Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-09-2015 Ran by erica (administrator) on ALLEN (12-09-2015 13:26:03) Running from C:\Users\erica\Desktop Loaded Profiles: erica (Available Profiles: erica & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba) HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-01-03] (RealNetworks, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567568 2015-08-30] () HKLM-x32\...\Run: [SuddenlyMusic AppIntegrator 32-bit] => C:\PROGRA~2\SUDDEN~2\bar\1.bin\AppIntegrator.exe HKLM-x32\...\Run: [SuddenlyMusic AppIntegrator 64-bit] => C:\PROGRA~2\SUDDEN~2\bar\1.bin\AppIntegrator64.exe HKLM-x32\...\Run: [gmsd_us_648] => [X] HKLM-x32\...\Run: [gmsd_us_657] => [X] HKLM-x32\...\Run: [gmsd_us_005010020] => [X] HKLM-x32\...\Run: [gmsd_us_005010022] => [X] HKLM-x32\...\Run: [gmsd_us_005010054] => [X] HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1343300749-3102139153-451857411-1001\...\Run: [DW6] => [X] HKU\S-1-5-21-1343300749-3102139153-451857411-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-21-1343300749-3102139153-451857411-1001\...\Run: [GenieFloater] => C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe HKU\S-1-5-21-1343300749-3102139153-451857411-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) Startup: C:\Users\erica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bm.lnk [2015-06-25] ShortcutTarget: bm.lnk -> C:\Users\erica\AppData\Local\y1bivtutzek5bjd\y3bibzvwzf85dtd.exe (No File) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 64.233.207.8 64.233.207.9 Tcpip\..\Interfaces\{18B79DB5-1DD7-4204-8F35-31524A10787D}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{46BAE8D1-5E5C-4F4F-ADF5-78B4D9ACBC34}: [DhcpNameServer] 64.233.207.8 64.233.207.9 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1343300749-3102139153-451857411-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19 HKU\S-1-5-21-1343300749-3102139153-451857411-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIPc7-luTLJrDFH_OAl5xepwp6FPqPUuo4tdFUJSSqrQ6fncTnwfA7w32X6eBMOU_IxyzZaQuX5QH3FL4DALGIz8gAQUNVeboKxkBMa8mf81QSAxu35Dk0r7cfEngvQPxM6_ymasYMRKPPUIrSUtLCx5qDv6O5azSdShP&q={searchTerms} HKU\S-1-5-21-1343300749-3102139153-451857411-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_ie_us_display?ie=utf8&tagbase=bds-y46&tbrid=v1_bds-y46_2b9d9be0d598407f955b4944e2593db8_1012_1005_20130508_us_ie_sp_todownload HKU\S-1-5-21-1343300749-3102139153-451857411-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/ HKU\S-1-5-21-1343300749-3102139153-451857411-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.yahoo.com/?ilc=1 HKU\S-1-5-21-1343300749-3102139153-451857411-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.mysearchresults.com/?c=2629&t=01 HKU\S-1-5-21-1343300749-3102139153-451857411-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIPc7-luTLJrDFH_OAl5xepwp6FPqPUuo4tdFUJSSqrQ6fncTnwfA7w32X6eBMOU_IxyzZaQuX5QH3FL4DALGIz8gAQUNVeboKxkBMa8mf81QSAxu35Dk0r7cfEngvQPxM6_ymasYMRKPPUIrSUtLCx5qDv6O5azSdShP&q={searchTerms} URLSearchHook: HKLM-x32 - (No Name) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File SearchScopes: HKLM -> DefaultScope {093CD3E6-8ABE-4069-AEB2-EC819F8585E7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {093CD3E6-8ABE-4069-AEB2-EC819F8585E7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIPc7-luTLJrDFH_OAl5xepwp6FPqPUuo4tdFUJSSqrQ6fncTnwfA7w32X6eBMOU_IxyzZaQuX5QH3FL4DALGIz8gAQUNVeboKxkBMa8mf81QSAxu35Dk0r7cfEngvQPxM6_ymasYMRKPPUIrSUtLCx5qDv6O5azSdShP&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AD5895E5-DAC0-42CE-99A0-B3605E03946E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3074349 SearchScopes: HKLM-x32 -> {f74a1771-905e-4046-a27c-62f72ece7452} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^B2N^xdm002^YYA^us&si=CKzcq5SUrsMCFQ6NaQodlYYA1A&ptb=8B009548-2CCB-4BBB-B2CC-B9C210CB6B5E&ind=2015012422&n=781aa646&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> DefaultScope {1095B326-F630-4676-ADE9-B3F95690159A} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F6BztutdksC0001,73707b3c-d147-4206-a0b0-97024b22434c&site=shyosie&q={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {093CD3E6-8ABE-4069-AEB2-EC819F8585E7} URL = SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119747&tt=gc_&babsrc=SP_ss&mntrId=F04FE89A8F44BF77 SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {1095B326-F630-4676-ADE9-B3F95690159A} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {68ECF76E-C86B-4661-9DFB-6CEF3AACA7A1} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M52DAC855-7460-40DD-9E27-E3F62DC50186&SearchSource=58&CUI=&UM=8&UP=SPC7E7CBE0-6D53-4D06-AD61-DD540E2F7F29&D=070515&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {8AD019FB-9BB1-45B8-91AC-D1C41CEED233} URL = hxxp://www.mysearchresults.com/search?&c=2630&t=03&q={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {8C32BE9E-6B2E-41AD-A2D1-425B8155276D} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120626,0,0,0,0 SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {91BE8E39-ACA0-4913-9414-8E8BED82F8A7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^YY^US&apn_uid=066ea872-7586-40c0-98f4-588b500604d4&apn_sauid=11F14A1A-82D6-4575-96E0-7238A15D5AE6 SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={459FE109-8C4E-44D0-B278-ECACC5A1D871}&mid=bf9d6c71a6e447d2bf6e39d3c9a05684-6f1c593974f63dda1a12a0b1327fc25d24e95e7a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-12-29 17:12:41&v=17.2.0.38&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {AD5895E5-DAC0-42CE-99A0-B3605E03946E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_ie_us_display?ie=UTF8&tagbase=bds-y46&tbrId=v1_bds-y46_2b9d9be0d598407f955b4944e2593db8_1012_1005_20130508_US_ie_ds_todownload&query={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80303&lng=en SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {E43B5CFF-5C28-46DD-A21A-ECD35933383D} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {f74a1771-905e-4046-a27c-62f72ece7452} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^B2N^xdm002^YYA^us&si=CKzcq5SUrsMCFQ6NaQodlYYA1A&ptb=8B009548-2CCB-4BBB-B2CC-B9C210CB6B5E&ind=2015012422&n=781aa646&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIPc7-luTLJrDFH_OAl5xepwp6FPqPUuo4tdFUJSSqrQ6fncTnwfA7w32X6eBMOU_IxyzZaQuX5QH3FL4DALGIz8gAQUNVeboKxkBMa8mf81QSAxu35Dk0r7cfEngvQPxM6_ymasYMRKPPUIrSUtLCx5qDv6O5azSdShP&q={searchTerms} BHO: UZSurveyTool -> {2259E2DF-6E0A-4614-B39D-744C22A3FCA9} -> C:\Program Files\UserZoom\UserZoom survey tool for IE\adxloader64.dll [2015-04-09] () BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) BHO-x32: UZSurveyTool -> {2259E2DF-6E0A-4614-B39D-744C22A3FCA9} -> C:\Program Files\UserZoom\UserZoom survey tool for IE\adxloader.dll [2015-04-09] () BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No File Toolbar: HKLM - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll [2013-12-11] () Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-06-08] (Yahoo! Inc.) Toolbar: HKLM-x32 - No Name - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File Toolbar: HKLM-x32 - No Name - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [2012-08-15] (Amazon.com) Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll [2013-12-11] () Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.8.0.179\AVG SafeGuard toolbar_toolbar.dll [2015-08-30] (AVG Secure Search) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) Toolbar: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File Toolbar: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File Toolbar: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File Toolbar: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> No Name - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - No File Toolbar: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> No Name - {F2C43291-151E-499C-98A7-923C120B88FA} - No File Toolbar: HKU\S-1-5-21-1343300749-3102139153-451857411-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: HKLM-x32 {A50FC70A-6301-4EC7-8ABC-4A657C495D54} hxxps://cdn5.userzoom.com/s/ie/f4/UserZoom.cab Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.8.0\ViProtocol.dll [2015-08-30] (AVG Secure Search) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-03] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-03] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [No File] FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-11-24] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media ) FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-01-03] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-01-03] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-01-03] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-01-03] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-01-03] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1343300749-3102139153-451857411-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\erica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1343300749-3102139153-451857411-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\erica\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-19] (Yahoo! Inc.) FF HKLM\...\Firefox\Extensions: [{cc89419d-fcd5-4a6b-aca2-09043448db22}] - C:\Program Files\shopperz\Firefox FF HKLM\...\Firefox\Extensions: [{0a0e29f6-0ab0-44e1-a98e-bd050ee692ec}] - C:\Program Files\shopperz04082015\Firefox FF Extension: shopperz04082015 - C:\Program Files\shopperz04082015\Firefox [2015-08-07] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-01-03] FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - FF HKLM-x32\...\Firefox\Extensions: [{cc89419d-fcd5-4a6b-aca2-09043448db22}] - C:\Program Files\shopperz\Firefox FF HKLM-x32\...\Firefox\Extensions: [{0a0e29f6-0ab0-44e1-a98e-bd050ee692ec}] - C:\Program Files\shopperz04082015\Firefox FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-09-11] FF HKU\S-1-5-21-1343300749-3102139153-451857411-1001\...\Firefox\Extensions: [info@friendschecker.com] - C:\Program Files (x86)\FriendsChecker\DynConFf FF HKU\S-1-5-21-1343300749-3102139153-451857411-1001\...\Firefox\Extensions: [autolyrics@man-soft.net] - C:\Program Files (x86)\AutoLyrics\FF Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_cr_us_display?ie=UTF8&tagbase=bds-y46&tbrId=v1_bds-y46_2b9d9be0d598407f955b4944e2593db8_1012_1005_20130508_US_cr_sp_todownload CHR StartupUrls: Default -> "hxxp://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_cr_us_display?ie=UTF8&tagbase=bds-y46&tbrId=v1_bds-y46_2b9d9be0d598407f955b4944e2593db8_1012_1005_20130508_US_cr_sp_todownload" CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&pid=s&shr=d&q={searchTerms}&s=F6BztutdksC0001,73707b3c-d147-4206-a0b0-97024b22434c CHR DefaultSearchKeyword: Default -> www-searching.com CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms} CHR Plugin: (Widevine Content Decryption Module) - C:\Users\erica\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Norton Security Toolbar) - C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-31] CHR Extension: (FrankerFaceZ) - C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2015-07-02] CHR Extension: (Norton Identity Safe) - C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-03] CHR Extension: (kgejglhpjiefppelpmljglcjbhoiplfn) - C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn [2015-08-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-30] CHR Extension: (Google Wallet) - C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13] CHR Extension: (ImTranslator Translate) - C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-07-04] CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-01-31] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-28] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1343300749-3102139153-451857411-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx [2012-12-11] CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-28] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-12-16] () [File not signed] S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries) S2 Hydrup; C:\Program Files (x86)\Common Files\Hydrup\hydrup.exe [266536 2015-03-27] (Software) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation) S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2014-08-31] (Symantec Corporation) S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation) S2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] () S2 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1861520 2015-08-30] (AVG Secure Search) S2 wbsvc; C:\Program Files\WebBar\wbsvc.exe [37144 2015-06-30] (Web Bar Media) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 spdfrmon; no ImagePath ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [20992 2014-05-27] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-07-07] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-07-07] (LG Electronics Inc.) S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation) R1 bsdriver; C:\windows\system32\drivers\bsdriver.sys [34712 2015-08-07] () S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation) R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-06-18] (Cherimoya Ltd) R3 droidpad; C:\Windows\System32\DRIVERS\droidpad.sys [21320 2013-04-18] (Windows (R) Win 7 DDK provider) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-20] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-20] (Symantec Corporation) S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20150911.003\IDSvia64.sys [767224 2015-08-31] (Symantec Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150911.017\ENG64.SYS [138488 2015-05-20] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150911.017\EX64.SYS [2146040 2015-05-20] (Symantec Corporation) S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-28] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation) S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X] S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X] S3 EraserUtilDrv11511; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [X] S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X] S1 nvfzxhyo; \??\C:\windows\system32\drivers\nvfzxhyo.sys [X] S3 usbbus; system32\DRIVERS\lgx64bus.sys [X] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; system32\DRIVERS\lgx64modem.sys [X] S1 y2jimzv2zhm5bdd; system32\drivers\y2jimzv2zhm5bdd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-12 13:26 - 2015-09-12 13:27 - 00035625 _____ C:\Users\erica\Desktop\FRST.txt 2015-09-12 13:23 - 2015-09-12 13:26 - 00000000 ____D C:\FRST 2015-09-12 13:22 - 2015-09-12 13:22 - 02190848 _____ (Farbar) C:\Users\erica\Desktop\FRST64.exe 2015-09-03 14:14 - 2015-09-06 23:08 - 00000142 _____ C:\Users\erica\hospital mrn.txt 2015-09-03 11:49 - 2015-09-03 11:49 - 00002279 _____ C:\Users\Public\Desktop\Uninstall UserZoom survey tool for IE.lnk 2015-09-03 11:49 - 2015-09-03 11:49 - 00002279 _____ C:\ProgramData\Desktop\Uninstall UserZoom survey tool for IE.lnk 2015-09-03 11:49 - 2015-09-03 11:49 - 00000000 ____D C:\Users\erica\Documents\Add-in Express 2015-09-03 11:49 - 2015-09-03 11:49 - 00000000 ____D C:\Program Files\UserZoom 2015-09-01 11:02 - 2015-09-01 11:02 - 00000310 _____ C:\Users\erica\Desktop\St. Marys.url 2015-09-01 10:34 - 2015-09-01 10:34 - 00000305 _____ C:\Users\erica\Desktop\Methodist.url 2015-08-31 13:44 - 2015-08-31 13:44 - 00000000 ____D C:\windows\System32\Tasks\Norton 360 2015-08-31 13:43 - 2015-08-31 13:45 - 00000000 ____D C:\Program Files (x86)\SectionEdit 2015-08-31 13:42 - 2015-08-31 13:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite 2015-08-21 23:43 - 2015-08-28 14:43 - 00000000 ____D C:\Users\erica\AppData\Roaming\ICAClient 2015-08-21 23:43 - 2015-08-21 23:43 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk 2015-08-21 23:43 - 2015-08-21 23:43 - 00000000 ____D C:\ProgramData\Citrix 2015-08-21 23:42 - 2015-08-21 23:43 - 00000000 ____D C:\Users\erica\AppData\Local\Citrix 2015-08-21 23:42 - 2015-08-21 23:43 - 00000000 ____D C:\Program Files (x86)\Citrix 2015-08-21 23:37 - 2015-08-21 23:38 - 53664128 _____ (Citrix Systems, Inc.) C:\Users\erica\Downloads\CitrixReceiver.exe 2015-08-21 23:37 - 2015-08-21 23:38 - 00000000 ____D C:\Program Files (x86)\SystemUphold 2015-08-13 10:08 - 2015-08-30 18:42 - 00000000 ____D C:\windows\System32\Tasks\Remediation 2015-08-13 10:08 - 2015-08-13 10:08 - 00000000 ____D C:\Program Files\Common Files\AV ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-12 13:06 - 2013-12-29 13:52 - 01575644 _____ C:\windows\PFRO.log 2015-09-12 13:02 - 2013-12-29 13:53 - 01471217 _____ C:\windows\WindowsUpdate.log 2015-09-12 12:39 - 2011-05-26 10:21 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-12 12:25 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-12 12:25 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-12 12:14 - 2013-12-29 13:53 - 00041785 _____ C:\windows\setupact.log 2015-09-12 12:14 - 2012-06-28 22:22 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2015-09-11 12:20 - 2011-05-26 10:21 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-11 12:18 - 2015-06-03 20:34 - 00000330 _____ C:\windows\Tasks\ANHIX1.job 2015-09-11 12:18 - 2015-06-03 20:10 - 00001056 _____ C:\windows\Tasks\Crossbrowse.job 2015-09-11 12:18 - 2011-09-02 20:08 - 00000410 _____ C:\windows\Tasks\PC Optimizer Pro64 startups.job 2015-09-11 12:18 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-09-11 12:08 - 2011-07-01 04:25 - 00000000 ____D C:\Users\erica\AppData\Local\CrashDumps 2015-09-10 23:41 - 2009-07-14 00:13 - 00006266 _____ C:\windows\system32\PerfStringBackup.INI 2015-09-03 14:14 - 2011-06-28 20:17 - 00000000 ____D C:\Users\erica 2015-09-03 07:40 - 2015-08-07 12:25 - 00000000 ____D C:\Program Files\shopperz04082015 2015-09-02 18:27 - 2014-06-25 19:14 - 00002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-09-02 18:27 - 2014-06-25 19:14 - 00002166 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2015-08-31 14:14 - 2015-06-25 09:51 - 00000000 ____D C:\ProgramData\{fc4d016b-2a93-f9fa-fc4d-d016b2a905ac} 2015-08-31 13:43 - 2015-08-07 12:43 - 00000000 ____D C:\ProgramData\37fb4dea00007fd5 2015-08-31 13:42 - 2015-08-07 14:36 - 00003228 _____ C:\windows\System32\Tasks\Norton WSC Integration 2015-08-31 13:42 - 2015-08-07 14:36 - 00002317 _____ C:\Users\Public\Desktop\Norton Security Suite.LNK 2015-08-31 13:42 - 2015-08-07 14:36 - 00002317 _____ C:\ProgramData\Desktop\Norton Security Suite.LNK 2015-08-31 13:42 - 2015-08-07 14:35 - 00000000 ____D C:\windows\system32\Drivers\N360x64 2015-08-30 18:22 - 2013-05-07 20:11 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar 2015-08-30 16:42 - 2011-05-26 10:14 - 00000000 ____D C:\ProgramData\Norton 2015-08-30 16:34 - 2011-05-26 10:21 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-30 16:34 - 2011-05-26 10:21 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-30 16:29 - 2013-12-29 18:12 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar 2015-08-28 14:35 - 2015-06-03 20:34 - 00000000 ____D C:\ProgramData\8d38ca20717a458aaa815e7a54207c0b 2015-08-28 13:45 - 2015-06-11 16:43 - 00000000 ____D C:\Users\erica\AppData\Roaming\C7406F00-1434058995-11E0-B043-E89A8F44BF77 2015-08-28 13:45 - 2015-06-03 20:36 - 00000000 ____D C:\Users\erica\AppData\Roaming\C7406F00-1433381770-11E0-B043-E89A8F44BF77 2015-08-28 13:44 - 2015-08-07 12:03 - 00000000 ____D C:\Users\erica\AppData\Local\y0ritzvtzei5ltd 2015-08-28 13:39 - 2015-08-07 14:36 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2015-08-28 13:39 - 2015-08-07 14:36 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2015-08-28 13:39 - 2015-08-07 14:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2015-08-28 13:36 - 2014-11-20 03:52 - 00000000 ____D C:\ProgramData\dtdata 2015-08-28 13:33 - 2014-06-26 00:19 - 00000000 ____D C:\Users\Public\Downloads\Norton 2015-08-28 13:28 - 2015-07-04 20:21 - 00000000 ____D C:\Program Files (x86)\SaveRPro 2015-08-28 13:27 - 2015-07-02 17:06 - 00000000 ____D C:\Program Files (x86)\browseandshoPP 2015-08-28 13:27 - 2015-07-02 17:06 - 00000000 ____D C:\Program Files (x86)\browseandshhopo 2015-08-28 13:27 - 2015-07-02 17:06 - 00000000 ____D C:\Program Files (x86)\browseaNddShoep 2015-08-28 13:27 - 2015-06-11 16:07 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010001 2015-08-21 23:37 - 2015-08-07 13:18 - 00000000 ____D C:\ProgramData\772b297800001f88 2015-08-21 23:37 - 2015-08-07 12:56 - 00000000 ____D C:\ProgramData\15721aa800005ce0 2015-08-21 23:36 - 2015-08-07 13:36 - 00000000 ____D C:\ProgramData\4b08948000003fda 2015-08-21 23:30 - 2015-08-07 11:20 - 00000000 ____D C:\Users\erica\AppData\Local\WebBar 2015-08-21 23:30 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF 2015-08-13 10:37 - 2015-06-03 20:35 - 00000000 ____D C:\Users\erica\AppData\Roaming\y2ziyzvxzgs5btd ==================== Files in the root of some directories ======= 2015-08-07 12:33 - 2015-08-07 12:33 - 6420480 _____ () C:\Program Files (x86)\GUTCAEE.tmp 2011-10-06 16:46 - 2011-10-06 16:58 - 0000546 _____ () C:\Users\erica\AppData\Roaming\com.w3i.FlipToast_state.xml 2012-01-16 15:06 - 2012-02-03 16:37 - 0007517 _____ () C:\Users\erica\AppData\Roaming\d133087b 2015-08-07 11:54 - 2015-08-07 11:54 - 0001247 _____ () C:\Users\erica\AppData\Local\Chrome .lnk 2012-07-23 21:00 - 2012-07-23 21:00 - 0003584 _____ () C:\Users\erica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-16 15:06 - 2012-02-03 16:37 - 0007457 _____ () C:\Users\erica\AppData\Local\e28c370f 2015-08-07 11:54 - 2015-08-07 11:54 - 0000226 _____ () C:\Users\erica\AppData\Local\Firefox .lnk 2015-08-07 11:54 - 2015-08-07 11:54 - 0000904 _____ () C:\Users\erica\AppData\Local\Iexplore .lnk 2015-06-11 15:20 - 2015-06-11 15:20 - 0613255 _____ (CMI Limited) C:\Users\erica\AppData\Local\nsg9B7A.tmp 2015-06-11 16:10 - 2015-06-11 16:10 - 0613255 _____ (CMI Limited) C:\Users\erica\AppData\Local\nsp8B52.tmp 2015-08-07 12:27 - 2015-08-07 12:27 - 0613255 _____ (CMI Limited) C:\Users\erica\AppData\Local\nstB47B.tmp 2015-08-07 12:27 - 2015-08-07 12:27 - 0613255 _____ (CMI Limited) C:\Users\erica\AppData\Local\nsy5F4A.tmp 2015-08-07 13:31 - 2015-08-07 13:31 - 0000000 _____ () C:\Users\erica\AppData\Local\Temp.dat 2012-01-16 15:06 - 2012-02-03 16:37 - 0007566 _____ () C:\ProgramData\d68fe46a 2013-12-29 17:09 - 2013-12-29 17:11 - 0000040 _____ () C:\ProgramData\spds90.txt Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.6132.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll [2011-06-29 05:20] - [2015-08-07 12:25] - 0357888 ____A (Microsoft Corporation) 71034930336813503EF6C04AB798A61E C:\windows\SysWOW64\dnsapi.dll [2011-06-29 05:20] - [2015-08-07 12:26] - 0270336 ____A (Microsoft Corporation) 4F22B9C13133F51A3C4A946010550687 C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-01 10:27 ==================== End of FRST.txt ============================