.cab
Handler: WSISVCUchrome - No CLSID Value
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{23C009C6-6D93-480B-9E9B-DDE6C28D0E5D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{2A8B5755-5822-4861-B170-087872044C27}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{2B0EEEE8-69EB-41F9-965C-BDFBB449471D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{58BFE959-01F8-48D8-9426-540EBB3B3CE7}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{611F90B2-FD57-4D44-898F-D52F0C6299BE}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7B014B73-AD46-4F3C-A023-5C8E3C6BD084}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9C8E219B-F24C-4751-9D8A-AFF2ACCD2105}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D194CF41-E52E-4CC5-88AB-69B2F514EBFD}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1004336348-1500820517-1801674531-1238: @citrixonline.com/appdetectorplugin -> C:\Users\GLaw\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1004336348-1500820517-1801674531-1238: @tools.google.com/Google Update;version=3 -> C:\Users\GLaw\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-1500820517-1801674531-1238: @tools.google.com/Google Update;version=9 -> C:\Users\GLaw\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-28]
CHR Extension: (Google Drive) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-28]
CHR Extension: (Google Cast) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-25]
CHR Extension: (Google Search) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-28]
CHR Extension: (Xfinity) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-11-28]
CHR Extension: (Google Wallet) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR Extension: (Gmail) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2011-10-15] (Apple Inc.)
R2 Automatic LiveUpdate Scheduler; C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-08-01] (Symantec Corporation)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-02-03] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-02-03] (Symantec Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
R2 FileOpenManagerSvc; C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [334720 2011-12-09] (FileOpen Systems Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-08-01] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [88912 2010-05-20] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 QDLService2kDell; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [331512 2010-06-25] (QUALCOMM, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3081544 2009-02-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [388424 2009-02-03] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2440120 2009-02-03] (Symantec Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel® Corporation) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
R3 qcfilterdl2k; C:\Windows\System32\DRIVERS\qcfilterdl2k.sys [6400 2010-06-25] (QUALCOMM Incorporated)
R3 qcusbnetdl2k; C:\Windows\System32\DRIVERS\qcusbnetdl2k.sys [443392 2010-06-25] (QUALCOMM Incorporated)
R3 qcusbserdl2k; C:\Windows\System32\DRIVERS\qcusbserdl2k.sys [230784 2010-06-25] (QUALCOMM Incorporated)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-02-03] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [441904 2009-02-03] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480816 2009-02-03] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [480816 2009-02-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-02-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2009-02-03] (Symantec Corporation)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 10:42 - 2015-01-11 10:42 - 00023780 _____ () C:\Users\GLaw\Desktop\FRST.txt
2015-01-11 10:41 - 2015-01-11 10:41 - 00000948 _____ () C:\Users\GLaw\Desktop\JRT.txt
2015-01-11 10:38 - 2015-01-11 10:38 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 10:35 - 2015-01-11 10:42 - 00000000 ____D () C:\FRST
2015-01-11 10:34 - 2015-01-11 10:34 - 02124288 _____ (Farbar) C:\Users\GLaw\Desktop\FRST64.exe
2015-01-11 10:17 - 2015-01-11 10:17 - 00005777 _____ () C:\Users\GLaw\Desktop\AdwCleaner[S0].txt
2015-01-11 10:17 - 2015-01-11 10:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2015-01-11 10:13 - 2015-01-11 10:14 - 00000000 ____D () C:\AdwCleaner
2015-01-06 21:51 - 2015-01-06 21:51 - 00000331 _____ () C:\Windows\SysWOW64\2015_01_06_09_51_31.xml
2015-01-06 21:42 - 2015-01-06 21:42 - 00003100 _____ () C:\Windows\System32\Tasks\{3D77C944-3E0E-4F04-9435-C427B138A3F2}
2015-01-06 21:24 - 2015-01-06 21:24 - 00008205 _____ () C:\Users\GLaw\Desktop\Book1.xls
2014-12-30 22:16 - 2014-12-30 22:16 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-12-30 22:11 - 2014-12-30 22:11 - 00000000 ____D () C:\ProgramData\KasperskyLab
2014-12-30 22:03 - 2014-12-30 22:36 - 00000000 ____D () C:\Users\GLaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-12-30 22:03 - 2014-12-30 22:36 - 00000000 ____D () C:\ProgramData\Norton
2014-12-28 13:42 - 2014-12-28 13:42 - 00000000 ____D () C:\Users\GLaw\AppData\Roaming\iSkysoft Video Converter Ultimate
2014-12-28 13:27 - 2015-01-06 21:10 - 00000000 ____D () C:\ProgramData\iSkysoft
2014-12-28 08:54 - 2014-12-28 08:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-12-28 08:54 - 2014-12-28 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
2014-12-28 08:54 - 2014-12-28 08:54 - 00000000 ____D () C:\Program Files\Broadcom Corporation
2014-12-28 08:54 - 2011-06-22 14:01 - 00440208 _____ () C:\Windows\system32\brcmbsp.dll
2014-12-28 08:54 - 2011-06-22 14:01 - 00241032 _____ () C:\Windows\system32\bipbsp.dll
2014-12-28 08:06 - 2014-12-28 08:28 - 00016504 _____ () C:\Windows\system32\results.xml
2014-12-28 08:01 - 2014-12-28 08:01 - 00000107 _____ () C:\Windows\drvupdatesetup.log
2014-12-28 07:59 - 2014-12-28 08:00 - 00000000 ____D () C:\Program Files\IDT
2014-12-28 07:59 - 2014-12-28 07:59 - 00003282 _____ () C:\Windows\System32\Tasks\{DDAE6BBD-52D4-4E0D-B136-C2D957D989E7}
2014-12-28 07:59 - 2013-02-08 00:04 - 04380144 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2014-12-28 07:59 - 2013-02-08 00:04 - 00510960 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-12-28 07:59 - 2013-02-08 00:04 - 00418800 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-12-28 07:59 - 2013-02-08 00:04 - 00394224 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-12-28 07:59 - 2013-02-08 00:04 - 00241136 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-12-28 07:59 - 2013-02-08 00:04 - 00185840 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-12-28 07:59 - 2013-02-08 00:04 - 00168944 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-12-28 07:59 - 2013-02-01 05:58 - 18664960 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 13913600 _____ () C:\Windows\SysWOW64\ig4icd32.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 12312928 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-12-28 07:59 - 2013-02-01 05:58 - 08314368 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 02780160 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 02191872 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 01981696 _____ () C:\Windows\system32\iglhxa64.cpa
2014-12-28 07:59 - 2013-02-01 05:58 - 00867020 _____ () C:\Windows\SysWOW64\igkrng575.bin
2014-12-28 07:59 - 2013-02-01 05:58 - 00867020 _____ () C:\Windows\system32\igkrng575.bin
2014-12-28 07:59 - 2013-02-01 05:58 - 00390144 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00378368 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00376832 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00376832 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00376320 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00293888 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00283648 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00283136 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-12-28 07:59 - 2013-02-01 05:58 - 00246784 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00219136 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00211303 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00198139 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00182706 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00156233 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00153167 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00149009 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00146432 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00140216 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00138727 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00137846 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00137668 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00136603 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00135628 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00135370 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00134836 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00134412 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00134384 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00133846 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00133709 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00133404 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00133178 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00132889 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00132788 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00131839 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00128996 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00128831 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00128535 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00128204 _____ () C:\Windows\SysWOW64\igcompkrng575.bin
2014-12-28 07:59 - 2013-02-01 05:58 - 00128204 _____ () C:\Windows\system32\igcompkrng575.bin
2014-12-28 07:59 - 2013-02-01 05:58 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-12-28 07:59 - 2013-02-01 05:58 - 00124052 _____ () C:\Windows\system32\Gfxres.en-US.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00117636 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00116348 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2014-12-28 07:59 - 2013-02-01 05:58 - 00105608 _____ () C:\Windows\SysWOW64\igfcg575m.bin
2014-12-28 07:59 - 2013-02-01 05:58 - 00105608 _____ () C:\Windows\system32\igfcg575m.bin
2014-12-28 07:59 - 2013-02-01 05:58 - 00098304 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00098304 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2993.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00059243 _____ () C:\Windows\system32\iglhxo64.vp
2014-12-28 07:59 - 2013-02-01 05:58 - 00059174 _____ () C:\Windows\system32\iglhxg64.vp
2014-12-28 07:59 - 2013-02-01 05:58 - 00059062 _____ () C:\Windows\system32\iglhxc64.vp
2014-12-28 07:59 - 2013-02-01 05:58 - 00028672 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00024576 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00017444 _____ () C:\Windows\system32\iglhxs64.vp
2014-12-28 07:59 - 2013-02-01 05:58 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-12-28 07:59 - 2013-02-01 05:58 - 00001074 _____ () C:\Windows\system32\iglhxa64.vp
2014-12-28 07:59 - 2011-08-22 18:42 - 00317440 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2014-12-28 07:59 - 2011-08-22 18:42 - 00014848 _____ (Intel® Corporation) C:\Windows\system32\IntcDAuC.dll
2014-12-28 07:59 - 2010-08-16 22:59 - 01466880 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2014-12-28 07:59 - 2010-08-16 22:59 - 00646656 _____ (IDT, Inc.) C:\Windows\system32\stapi64.dll
2014-12-28 07:59 - 2010-08-16 22:59 - 00515584 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2014-12-28 07:59 - 2010-08-16 22:59 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2014-12-28 07:59 - 2010-08-16 22:59 - 00209920 _____ (IDT, Inc.) C:\Windows\system32\st646292.dll
2014-12-28 07:59 - 2009-09-02 06:13 - 00131072 _____ (Dell, Inc.) C:\Windows\SysWOW64\DellSPMsg.dll
2014-12-28 07:58 - 2013-02-12 21:31 - 00114520 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-12-28 07:57 - 2013-02-21 14:10 - 00489264 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-12-28 07:56 - 2014-12-28 07:56 - 00000000 ____D () C:\Users\GLaw\AppData\Local\Dell
2014-12-28 07:23 - 2014-12-28 07:31 - 00000000 ____D () C:\Users\GLaw\AppData\Local\Deployment
2014-12-28 07:23 - 2014-12-28 07:23 - 00000000 ____D () C:\Users\GLaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-28 07:23 - 2014-12-28 07:23 - 00000000 ____D () C:\Users\GLaw\AppData\Local\Apps\2.0
2014-12-26 09:45 - 2014-12-26 09:45 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 09:44 - 2015-01-11 10:17 - 00003194 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1500820517-1801674531-1238
2014-12-25 12:22 - 2015-01-11 10:27 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1500820517-1801674531-1238UA.job
2014-12-25 12:22 - 2015-01-10 13:08 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1500820517-1801674531-1238Core.job
2014-12-25 12:22 - 2014-12-25 12:22 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1500820517-1801674531-1238UA
2014-12-25 12:22 - 2014-12-25 12:22 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1500820517-1801674531-1238Core
2014-12-25 12:22 - 2014-12-25 12:22 - 00000000 ____D () C:\Users\GLaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-12-18 07:03 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 07:03 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:00 - 2014-12-17 08:00 - 00000973 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-12 15:10 - 2015-01-11 10:37 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1004336348-1500820517-1801674531-1238.job
2014-12-12 15:10 - 2015-01-04 12:53 - 00003556 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1004336348-1500820517-1801674531-1238

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 10:40 - 2013-07-29 07:46 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 10:29 - 2014-11-15 12:56 - 00004950 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JJSF-GLaw VRN-CA1074-VP.jjsf.net
2015-01-11 10:26 - 2012-07-16 05:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 10:23 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 10:23 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 10:22 - 2009-07-14 00:13 - 00006542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 10:19 - 2014-08-08 13:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 10:19 - 2009-07-14 00:10 - 01682944 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 10:17 - 2014-11-11 12:39 - 00003330 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1500820517-1801674531-1238
2015-01-11 10:17 - 2013-10-29 07:53 - 00000000 ____D () C:\Users\GLaw\AppData\Roaming\Dropbox
2015-01-11 10:17 - 2013-10-28 13:17 - 00000000 ___RD () C:\Users\GLaw\Dropbox
2015-01-11 10:17 - 2013-07-29 07:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 10:15 - 2014-05-08 21:25 - 00030109 _____ () C:\Windows\setupact.log
2015-01-11 10:15 - 2011-02-03 23:57 - 01376402 _____ () C:\Windows\PFRO.log
2015-01-11 10:15 - 2011-02-03 22:03 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
2015-01-11 10:15 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 10:05 - 2011-03-05 22:30 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-10 18:43 - 2014-11-12 11:27 - 00004950 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {1e565f39-6a72-43f3-9050-ea59b4949d64} VRN-CA1074-VP.jjsf.net
2015-01-09 22:42 - 2013-10-28 13:00 - 00000000 ____D () C:\Users\GLaw\AppData\Roaming\Real
2015-01-09 18:06 - 2013-10-28 14:04 - 00000000 ____D () C:\Users\GLaw\Documents\My Discovery Files
2015-01-09 17:16 - 2011-02-17 20:09 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2015-01-09 14:19 - 2011-02-03 22:11 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-09 07:31 - 2011-02-17 20:10 - 00006802 __RSH () C:\ProgramData\ntuser.pol
2015-01-06 21:53 - 2013-10-28 13:00 - 00000000 ____D () C:\Users\GLaw\AppData\Local\Citrix
2015-01-06 21:52 - 2011-03-08 11:18 - 00000000 ____D () C:\Program Files (x86)\CMS
2015-01-06 21:50 - 2013-10-28 13:00 - 00159992 _____ () C:\Users\GLaw\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-06 21:47 - 2009-07-13 23:45 - 00568696 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 21:44 - 2011-02-18 11:15 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2015-01-06 21:44 - 2011-02-18 11:10 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-06 21:44 - 2011-02-18 11:10 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-01-06 21:44 - 2011-02-17 20:13 - 00000000 ____D () C:\Program Files (x86)\DM NetVu Observer
2015-01-06 21:43 - 2011-02-17 20:25 - 00000000 ____D () C:\ProgramData\ScanSoft
2015-01-06 21:42 - 2011-02-17 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-01-06 21:36 - 2011-03-05 22:23 - 00000000 ____D () C:\ProgramData\Real
2015-01-06 21:18 - 2011-11-05 10:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-06 21:16 - 2011-05-26 15:27 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-01-06 21:12 - 2011-02-17 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-06 21:12 - 2011-02-17 20:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-06 21:10 - 2013-08-02 19:07 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2015-01-06 12:51 - 2013-08-02 19:08 - 00000000 ____D () C:\ProgramData\iSkysoft Video Converter Ultimate
2015-01-06 04:36 - 2011-02-18 11:05 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 09:11 - 2011-03-03 18:17 - 00000000 ____D () C:\Work
2014-12-31 10:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-30 22:11 - 2013-12-18 12:14 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-28 08:39 - 2011-02-03 23:43 - 00000000 ____D () C:\dell
2014-12-28 08:03 - 2011-02-03 23:54 - 00000000 ____D () C:\Program Files\DellTPad
2014-12-28 08:01 - 2011-02-03 23:57 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-28 08:01 - 2011-02-03 22:01 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-12-28 08:00 - 2011-02-03 23:57 - 00000000 ____D () C:\Intel
2014-12-28 07:59 - 2011-02-03 22:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-28 07:59 - 2011-02-03 22:01 - 00043130 _____ () C:\Windows\DPINST.LOG
2014-12-28 07:57 - 2011-02-03 22:05 - 00000000 ____D () C:\ProgramData\Dell
2014-12-25 12:22 - 2013-10-28 13:05 - 00000000 ____D () C:\Users\GLaw\AppData\Local\Google
2014-12-21 09:12 - 2014-08-08 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 09:12 - 2014-08-08 13:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-17 08:00 - 2011-02-18 11:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-12 14:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\GLaw\AppData\Local\Temp\ammemb.dll
C:\Users\GLaw\AppData\Local\Temp\ammemb64.dll
C:\Users\GLaw\AppData\Local\Temp\AvigilonControlCenterClient-4.12.0.40.exe
C:\Users\GLaw\AppData\Local\Temp\closeui.exe
C:\Users\GLaw\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl2j8o9.dll
C:\Users\GLaw\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\GLaw\AppData\Local\Temp\HitmanPro.exe
C:\Users\GLaw\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\GLaw\AppData\Local\Temp\Quarantine.exe
C:\Users\GLaw\AppData\Local\Temp\sqlite3.dll
C:\Users\GLaw\AppData\Local\Temp\srtUnin.dll
C:\Users\GLaw\AppData\Local\Temp\_is1124.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 09:32

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:26 PM

Posted 13 January 2015 - 11:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKU\S-1-5-21-1004336348-1500820517-1801674531-1238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {00DCB640-1478-4941-9741-8D5AD9A8194A} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {00DCB640-1478-4941-9741-8D5AD9A8194A} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Handler: WSISVCUchrome - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\GLaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is the computer running now?

#3 jerdria

jerdria
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 13 January 2015 - 10:26 PM

It seems to be perfect now.  Thanks for the help this was a total pain in the butt!!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:26 PM

Posted 14 January 2015 - 09:50 AM

Glad we could help.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:26 PM

Posted 14 January 2015 - 09:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users