Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Home Page Redirects - all web browsers [Solved]

Started by spappala , Apr 07 2015 01:47 PM

  • This topic is locked This topic is locked

#1
spappala
Posted 07 April 2015 - 01:47 PM

spappala

    Member

  • Member
  • PipPip
  • 34 posts

Hello all! I've come on here in the past and received some incredibly helpful assistance from the community to clean my own PC. Now I am requesting assistance with my close friend's laptop. She is running a Toshiba with Windows 8.1 and has been experiencing a series of pop-ups asking her to call a phone number for support assistance. In addition, she said the laptop has been running very slow Thankfully, she contacted me right away and did not call the number.

 

 

So far I have run Malwarebytes and ADWcleaner. She said the machine is running much better now, but there is still an issue with all web browsers. When Firefox or Chrome is opened, both redirect to some other strange website despite her homepage being set to Google.com. Any help would be greatly appreciated. Thanks!

 

I keep getting this error when trying to post my logs "Fatal error: Maximum execution time of 30 seconds exceeded in /home/geeks/public_html/forum/ips_kernel/HTMLPurifier/HTMLPurifier/Strategy/MakeWellFormed.php on line 493. "

Should I attach the log files as individual files?


Edited by spappala, 07 April 2015 - 01:53 PM.

  • 0

Advertisements

#2
spappala
Posted 07 April 2015 - 02:13 PM

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

please ignore this message - unsure how to delete it


Edited by spappala, 07 April 2015 - 02:18 PM.

  • 0

#3
spappala
Posted 07 April 2015 - 02:17 PM

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Sorry about my multiple posts, could not figure out how to go into my original response and add an attachement. My apologies!

Attached Files


  • 0

#4
Essexboy
Posted 12 April 2015 - 01:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay. On completion of this fix could you run a fresh FRST scan for me please and let me know what the current problems are

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 3a37b93a; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.64\OptProMon.dll",ENT
2015-03-23 17:06 - 2015-03-25 08:54 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-23 16:48 - 2015-03-23 16:48 - 00628688 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsq60BB.tmp
2015-03-23 16:10 - 2015-03-23 16:09 - 00613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsi4A0E.tmp
2015-03-23 15:59 - 2015-03-23 15:58 - 00613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nscB84E.tmp
2015-03-23 15:57 - 2015-03-23 15:57 - 00000000 __SHD () C:\Users\Cassandra\AppData\Local\EmieBrowserModeList
2015-03-23 15:55 - 2015-03-23 15:55 - 01381888 _____ () C:\Users\Cassandra\AppData\Roaming\SS.exe
2015-03-23 15:54 - 2015-03-23 15:54 - 02042880 _____ () C:\Users\Cassandra\AppData\Roaming\NNHSJDV.exe
2015-03-23 15:50 - 2015-03-23 15:50 - 00000000 ____D () C:\ProgramData\71f317e6c3b343b79150136e0322a4b3
2015-03-23 15:49 - 2015-03-23 15:49 - 00000000 ____D () C:\ProgramData\bfed96e8f5b04b5f97faefe45e06f60c
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Cassandra\AppData\Roaming\NNHSJDV
2015-03-23 15:54 - 2015-03-23 15:54 - 2042880 _____ () C:\Users\Cassandra\AppData\Roaming\NNHSJDV.exe
2015-01-25 12:12 - 2015-01-25 12:12 - 0002086 _____ () C:\Users\Cassandra\AppData\Roaming\SS
2015-03-23 15:55 - 2015-03-23 15:55 - 1381888 _____ () C:\Users\Cassandra\AppData\Roaming\SS.exe
2015-03-23 15:59 - 2015-03-23 15:58 - 0613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nscB84E.tmp
2015-03-23 16:10 - 2015-03-23 16:09 - 0613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsi4A0E.tmp
2015-03-23 17:46 - 2015-03-23 17:45 - 0613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsnAB25.tmp
2015-03-23 16:48 - 2015-03-23 16:48 - 0628688 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsq60BB.tmp
2015-03-23 15:35 - 2015-03-23 17:10 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\9098CE67-1427124925-E211-BF1B-008CFA656578
2015-03-23 15:28 - 2015-03-23 19:06 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\9098CE67-1427138936-E211-BF1B-008CFA656578
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\Cassandra\AppData\Roaming\NNHSJDV
Task: {532D34BA-12EB-44EA-A767-44791FA9DB1C} - \CIMT_S-1-5-21-3221937665-1828410790-1616708693-1001 No Task File <==== ATTENTION
Task: {B1DA1F21-0324-44E8-8BB4-3E4A60F6507F} - \CIMT_daily_S-1-5-21-3221937665-1828410790-1616708693-1001 No Task File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!
c:\Program Files (x86)\Optimizer Pro 3.64
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#5
spappala
Posted 14 April 2015 - 10:21 AM

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Thanks for replying. I ran the fix. I've noticed some improvements in speed on the laptop. Also, the browser redirects are still visible; however, previously it was redirecting to some site like "amazonaws.com" whereas now it is redirecting to "http://www-search.info/?src=us."Below is my fix log file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by Cassandra at 2015-04-14 09:06:29 Run:1
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 3a37b93a; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.64\OptProMon.dll",ENT
2015-03-23 17:06 - 2015-03-25 08:54 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-23 16:48 - 2015-03-23 16:48 - 00628688 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsq60BB.tmp
2015-03-23 16:10 - 2015-03-23 16:09 - 00613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsi4A0E.tmp
2015-03-23 15:59 - 2015-03-23 15:58 - 00613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nscB84E.tmp
2015-03-23 15:57 - 2015-03-23 15:57 - 00000000 __SHD () C:\Users\Cassandra\AppData\Local\EmieBrowserModeList
2015-03-23 15:55 - 2015-03-23 15:55 - 01381888 _____ () C:\Users\Cassandra\AppData\Roaming\SS.exe
2015-03-23 15:54 - 2015-03-23 15:54 - 02042880 _____ () C:\Users\Cassandra\AppData\Roaming\NNHSJDV.exe
2015-03-23 15:50 - 2015-03-23 15:50 - 00000000 ____D () C:\ProgramData\71f317e6c3b343b79150136e0322a4b3
2015-03-23 15:49 - 2015-03-23 15:49 - 00000000 ____D () C:\ProgramData\bfed96e8f5b04b5f97faefe45e06f60c
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Cassandra\AppData\Roaming\NNHSJDV
2015-03-23 15:54 - 2015-03-23 15:54 - 2042880 _____ () C:\Users\Cassandra\AppData\Roaming\NNHSJDV.exe
2015-01-25 12:12 - 2015-01-25 12:12 - 0002086 _____ () C:\Users\Cassandra\AppData\Roaming\SS
2015-03-23 15:55 - 2015-03-23 15:55 - 1381888 _____ () C:\Users\Cassandra\AppData\Roaming\SS.exe
2015-03-23 15:59 - 2015-03-23 15:58 - 0613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nscB84E.tmp
2015-03-23 16:10 - 2015-03-23 16:09 - 0613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsi4A0E.tmp
2015-03-23 17:46 - 2015-03-23 17:45 - 0613255 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsnAB25.tmp
2015-03-23 16:48 - 2015-03-23 16:48 - 0628688 _____ (CMI Limited) C:\Users\Cassandra\AppData\Local\nsq60BB.tmp
2015-03-23 15:35 - 2015-03-23 17:10 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\9098CE67-1427124925-E211-BF1B-008CFA656578
2015-03-23 15:28 - 2015-03-23 19:06 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\9098CE67-1427138936-E211-BF1B-008CFA656578
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\Cassandra\AppData\Roaming\NNHSJDV
Task: {532D34BA-12EB-44EA-A767-44791FA9DB1C} - \CIMT_S-1-5-21-3221937665-1828410790-1616708693-1001 No Task File <==== ATTENTION
Task: {B1DA1F21-0324-44E8-8BB4-3E4A60F6507F} - \CIMT_daily_S-1-5-21-3221937665-1828410790-1616708693-1001 No Task File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!
c:\Program Files (x86)\Optimizer Pro 3.64
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
3a37b93a => Service deleted successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Users\Cassandra\AppData\Local\nsq60BB.tmp => Moved successfully.
C:\Users\Cassandra\AppData\Local\nsi4A0E.tmp => Moved successfully.
C:\Users\Cassandra\AppData\Local\nscB84E.tmp => Moved successfully.
C:\Users\Cassandra\AppData\Local\EmieBrowserModeList => Moved successfully.
C:\Users\Cassandra\AppData\Roaming\SS.exe => Moved successfully.
C:\Users\Cassandra\AppData\Roaming\NNHSJDV.exe => Moved successfully.
C:\ProgramData\71f317e6c3b343b79150136e0322a4b3 => Moved successfully.
C:\ProgramData\bfed96e8f5b04b5f97faefe45e06f60c => Moved successfully.
C:\Users\Cassandra\AppData\Roaming\NNHSJDV => Moved successfully.
"C:\Users\Cassandra\AppData\Roaming\NNHSJDV.exe" => File/Directory not found.
C:\Users\Cassandra\AppData\Roaming\SS => Moved successfully.
"C:\Users\Cassandra\AppData\Roaming\SS.exe" => File/Directory not found.
"C:\Users\Cassandra\AppData\Local\nscB84E.tmp" => File/Directory not found.
"C:\Users\Cassandra\AppData\Local\nsi4A0E.tmp" => File/Directory not found.
C:\Users\Cassandra\AppData\Local\nsnAB25.tmp => Moved successfully.
"C:\Users\Cassandra\AppData\Local\nsq60BB.tmp" => File/Directory not found.
C:\Users\Cassandra\AppData\Local\9098CE67-1427124925-E211-BF1B-008CFA656578 => Moved successfully.
C:\Users\Cassandra\AppData\Roaming\9098CE67-1427138936-E211-BF1B-008CFA656578 => Moved successfully.
"C:\Users\Cassandra\AppData\Roaming\NNHSJDV" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{532D34BA-12EB-44EA-A767-44791FA9DB1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{532D34BA-12EB-44EA-A767-44791FA9DB1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-3221937665-1828410790-1616708693-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1DA1F21-0324-44E8-8BB4-3E4A60F6507F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1DA1F21-0324-44E8-8BB4-3E4A60F6507F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-3221937665-1828410790-1616708693-1001" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
HKU\.DEFAULT\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Software\Classes\exefile => Key not found. 
"c:\Program Files (x86)\Optimizer Pro 3.64" => File/Directory not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {A47C5EC8-0CD5-4842-B673-531039E4CF99}.
Unable to cancel {B790EFDA-5890-45D9-85C3-D74AE7904EA2}.
{B2857A2A-1F44-4577-9A36-0DF79BC3A3B2} canceled.
{3A5EE59E-0E07-42EE-936E-29B1363A08D4} canceled.
2 out of 4 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 8.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 09:17:48 ====

  • 0

#6
Essexboy
Posted 14 April 2015 - 10:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post a fresh FRST log now please
  • 0

#7
spappala
Posted 14 April 2015 - 11:58 AM

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Here you go, updated log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Cassandra (administrator) on CASS on 14-04-2015 13:52:56
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [WRSVC] => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [Reader Library Launcher] => C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Run: [GoogleChromeAutoLaunch_63990A7A6D14639F8C595D19122B51CA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Run: [Google Update] => C:\Users\Cassandra\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-13] (Google Inc.)
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Run: [MusicManager] => C:\Users\Cassandra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\RunOnce: [Uninstall C:\Users\Cassandra\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cassandra\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\MountPoints2: {07d87e39-d45c-11e3-826e-008cfa761fe3} - "E:\VerizonSWUpgradeAssistantLauncher.exe" 
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\MountPoints2: {2f1a3d65-b359-11e3-8264-008cfa761fe3} - "E:\VerizonSWUpgradeAssistantLauncher.exe" 
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\MountPoints2: {6022d152-6dca-11e3-825b-008cfa761fe3} - "E:\TL-Bootstrap.exe" 
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\MountPoints2: {e64b0112-a76b-11e4-828f-008cfa656578} - "E:\VerizonSWUpgradeAssistantLauncher.exe" 
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cassandra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3221937665-1828410790-1616708693-1001 -> {991C6E33-7C35-4F2A-8089-BF1218486E0A} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 132.238.2.17 132.238.130.12
 
FireFox:
========
FF ProfilePath: C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\xhqxte69.default-1427308584809
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3221937665-1828410790-1616708693-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cassandra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3221937665-1828410790-1616708693-1001: @talk.google.com/O1DPlugin -> C:\Users\Cassandra\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3221937665-1828410790-1616708693-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3221937665-1828410790-1616708693-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cassandra\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cassandra\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Cassandra\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-25]
CHR Extension: (Google Drive) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]
CHR Extension: (YouTube) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]
CHR Extension: (Google Search) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-17]
CHR Extension: (Google Wallet) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]
CHR Extension: (Gmail) - C:\Users\Cassandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]
CHR HKU\S-1-5-21-3221937665-1828410790-1616708693-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S4 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-25] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U0 SR; No ImagePath
U2 srservice; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-14 10:43 - 2015-04-14 10:43 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2015-04-14 09:28 - 2015-04-14 12:18 - 00000000 __SHD () C:\Users\Cassandra\AppData\Local\EmieBrowserModeList
2015-04-14 09:05 - 2015-04-14 09:05 - 00000000 ____D () C:\Users\Cassandra\Desktop\FRST-OlderVersion
2015-04-01 14:14 - 2015-04-01 14:15 - 00047706 _____ () C:\Users\Cassandra\Desktop\Addition.txt
2015-04-01 14:11 - 2015-04-14 13:52 - 00032242 _____ () C:\Users\Cassandra\Desktop\FRST.txt
2015-04-01 14:05 - 2015-04-14 13:52 - 00000000 ____D () C:\FRST
2015-04-01 14:05 - 2015-04-14 09:05 - 02096640 _____ (Farbar) C:\Users\Cassandra\Desktop\FRST64.exe
2015-03-25 14:36 - 2015-03-25 14:36 - 00000000 ____D () C:\Users\Cassandra\Desktop\Old Firefox Data
2015-03-25 14:16 - 2015-03-25 14:16 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\qodtydm.sys
2015-03-25 12:42 - 2015-03-25 13:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 12:41 - 2015-03-25 12:41 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 12:41 - 2015-03-25 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 12:41 - 2015-03-25 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-25 12:41 - 2015-03-25 12:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-25 12:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-25 12:41 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 12:41 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-25 12:15 - 2015-03-25 14:17 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-25 12:14 - 2015-03-25 12:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-25 12:12 - 2015-03-25 12:12 - 16727128 _____ () C:\Users\Cassandra\Downloads\RogueKiller.exe
2015-03-25 12:07 - 2015-03-25 14:16 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\Compete
2015-03-25 10:36 - 2015-03-10 18:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-25 10:36 - 2015-03-10 18:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 10:36 - 2015-03-10 18:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 10:36 - 2015-03-10 18:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 10:36 - 2015-03-10 18:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 10:35 - 2015-03-10 22:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 10:35 - 2015-03-10 18:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 09:47 - 2015-03-25 14:17 - 00000000 ____D () C:\AdwCleaner
2015-03-25 09:41 - 2015-03-25 09:41 - 02168320 _____ () C:\Users\Cassandra\Downloads\AdwCleaner (1).exe
2015-03-25 09:16 - 2015-03-25 09:16 - 588193412 _____ () C:\Windows\MEMORY.DMP
2015-03-25 09:16 - 2015-03-25 09:16 - 00285040 _____ () C:\Windows\Minidump\032515-43015-01.dmp
2015-03-25 09:16 - 2015-03-25 09:16 - 00000000 ____D () C:\Windows\Minidump
2015-03-23 19:18 - 2015-03-23 19:18 - 00000000 ____D () C:\Windows\pss
2015-03-23 18:39 - 2015-03-24 13:31 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\LogMeIn Rescue Applet
2015-03-23 17:05 - 2015-04-14 10:43 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-23 15:19 - 2015-03-25 09:27 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Deployment
2015-03-23 15:19 - 2015-03-23 15:19 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Apps\2.0
2015-03-22 10:56 - 2015-03-22 10:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-15 10:16 - 2015-03-15 10:16 - 02212270 _____ () C:\Users\Cassandra\Desktop\Following a vegan diet is associated with less.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-14 13:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-14 12:13 - 2013-12-25 16:00 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3221937665-1828410790-1616708693-1001
2015-04-14 12:01 - 2013-09-30 07:35 - 02027798 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 11:49 - 2014-12-31 19:37 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221937665-1828410790-1616708693-1001UA.job
2015-04-14 11:45 - 2014-03-24 09:45 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-04-14 11:44 - 2013-12-29 16:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 11:31 - 2013-09-30 07:49 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 10:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-14 10:46 - 2014-01-16 15:18 - 00000000 ___RD () C:\Users\Cassandra\Dropbox
2015-04-14 10:45 - 2014-05-04 10:32 - 00000000 ____D () C:\Users\Cassandra\Tracing
2015-04-14 10:45 - 2014-01-29 15:24 - 00000000 ___RD () C:\Users\Cassandra\Google Drive
2015-04-14 10:45 - 2014-01-16 15:15 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\Dropbox
2015-04-14 10:45 - 2013-09-30 07:49 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 10:44 - 2014-02-19 14:33 - 00339456 ___SH () C:\Users\Cassandra\Desktop\Thumbs.db
2015-04-14 10:44 - 2013-12-25 15:58 - 00000000 __RDO () C:\Users\Cassandra\SkyDrive
2015-04-14 10:42 - 2014-07-15 08:45 - 00029976 _____ () C:\Windows\system32\wpbbin.exe
2015-04-14 10:42 - 2014-07-15 08:45 - 00017408 ____N () C:\Windows\SysWOW64\rpcnetp.exe
2015-04-14 10:42 - 2014-07-15 08:45 - 00017408 ____N () C:\Windows\system32\rpcnetp.exe
2015-04-14 10:42 - 2013-09-13 00:09 - 01132368 _____ () C:\Windows\PFRO.log
2015-04-14 10:42 - 2013-08-22 10:46 - 00050497 _____ () C:\Windows\setupact.log
2015-04-14 10:42 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 10:41 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-04-14 10:40 - 2014-12-31 19:26 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 10:40 - 2014-07-15 08:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 09:09 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-14 09:06 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-14 09:03 - 2013-12-25 21:25 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1CDF9DAB-02D4-4519-AA51-D9C15CB58813}
2015-04-14 09:03 - 2013-09-13 00:20 - 00885636 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 09:01 - 2014-01-16 15:18 - 00001087 _____ () C:\Users\Cassandra\Desktop\Dropbox.lnk
2015-04-14 09:01 - 2014-01-16 15:17 - 00000000 ____D () C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-31 08:26 - 2013-12-31 12:02 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CASS-Cassandra Cass
2015-03-25 11:58 - 2013-12-25 15:51 - 00000000 ____D () C:\Users\Cassandra
2015-03-25 09:21 - 2013-12-27 12:52 - 00000000 ____D () C:\ProgramData\WRData
2015-03-25 09:06 - 2014-04-03 09:07 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-25 08:53 - 2013-08-22 09:25 - 00000304 _____ () C:\Windows\win.ini
2015-03-25 08:51 - 2013-12-25 15:54 - 00001629 _____ () C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 08:50 - 2013-12-27 13:30 - 00001302 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-25 08:50 - 2013-12-27 13:30 - 00001290 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-25 08:50 - 2013-12-25 21:28 - 00002328 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-25 08:45 - 2014-01-15 16:23 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\CrashDumps
2015-03-24 18:27 - 2014-12-31 19:37 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221937665-1828410790-1616708693-1001Core.job
2015-03-23 17:05 - 2014-07-28 10:28 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2015-03-23 17:04 - 2013-12-27 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-23 09:28 - 2013-12-25 15:54 - 00000000 ____D () C:\Users\Cassandra\AppData\Local\Packages
2015-03-19 17:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2013-12-27 12:59 - 2013-12-27 12:59 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-09-30 07:25 - 2013-09-30 07:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-10 23:19 - 2014-10-19 15:12 - 0002790 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Cassandra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptbkr4e.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 09:29
 
==================== End Of Log ============================

Edited by spappala, 14 April 2015 - 11:59 AM.

  • 0

#8
Essexboy
Posted 14 April 2015 - 12:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

You appear to have three antivirus programmes running Norton, Webroot and McAfee you need to uninstall two of them. Which do you wish to keep ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2015-04-14 09:28 - 2015-04-14 12:18 - 00000000 __SHD () C:\Users\Cassandra\AppData\Local\EmieBrowserModeList
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Shortcut cleaner to your desktop and then run

When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.

 

Please post that log


  • 0

#9
spappala
Posted 14 April 2015 - 02:01 PM

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

OK so oddly enough, I only saw McAfee on myinstalled programs list. The Norton software is called "Norton Anti-theft" I'm pretty sure this machine had norton virus scanner in the past, but it was uninstalled. Webroot does not seem to be installed, perhaps some files are lingering behind from an old install?

 

The home page redirects are still occuring when I launch web browsers. Other than that, the browsers appear to be functional.

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015

Ran by Cassandra at 2015-04-14 15:41:18 Run:2
Running from C:\Users\Cassandra\Desktop
Loaded Profiles: Cassandra (Available profiles: Cassandra & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
2015-04-14 09:28 - 2015-04-14 12:18 - 00000000 __SHD () C:\Users\Cassandra\AppData\Local\EmieBrowserModeList
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Users\Cassandra\AppData\Local\EmieBrowserModeList => Moved successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::f0fa:6d7d:c45c:b7%4
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : fdu.edu
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : fdu.edu
   Link-local IPv6 Address . . . . . : fe80::f0fa:6d7d:c45c:b7%4
   IPv4 Address. . . . . . . . . . . : 132.238.104.62
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Default Gateway . . . . . . . . . : 132.238.111.254
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : fdu.edu
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 77.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:42:08 ====
 
Here is the shortcut cleaner one:
 
Shortcut Cleaner 1.3.7 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 
Windows Version: Windows 8.1 
Program started at: 04/14/2015 03:51:00 PM.
 
Scanning for registry hijacks:
 
 * No issues found in the Registry.
 
Searching for Hijacked Shortcuts:
 
Searching C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\
 
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
 
Searching C:\Users\Cassandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
 
Searching C:\Users\Public\Desktop\
 
Searching C:\Users\Cassandra\Desktop\
 
Searching C:\Users\Public\Desktop\
 
 
0 bad shortcuts found.
 
Program finished at: 04/14/2015 03:51:04 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)
 

  • 0

#10
Essexboy
Posted 14 April 2015 - 03:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next question do any other computers use your router ? If so do they get redirects as well
  • 0

Advertisements

#11
spappala
Posted 14 April 2015 - 03:33 PM

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I've been working on this laptop from my university office so all traffic has been going through the school's network. I do have an additional computer connected to the same network and have never had any issues, nor have I noticed classmates experiencing the problem.

 

If you think it's a good idea I will be sure to bring the laptop home with me and test it out from my wireless router. One thing I observed was that even after disconnecting the laptop from all available networks and then opening Chrome it is still attempting to access this "search.info" site. 


Edited by spappala, 14 April 2015 - 11:21 PM.

  • 0

#12
Essexboy
Posted 15 April 2015 - 07:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that suggest to me that your copy of chrome has been subverted, unfortunately this is becoming very common now

Re-install Chrome

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
  • 0

#13
spappala
Posted 15 April 2015 - 07:44 AM

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

OK, before I do that though wanted to let you know that I am having the same problem in IE and Firefox. Should I also reinstall these programs as well?


  • 0

#14
Essexboy
Posted 15 April 2015 - 08:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not at the moment as they both share elements of Chrome
  • 0

#15
spappala
Posted 15 April 2015 - 05:11 PM

spappala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

OK, I've uninstalled Chrome following the procedure that you listed. My friend said she prefers to use Firefox so I am not going to bother with reinstalling Chrome. Unfortunately, IE and Firefox are still opening to (www-search.info/?src=us). What shall I do next?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP