PDA

View Full Version : CheapProductsCoupons



tampacate
2015-03-09, 23:44
Don't know where my last post went.

Edit:
Original topic: http://forums.spybot.info/showthread.php?72150-CheapProductsCoupons


But now I believe I have the attachments.

I found a CheapProductsCoupons folder on my C drive along with others that also seemed to be pop-up ad related. I was able to delete the others, but this one will not delete, saying it is open in TrustMix,which I can't find.
Lately, no matter how often I run SpyBots it finds problem. I can run it three times in a row and each time it finds something -- this without my doing anything on line between the scans!

Any help will be GREATLY appreciated.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2015 01
Ran by Catherine (administrator) on CATHERINE-PC on 09-03-2015 17:07:14
Running from C:\Users\Catherine\Desktop
Loaded Profiles: Catherine (Available profiles: Catherine)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Sonic Solutions) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [240112 2007-08-24] (Sonic Solutions)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [DXDllRegExe] => dxdllreg.exe
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [OneDrive] => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281256 2015-03-06] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\RunOnce: [Adobe Speed Launcher] => 1425913134
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
IFEO: [Debugger] svchost.exe
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3958275423-1937913606-3708625069-1000] => http=127.0.0.1:25424
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?fr=yfp-t-403
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://my.yahoo.com/
URLSearchHook: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-19 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {471C2803-C5DB-4AED-AB61-06BFC9FACC85} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_49_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtC0FtDtAtByE0D0ByBtAyCtN0D0Tzu0SzyyEyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyDyEtB0DyB0CtDtGtAyBtAtAtGtB0DtAtCtGyEtD0E0AtGyByEtB0D0AtA0ByCyE0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0Ezz0BtA0DtBtGtC0B0A0FtG0Fzy0CyDtG0AtCtAyDtGyDyC0F0A0BzytAyBtCtDyDyD2Q&cr=676245291&ir=
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {5320134B-25BC-C2D4-1AF8-8C5F8CAA52F3} URL = http://www.bing.com/search?q={searchTerms}&pc=Z020&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {54C851C9-DB04-4DBF-AF30-9677CF5C390C} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {59D81261-FBA5-4DBB-85BF-3014E49D605F} URL = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {617D4867-3277-41B4-A578-6614A00C16EA} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {93E195B9-9CD4-4BAA-88CD-079A1F82ED12} URL = http://isearch.shopathome.com?user_id={47bc1061-77db-41f8-9305-7c47a4e4e0b3}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=10003&iwk=296&lng=en
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {C09145E9-A2BA-49E1-A4D3-560A676F105F} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: QueenCCoupon -> {ce9d8595-6f6a-4e73-afeb-671e00779aed} -> C:\Program Files\QueenCCoupon\KeeLcK5NdIQchl.dll No File
Toolbar: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-12] (AVG Secure Search)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-09-23] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Catherine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Catherine\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Awesome Dictionary Widget ANTP) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdigjjbkpjljoknifbgaijaemafihhga [2015-02-26]
CHR Extension: (Skype Click to Call) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-04]
CHR Extension: (Second Home) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmemlnpjmfkcddknibchodllhnnidlp [2015-02-25]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CATHER~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
R2 d696664e; c:\Program Files\CheapProductsCoupons\Shopalooza.dll [4044288 2014-11-21] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [344056 2013-04-01] (Verizon) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
R2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 SessionLauncher; C:\Users\CATHER~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2010-10-18] (Oak Technology Inc.) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-07-16] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-07-16] (HP)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsle4e93467; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{942D42FE-E209-4992-9B1F-44776DDF9CA7}\MpKsle4e93467.sys [39464 2015-03-08] (Microsoft Corporation)
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 scsiscan; C:\Windows\system32\drivers\scsiscan.sys [14848 2009-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 17:07 - 2015-03-09 17:07 - 00027639 _____ () C:\Users\Catherine\Desktop\FRST.txt
2015-03-09 17:07 - 2015-03-09 17:07 - 00000000 ____D () C:\FRST
2015-03-09 17:03 - 2015-03-09 17:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CATHERINE-PC-Windows-7-Enterprise-(32-bit).dat
2015-03-09 17:02 - 2015-03-09 17:02 - 00000000 ____D () C:\RegBackup
2015-03-09 16:59 - 2015-03-09 16:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-09 16:58 - 2015-03-09 16:58 - 05198336 _____ (AVAST Software) C:\Users\Catherine\Desktop\aswMBR.exe
2015-03-09 16:54 - 2015-03-09 16:54 - 01134592 _____ (Farbar) C:\Users\Catherine\Desktop\FRST.exe
2015-03-09 16:40 - 2015-03-09 16:40 - 04804736 _____ () C:\Users\Catherine\Desktop\tweaking.com_registry_backup_setup.exe
2015-03-09 14:01 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150309-140157.backup
2015-03-09 10:58 - 2015-03-09 10:58 - 00000000 ___HD () C:\OneDriveTemp
2015-03-09 10:56 - 2015-03-09 10:56 - 00000394 _____ () C:\Windows\PFRO.log
2015-03-07 10:07 - 2015-03-09 10:56 - 00000168 _____ () C:\Windows\setupact.log
2015-03-07 10:07 - 2015-03-07 10:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 19:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150306-181238.backup
2015-03-06 19:09 - 2015-03-06 19:10 - 00000560 _____ () C:\Users\Catherine\Documents\cc_20150306_180948.reg
2015-03-06 16:24 - 2015-03-06 16:24 - 00025906 _____ () C:\Users\Catherine\Documents\cc_20150306_152401.reg
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{52BCCC98-434A-4857-B895-68ED3442C0A4}
2015-03-01 17:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150301-160510.backup
2015-02-28 18:17 - 2015-02-28 18:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-28 18:17 - 2015-02-28 18:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-28 18:16 - 2015-02-28 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-27 16:54 - 2015-02-27 18:42 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\HP Photo Creations
2015-02-27 16:54 - 2015-02-27 16:54 - 00002120 _____ () C:\Users\Catherine\Desktop\HP Photo Creations.lnk
2015-02-27 16:10 - 2015-02-27 16:10 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{3BCC05A3-14C1-4E95-BD55-A773CD55C6E9}
2015-02-27 12:47 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150227-114702.backup
2015-02-26 19:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-180511.backup
2015-02-26 00:48 - 2015-02-26 00:49 - 00000000 ____D () C:\Program Files\Awesome Dictionary Widget ANTP
2015-02-25 22:00 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-210027.backup
2015-02-25 21:59 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-205948.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201343.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201310.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201236.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201211.backup
2015-02-19 10:18 - 2015-02-19 10:18 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{C0B36FD4-E9B7-4666-BD67-F535C2DAE402}
2015-02-14 08:19 - 2015-02-14 08:19 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 08:19 - 2015-02-14 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-12 19:57 - 2015-01-22 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 19:57 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 09:19 - 2015-01-15 03:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:19 - 2015-01-15 03:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:19 - 2015-01-15 03:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:19 - 2015-01-15 03:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:19 - 2015-01-15 03:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:19 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:19 - 2015-01-15 03:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:19 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:19 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:19 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:19 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:19 - 2015-01-15 00:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:19 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 09:19 - 2015-01-08 21:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:18 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:18 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:18 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:18 - 2015-01-11 22:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:18 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:18 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:18 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:18 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:18 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:18 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:18 - 2015-01-11 21:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:18 - 2015-01-11 21:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:18 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:18 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:18 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:18 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:18 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:18 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:18 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:18 - 2015-01-11 21:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:18 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:18 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:18 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:18 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:17 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:17 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:17 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:17 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:17 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:17 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:17 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 06:38 - 2015-02-10 15:19 - 00000000 ____D () C:\Users\Catherine\Documents\Italian Class
2015-02-07 11:10 - 2015-02-13 16:58 - 00000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2015-02-07 06:38 - 2015-02-07 06:38 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{D1A3F280-6812-4998-B7D9-045703249E6F}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 17:05 - 2013-12-12 10:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 16:48 - 2012-06-26 16:38 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000UA.job
2015-03-09 16:48 - 2012-06-26 16:38 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000Core.job
2015-03-09 16:46 - 2013-12-02 11:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 16:23 - 2010-10-02 18:01 - 01309043 _____ () C:\Windows\WindowsUpdate.log
2015-03-09 11:04 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 11:04 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 11:03 - 2010-10-02 18:04 - 00739918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-09 10:58 - 2014-10-09 18:03 - 00000000 ___RD () C:\Users\Catherine\Google Drive
2015-03-09 10:58 - 2013-12-03 13:53 - 00000000 ___RD () C:\Users\Catherine\Dropbox
2015-03-09 10:58 - 2013-12-03 13:49 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Dropbox
2015-03-09 10:58 - 2013-08-10 19:00 - 00000000 ___RD () C:\Users\Catherine\SkyDrive
2015-03-09 10:56 - 2013-12-12 10:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-09 10:56 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 17:36 - 2014-08-03 20:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 16:29 - 2010-10-06 04:26 - 02514944 ___SH () C:\Users\Catherine\Documents\Thumbs.db
2015-03-08 11:24 - 2010-10-06 11:08 - 00000000 ___RD () C:\Program Files\Skype
2015-03-07 20:57 - 2010-10-06 17:42 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Microsoft Games
2015-03-07 11:07 - 2014-06-26 10:25 - 00000000 ____D () C:\Users\Catherine\Documents\SHINE
2015-03-06 18:54 - 2010-10-06 11:58 - 00000000 ____D () C:\Users\Public\Documents\Trade King
2015-03-06 16:46 - 2015-01-01 12:37 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-06 16:46 - 2015-01-01 12:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-06 16:21 - 2014-02-24 11:18 - 00002176 _____ () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-06 10:59 - 2014-12-10 18:17 - 00000000 ____D () C:\ProgramData\9171614046202116540
2015-03-04 15:29 - 2015-01-05 09:03 - 00000000 ____D () C:\ProgramData\SMartCompaereo
2015-03-04 15:29 - 2015-01-05 09:03 - 00000000 ____D () C:\ProgramData\easytoshooP
2015-03-04 15:29 - 2014-12-30 20:18 - 00000000 ____D () C:\ProgramData\Realidaeal
2015-03-04 15:29 - 2014-12-30 20:17 - 00000000 ____D () C:\ProgramData\CoUpScaanNer
2015-03-03 15:24 - 2010-10-03 02:32 - 00007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2015-03-03 09:16 - 2010-11-07 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:25 - 2010-10-06 04:26 - 00000000 ____D () C:\Users\Catherine\Documents\Idlewild
2015-03-01 23:59 - 2010-10-06 11:11 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Skype
2015-02-28 21:54 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-28 18:16 - 2013-12-03 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 18:16 - 2010-10-02 21:09 - 00000000 ____D () C:\Program Files\Java
2015-02-28 10:54 - 2013-07-14 19:03 - 00001044 _____ () C:\Windows\Output.txt
2015-02-27 18:43 - 2012-07-21 17:03 - 00000000 ___RD () C:\Users\Catherine\Documents\HP Photo Creations
2015-02-27 18:17 - 2015-01-01 22:52 - 00000000 ____D () C:\Users\Catherine\Documents\My Albums
2015-02-27 16:58 - 2011-02-04 21:46 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Visan
2015-02-27 16:55 - 2010-10-04 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 16:54 - 2010-10-19 13:27 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 13:02 - 2010-10-05 13:10 - 00000000 ____D () C:\Users\Catherine\Documents\Family Trees
2015-02-25 17:29 - 2014-08-04 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-02-19 14:33 - 2013-08-10 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-19 09:57 - 2010-10-15 22:13 - 00040116 _____ () C:\Windows\$CCW_D02.CC$
2015-02-19 09:57 - 2010-10-07 08:55 - 00005612 _____ () C:\Windows\POWERUP.INI
2015-02-19 09:44 - 2010-10-17 11:29 - 00000030 _____ () C:\Windows\GRAPHICS FILTERS
2015-02-19 09:44 - 2010-10-07 08:55 - 00000788 _____ () C:\Windows\CCSTYLES.CCY
2015-02-19 02:07 - 2013-03-01 18:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 02:05 - 2013-03-01 18:50 - 00000000 ____D () C:\Program Files\Garmin
2015-02-16 09:57 - 2010-10-13 11:38 - 00000000 ____D () C:\Users\Public\Documents\Uncommon Travelers
2015-02-15 18:00 - 2011-10-05 11:12 - 00015359 _____ () C:\Users\Catherine\Documents\Book1.xlsx
2015-02-14 08:19 - 2010-10-18 11:51 - 00000000 ____D () C:\Program Files\Google
2015-02-13 13:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-02-13 13:40 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-12 19:42 - 2013-12-03 13:53 - 00001033 _____ () C:\Users\Catherine\Desktop\Dropbox.lnk
2015-02-12 19:42 - 2013-12-03 13:50 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 19:34 - 2009-07-14 00:33 - 00524224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 10:36 - 2013-08-14 16:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:29 - 2010-10-02 20:14 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 10:27 - 2010-10-03 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 10:25 - 2012-05-20 12:24 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 10:25 - 2011-01-28 17:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 10:25 - 2011-01-28 17:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-10 14:46 - 2011-05-29 14:52 - 00499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
2015-02-10 14:43 - 2010-10-03 00:07 - 00016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache

==================== Files in the root of some directories =======

2015-02-07 11:10 - 2015-02-13 16:58 - 0000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2014-11-21 13:01 - 2014-11-06 08:17 - 1859904 _____ (BeFrugal.com ) C:\Users\Catherine\AppData\Roaming\BeFrugal.com-Install.exe
2010-10-03 02:32 - 2015-03-03 15:24 - 0007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2010-10-18 16:03 - 2015-01-08 17:53 - 0014848 _____ () C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-18 21:22 - 2010-10-18 21:22 - 0000097 _____ () C:\Users\Catherine\AppData\Local\fusioncache.dat
2010-11-17 16:44 - 2010-11-17 16:49 - 0007611 _____ () C:\Users\Catherine\AppData\Local\resmon.resmoncfg
2011-05-29 14:52 - 2015-02-10 14:46 - 0499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
2010-10-03 00:07 - 2015-02-10 14:43 - 0016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache
2013-08-04 12:42 - 2013-08-04 12:42 - 0000000 _____ () C:\ProgramData\2b28273c2a2030262c5e242c_c
2010-10-06 11:12 - 2010-10-06 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-04 15:59 - 2010-11-20 18:37 - 0004445 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnmvjkl.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 08:49

==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-03-09 17:25:06
-----------------------------
17:25:06.749 OS Version: Windows 6.1.7601 Service Pack 1
17:25:06.749 Number of processors: 2 586 0x170A
17:25:06.749 ComputerName: CATHERINE-PC UserName: Catherine
17:25:09.349 Initialize success
17:25:09.429 VM: initialized successfully
17:25:09.429 VM: Intel CPU supported
17:25:13.809 VM: disk I/O atapi.sys
17:28:05.222 The log file has been saved successfully to "C:\Users\Catherine\Desktop\aswMBR.txt"

Blade81
2015-03-10, 09:28
Hi,

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Scan.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

tampacate
2015-03-10, 18:48
I've downloaded AdwCleaner and hope I am now going to attach the log. I did not delete anything as requested by the program.

Blade81
2015-03-11, 09:20
Hi again,

Thanks for the log. Let's continue.


Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Then please re-run FRST and post fresh logs from it.

tampacate
2015-03-12, 04:22
Did as you asked. Here is the file. It was S0.txt, not S1.txt. 12141

Blade81
2015-03-12, 08:45
Hi,

Please run also FRST again and post back its logs.

tampacate
2015-03-13, 17:43
Here it is . Sorry can't upload -- received a message that the file is larger than allowed by the forum!

Blade81
2015-03-15, 00:46
Hi,


Sorry can't upload -- received a message that the file is larger than allowed by the forum!
Please copy log contents to your reply instead of attaching the file itself.

tampacate
2015-03-15, 21:03
Will try.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Catherine (administrator) on CATHERINE-PC on 13-03-2015 11:10:02
Running from C:\Users\Catherine\Desktop
Loaded Profiles: Catherine (Available profiles: Catherine)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Sonic Solutions) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [240112 2007-08-24] (Sonic Solutions)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [DXDllRegExe] => dxdllreg.exe
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [OneDrive] => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-11] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\RunOnce: [Adobe Speed Launcher] => 1426257312
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
IFEO: [Debugger] svchost.exe
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?fr=yfp-t-403
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://my.yahoo.com/
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {5320134B-25BC-C2D4-1AF8-8C5F8CAA52F3} URL = http://www.bing.com/search?q={searchTerms}&pc=Z020&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {54C851C9-DB04-4DBF-AF30-9677CF5C390C} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {59D81261-FBA5-4DBB-85BF-3014E49D605F} URL = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {617D4867-3277-41B4-A578-6614A00C16EA} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {C09145E9-A2BA-49E1-A4D3-560A676F105F} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-09-23] (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Catherine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Catherine\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Skype Click to Call) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-04]
CHR Extension: (Second Home) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmemlnpjmfkcddknibchodllhnnidlp [2015-02-25]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CATHER~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [344056 2013-04-01] (Verizon) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
R2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 d696664e; "C:\Windows\system32\rundll32.exe" "c:\Program Files\CheapProductsCoupons\Shopalooza.dll",serv
S2 SessionLauncher; C:\Users\CATHER~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2010-10-18] (Oak Technology Inc.) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-07-16] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-07-16] (HP)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsl57403dcb; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62E14891-71A8-4E4D-A1F5-ABE6C8E9FCDF}\MpKsl57403dcb.sys [39464 2015-03-13] (Microsoft Corporation)
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 scsiscan; C:\Windows\system32\drivers\scsiscan.sys [14848 2009-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\CATHER~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\CATHER~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 11:09 - 2015-03-13 11:09 - 00000000 ____D () C:\Users\Catherine\Desktop\FRST-OlderVersion
2015-03-13 10:34 - 2015-03-13 10:34 - 00000000 ___HD () C:\OneDriveTemp
2015-03-13 10:32 - 2015-03-13 10:32 - 00000056 _____ () C:\Windows\setupact.log
2015-03-13 10:32 - 2015-03-13 10:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-11 09:53 - 2015-02-25 23:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:53 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:53 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:53 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:53 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:53 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:53 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:53 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:53 - 2015-02-19 22:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 09:53 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:53 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:53 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 09:53 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 09:53 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:53 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:53 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:53 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 09:53 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 09:53 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:53 - 2015-02-19 21:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 09:53 - 2015-02-19 21:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:53 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:53 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:53 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:53 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:53 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:53 - 2015-02-19 21:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:53 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 09:53 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:53 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:53 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 09:53 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:53 - 2015-01-30 23:32 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 09:53 - 2015-01-30 22:52 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:53 - 2015-01-30 22:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 09:53 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:52 - 2015-03-06 01:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:52 - 2015-03-06 01:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:52 - 2015-03-06 01:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:52 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:52 - 2015-03-06 01:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:52 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:52 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:52 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:52 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:52 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:52 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:51 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 09:51 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:51 - 2015-02-02 23:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:51 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:51 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:51 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:51 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:51 - 2015-02-02 23:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:51 - 2015-02-02 23:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:51 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:51 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:51 - 2015-02-02 23:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:51 - 2015-02-02 22:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:51 - 2015-01-30 19:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:51 - 2014-10-31 18:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:51 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 09:51 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 13:38 - 2015-03-10 13:38 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{19F585E6-DF04-45B4-B69A-F673D2679F7A}
2015-03-10 12:34 - 2015-03-10 12:32 - 02171392 _____ () C:\Users\Catherine\Desktop\AdwCleaner.exe
2015-03-10 11:41 - 2015-03-13 10:57 - 00000000 ____D () C:\AdwCleaner
2015-03-09 17:28 - 2015-03-13 11:02 - 00001181 _____ () C:\Users\Catherine\Desktop\aswMBR.txt
2015-03-09 17:08 - 2015-03-09 17:09 - 00049397 _____ () C:\Users\Catherine\Desktop\Addition.txt
2015-03-09 17:07 - 2015-03-13 11:10 - 00025468 _____ () C:\Users\Catherine\Desktop\FRST.txt
2015-03-09 17:07 - 2015-03-13 11:10 - 00000000 ____D () C:\FRST
2015-03-09 17:03 - 2015-03-09 17:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CATHERINE-PC-Windows-7-Enterprise-(32-bit).dat
2015-03-09 17:02 - 2015-03-09 17:02 - 00000000 ____D () C:\RegBackup
2015-03-09 16:59 - 2015-03-09 16:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-09 16:58 - 2015-03-09 16:58 - 05198336 _____ (AVAST Software) C:\Users\Catherine\Desktop\aswMBR.exe
2015-03-09 16:54 - 2015-03-13 11:09 - 01135104 _____ (Farbar) C:\Users\Catherine\Desktop\FRST.exe
2015-03-09 16:40 - 2015-03-09 16:40 - 04804736 _____ () C:\Users\Catherine\Desktop\tweaking.com_registry_backup_setup.exe
2015-03-09 14:01 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150309-140157.backup
2015-03-06 19:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150306-181238.backup
2015-03-06 19:09 - 2015-03-06 19:10 - 00000560 _____ () C:\Users\Catherine\Documents\cc_20150306_180948.reg
2015-03-06 16:24 - 2015-03-06 16:24 - 00025906 _____ () C:\Users\Catherine\Documents\cc_20150306_152401.reg
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{52BCCC98-434A-4857-B895-68ED3442C0A4}
2015-03-01 17:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150301-160510.backup
2015-02-28 18:17 - 2015-02-28 18:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-28 18:17 - 2015-02-28 18:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-28 18:16 - 2015-02-28 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-27 16:54 - 2015-02-27 18:42 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\HP Photo Creations
2015-02-27 16:54 - 2015-02-27 16:54 - 00002120 _____ () C:\Users\Catherine\Desktop\HP Photo Creations.lnk
2015-02-27 16:10 - 2015-02-27 16:10 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{3BCC05A3-14C1-4E95-BD55-A773CD55C6E9}
2015-02-27 12:47 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150227-114702.backup
2015-02-26 19:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-180511.backup
2015-02-26 00:48 - 2015-02-26 00:49 - 00000000 ____D () C:\Program Files\Awesome Dictionary Widget ANTP
2015-02-25 22:00 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-210027.backup
2015-02-25 21:59 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-205948.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201343.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201310.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201236.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201211.backup
2015-02-19 10:18 - 2015-02-19 10:18 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{C0B36FD4-E9B7-4666-BD67-F535C2DAE402}
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2015-02-14 08:19 - 2015-02-14 08:19 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 08:19 - 2015-02-14 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-11 09:17 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 11:05 - 2013-12-12 10:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-13 10:48 - 2012-06-26 16:38 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000UA.job
2015-03-13 10:47 - 2010-10-02 18:01 - 01933822 _____ () C:\Windows\WindowsUpdate.log
2015-03-13 10:46 - 2013-12-02 11:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-13 10:42 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-13 10:42 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-13 10:38 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-13 10:35 - 2014-10-09 18:03 - 00000000 ___RD () C:\Users\Catherine\Google Drive
2015-03-13 10:35 - 2013-12-03 13:53 - 00000000 ___RD () C:\Users\Catherine\Dropbox
2015-03-13 10:35 - 2013-12-03 13:49 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Dropbox
2015-03-13 10:34 - 2013-08-10 19:00 - 00000000 ___RD () C:\Users\Catherine\SkyDrive
2015-03-13 10:32 - 2013-12-12 10:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-13 10:32 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 20:23 - 2010-10-02 18:04 - 00739918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 20:20 - 2014-02-24 11:18 - 00002176 _____ () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-11 20:16 - 2009-07-14 00:33 - 00524224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 12:22 - 2010-10-03 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 12:14 - 2013-08-14 16:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 12:14 - 2010-10-02 20:14 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 16:48 - 2012-06-26 16:38 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000Core.job
2015-03-08 17:36 - 2014-08-03 20:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 16:29 - 2010-10-06 04:26 - 02514944 ___SH () C:\Users\Catherine\Documents\Thumbs.db
2015-03-08 11:24 - 2010-10-06 11:08 - 00000000 ___RD () C:\Program Files\Skype
2015-03-07 20:57 - 2010-10-06 17:42 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Microsoft Games
2015-03-07 11:07 - 2014-06-26 10:25 - 00000000 ____D () C:\Users\Catherine\Documents\SHINE
2015-03-06 18:54 - 2010-10-06 11:58 - 00000000 ____D () C:\Users\Public\Documents\Trade King
2015-03-06 16:46 - 2015-01-01 12:37 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-06 16:46 - 2015-01-01 12:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-06 10:59 - 2014-12-10 18:17 - 00000000 ____D () C:\ProgramData\9171614046202116540
2015-03-03 15:24 - 2010-10-03 02:32 - 00007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2015-03-03 09:16 - 2010-11-07 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:25 - 2010-10-06 04:26 - 00000000 ____D () C:\Users\Catherine\Documents\Idlewild
2015-03-01 23:59 - 2010-10-06 11:11 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Skype
2015-02-28 21:54 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-28 18:16 - 2013-12-03 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 18:16 - 2010-10-02 21:09 - 00000000 ____D () C:\Program Files\Java
2015-02-28 10:54 - 2013-07-14 19:03 - 00001044 _____ () C:\Windows\Output.txt
2015-02-27 18:43 - 2012-07-21 17:03 - 00000000 ___RD () C:\Users\Catherine\Documents\HP Photo Creations
2015-02-27 18:17 - 2015-01-01 22:52 - 00000000 ____D () C:\Users\Catherine\Documents\My Albums
2015-02-27 16:58 - 2011-02-04 21:46 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Visan
2015-02-27 16:55 - 2010-10-04 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 16:54 - 2010-10-19 13:27 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 13:02 - 2010-10-05 13:10 - 00000000 ____D () C:\Users\Catherine\Documents\Family Trees
2015-02-19 14:33 - 2013-08-10 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-19 09:57 - 2010-10-15 22:13 - 00040116 _____ () C:\Windows\$CCW_D02.CC$
2015-02-19 09:57 - 2010-10-07 08:55 - 00005612 _____ () C:\Windows\POWERUP.INI
2015-02-19 09:44 - 2010-10-17 11:29 - 00000030 _____ () C:\Windows\GRAPHICS FILTERS
2015-02-19 09:44 - 2010-10-07 08:55 - 00000788 _____ () C:\Windows\CCSTYLES.CCY
2015-02-19 02:07 - 2013-03-01 18:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 02:05 - 2013-03-01 18:50 - 00000000 ____D () C:\Program Files\Garmin
2015-02-16 09:57 - 2010-10-13 11:38 - 00000000 ____D () C:\Users\Public\Documents\Uncommon Travelers
2015-02-15 18:00 - 2011-10-05 11:12 - 00015359 _____ () C:\Users\Catherine\Documents\Book1.xlsx
2015-02-14 08:19 - 2010-10-18 11:51 - 00000000 ____D () C:\Program Files\Google
2015-02-13 16:58 - 2015-02-07 11:10 - 00000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2015-02-13 13:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-02-13 13:40 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-12 19:42 - 2013-12-03 13:53 - 00001033 _____ () C:\Users\Catherine\Desktop\Dropbox.lnk
2015-02-12 19:42 - 2013-12-03 13:50 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 10:25 - 2012-05-20 12:24 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 10:25 - 2011-01-28 17:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 10:25 - 2011-01-28 17:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client

==================== Files in the root of some directories =======

2015-02-07 11:10 - 2015-02-13 16:58 - 0000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2014-11-21 13:01 - 2014-11-06 08:17 - 1859904 _____ (BeFrugal.com ) C:\Users\Catherine\AppData\Roaming\BeFrugal.com-Install.exe
2010-10-03 02:32 - 2015-03-03 15:24 - 0007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2010-10-18 16:03 - 2015-01-08 17:53 - 0014848 _____ () C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-18 21:22 - 2010-10-18 21:22 - 0000097 _____ () C:\Users\Catherine\AppData\Local\fusioncache.dat
2010-11-17 16:44 - 2010-11-17 16:49 - 0007611 _____ () C:\Users\Catherine\AppData\Local\resmon.resmoncfg
2011-05-29 14:52 - 2015-02-10 14:46 - 0499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
2010-10-03 00:07 - 2015-02-10 14:43 - 0016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache
2013-08-04 12:42 - 2013-08-04 12:42 - 0000000 _____ () C:\ProgramData\2b28273c2a2030262c5e242c_c
2010-10-06 11:12 - 2010-10-06 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-04 15:59 - 2010-11-20 18:37 - 0004445 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfbek_f.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 08:49

==================== End Of Log ============================

Blade81
2015-03-16, 09:25
We need to run a fix with FRST:


Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST.exe/FRST64.exe and press the Fix button just once and wait
If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post its contents in your reply

tampacate
2015-03-16, 20:44
OK. Here's the file.

tampacate
2015-03-17, 04:14
OK. Here's the log.

Blade81
2015-03-17, 09:00
Good. Please run FRST again (like earlier without using fix) and copy-paste log contents in your reply.

tampacate
2015-03-19, 22:28
Don't know where my replies have gone -- have already sent log twice, but will try again as I don't see it here.

Blade81
2015-03-19, 23:34
Don't know where my replies have gone -- have already sent log twice, but will try again as I don't see it here.
Neither of your replies has gone anywhere and I saw them. However, after that I asked you to run FRST again but without pressing Fix button :)

Right click FRST.exe and select run as administrator.
Press Scan button in FRST and wait until tool has finished. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy-paste contents of that log back here.

tampacate
2015-03-20, 21:31
Good. Please run FRST again (like earlier without using fix) and copy-paste log contents in your reply.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Catherine (administrator) on CATHERINE-PC on 20-03-2015 15:24:54
Running from C:\Users\Catherine\Desktop
Loaded Profiles: Catherine (Available profiles: Catherine)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Sonic Solutions) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [240112 2007-08-24] (Sonic Solutions)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [DXDllRegExe] => dxdllreg.exe
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [OneDrive] => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-11] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
IFEO: [Debugger] svchost.exe
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?fr=yfp-t-403
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://my.yahoo.com/
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {5320134B-25BC-C2D4-1AF8-8C5F8CAA52F3} URL = http://www.bing.com/search?q={searchTerms}&pc=Z020&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {59D81261-FBA5-4DBB-85BF-3014E49D605F} URL = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {617D4867-3277-41B4-A578-6614A00C16EA} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {C09145E9-A2BA-49E1-A4D3-560A676F105F} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-09-23] (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Catherine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Catherine\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Skype Click to Call) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-04]
CHR Extension: (Second Home) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmemlnpjmfkcddknibchodllhnnidlp [2015-02-25]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CATHER~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [344056 2013-04-01] (Verizon) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
R2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 SessionLauncher; C:\Users\CATHER~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2010-10-18] (Oak Technology Inc.) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-07-16] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-07-16] (HP)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 scsiscan; C:\Windows\system32\drivers\scsiscan.sys [14848 2009-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 14:15 - 2015-03-20 14:15 - 00000000 ___HD () C:\OneDriveTemp
2015-03-19 15:48 - 2015-03-19 15:50 - 00000000 ____D () C:\Users\Catherine\Documents\OLLI
2015-03-16 08:03 - 2015-03-20 14:14 - 00000336 _____ () C:\Windows\setupact.log
2015-03-16 08:03 - 2015-03-16 13:59 - 00000924 _____ () C:\Windows\PFRO.log
2015-03-16 08:03 - 2015-03-16 08:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-15 23:06 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150315-230629.backup
2015-03-15 23:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150315-230550.backup
2015-03-13 11:09 - 2015-03-13 11:09 - 00000000 ____D () C:\Users\Catherine\Desktop\FRST-OlderVersion
2015-03-11 09:53 - 2015-02-25 23:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:53 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:53 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:53 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:53 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:53 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:53 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:53 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:53 - 2015-02-19 22:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 09:53 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:53 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:53 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 09:53 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 09:53 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:53 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:53 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:53 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 09:53 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 09:53 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:53 - 2015-02-19 21:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 09:53 - 2015-02-19 21:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:53 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:53 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:53 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:53 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:53 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:53 - 2015-02-19 21:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:53 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 09:53 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:53 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:53 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 09:53 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:53 - 2015-01-30 23:32 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 09:53 - 2015-01-30 22:52 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:53 - 2015-01-30 22:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 09:53 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:52 - 2015-03-06 01:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:52 - 2015-03-06 01:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:52 - 2015-03-06 01:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:52 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:52 - 2015-03-06 01:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:52 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:52 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:52 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:52 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:52 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:52 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:51 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 09:51 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:51 - 2015-02-02 23:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:51 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:51 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:51 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:51 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:51 - 2015-02-02 23:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:51 - 2015-02-02 23:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:51 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:51 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:51 - 2015-02-02 23:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:51 - 2015-02-02 22:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:51 - 2015-01-30 19:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:51 - 2014-10-31 18:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:51 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 09:51 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 13:38 - 2015-03-10 13:38 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{19F585E6-DF04-45B4-B69A-F673D2679F7A}
2015-03-10 12:34 - 2015-03-10 12:32 - 02171392 _____ () C:\Users\Catherine\Desktop\AdwCleaner.exe
2015-03-10 11:41 - 2015-03-13 11:30 - 00000000 ____D () C:\AdwCleaner
2015-03-09 17:28 - 2015-03-13 11:02 - 00001181 _____ () C:\Users\Catherine\Desktop\aswMBR.txt
2015-03-09 17:08 - 2015-03-09 17:09 - 00049397 _____ () C:\Users\Catherine\Desktop\Addition.txt
2015-03-09 17:07 - 2015-03-20 15:25 - 00000000 ____D () C:\FRST
2015-03-09 17:07 - 2015-03-20 15:24 - 00025047 _____ () C:\Users\Catherine\Desktop\FRST.txt
2015-03-09 17:03 - 2015-03-09 17:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CATHERINE-PC-Windows-7-Enterprise-(32-bit).dat
2015-03-09 17:02 - 2015-03-09 17:02 - 00000000 ____D () C:\RegBackup
2015-03-09 16:59 - 2015-03-09 16:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-09 16:58 - 2015-03-09 16:58 - 05198336 _____ (AVAST Software) C:\Users\Catherine\Desktop\aswMBR.exe
2015-03-09 16:54 - 2015-03-13 11:09 - 01135104 _____ (Farbar) C:\Users\Catherine\Desktop\FRST.exe
2015-03-09 16:40 - 2015-03-09 16:40 - 04804736 _____ () C:\Users\Catherine\Desktop\tweaking.com_registry_backup_setup.exe
2015-03-09 14:01 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150309-140157.backup
2015-03-06 19:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150306-181238.backup
2015-03-06 19:09 - 2015-03-06 19:10 - 00000560 _____ () C:\Users\Catherine\Documents\cc_20150306_180948.reg
2015-03-06 16:24 - 2015-03-06 16:24 - 00025906 _____ () C:\Users\Catherine\Documents\cc_20150306_152401.reg
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{52BCCC98-434A-4857-B895-68ED3442C0A4}
2015-03-01 17:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150301-160510.backup
2015-02-28 18:17 - 2015-02-28 18:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-28 18:17 - 2015-02-28 18:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-28 18:16 - 2015-02-28 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-27 16:54 - 2015-02-27 18:42 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\HP Photo Creations
2015-02-27 16:54 - 2015-02-27 16:54 - 00002120 _____ () C:\Users\Catherine\Desktop\HP Photo Creations.lnk
2015-02-27 16:10 - 2015-02-27 16:10 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{3BCC05A3-14C1-4E95-BD55-A773CD55C6E9}
2015-02-27 12:47 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150227-114702.backup
2015-02-26 19:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-180511.backup
2015-02-25 22:00 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-210027.backup
2015-02-25 21:59 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-205948.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201343.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201310.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201236.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201211.backup
2015-02-19 10:18 - 2015-02-19 10:18 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{C0B36FD4-E9B7-4666-BD67-F535C2DAE402}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 15:05 - 2013-12-12 10:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 14:46 - 2013-12-02 11:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 14:22 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 14:22 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 14:20 - 2010-10-02 18:01 - 01395733 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 14:16 - 2014-10-09 18:03 - 00000000 ___RD () C:\Users\Catherine\Google Drive
2015-03-20 14:16 - 2013-12-03 13:53 - 00000000 ___RD () C:\Users\Catherine\Dropbox
2015-03-20 14:16 - 2013-12-03 13:49 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Dropbox
2015-03-20 14:15 - 2013-08-10 19:00 - 00000000 ___RD () C:\Users\Catherine\SkyDrive
2015-03-20 14:14 - 2013-12-12 10:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-20 14:14 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 19:48 - 2012-06-26 16:38 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000UA.job
2015-03-19 16:48 - 2012-06-26 16:38 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000Core.job
2015-03-19 15:51 - 2010-10-06 04:26 - 02514944 ___SH () C:\Users\Catherine\Documents\Thumbs.db
2015-03-17 22:53 - 2011-10-05 11:12 - 00015504 _____ () C:\Users\Catherine\Documents\Book1.xlsx
2015-03-17 22:16 - 2010-10-02 18:04 - 00739918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 22:16 - 2010-10-18 11:51 - 00000000 ____D () C:\Program Files\Google
2015-03-16 17:08 - 2010-10-03 02:32 - 00007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2015-03-16 14:17 - 2013-08-10 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-15 19:35 - 2014-08-03 20:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 19:17 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-03-13 16:07 - 2010-10-02 21:04 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Adobe
2015-03-13 11:29 - 2013-12-03 13:53 - 00001033 _____ () C:\Users\Catherine\Desktop\Dropbox.lnk
2015-03-13 11:29 - 2013-12-03 13:50 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-13 10:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-11 20:20 - 2014-02-24 11:18 - 00002176 _____ () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-11 20:16 - 2009-07-14 00:33 - 00524224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 12:22 - 2010-10-03 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 12:21 - 2013-08-14 16:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 12:14 - 2010-10-02 20:14 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 11:24 - 2010-10-06 11:08 - 00000000 ___RD () C:\Program Files\Skype
2015-03-07 20:57 - 2010-10-06 17:42 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Microsoft Games
2015-03-07 11:07 - 2014-06-26 10:25 - 00000000 ____D () C:\Users\Catherine\Documents\SHINE
2015-03-06 18:54 - 2010-10-06 11:58 - 00000000 ____D () C:\Users\Public\Documents\Trade King
2015-03-06 16:46 - 2015-01-01 12:37 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-06 16:46 - 2015-01-01 12:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-06 10:59 - 2014-12-10 18:17 - 00000000 ____D () C:\ProgramData\9171614046202116540
2015-03-03 09:16 - 2010-11-07 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:25 - 2010-10-06 04:26 - 00000000 ____D () C:\Users\Catherine\Documents\Idlewild
2015-03-01 23:59 - 2010-10-06 11:11 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Skype
2015-02-28 21:54 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-28 18:16 - 2013-12-03 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 18:16 - 2010-10-02 21:09 - 00000000 ____D () C:\Program Files\Java
2015-02-28 10:54 - 2013-07-14 19:03 - 00001044 _____ () C:\Windows\Output.txt
2015-02-27 18:43 - 2012-07-21 17:03 - 00000000 ___RD () C:\Users\Catherine\Documents\HP Photo Creations
2015-02-27 18:17 - 2015-01-01 22:52 - 00000000 ____D () C:\Users\Catherine\Documents\My Albums
2015-02-27 16:58 - 2011-02-04 21:46 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Visan
2015-02-27 16:55 - 2010-10-04 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 16:54 - 2010-10-19 13:27 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 13:02 - 2010-10-05 13:10 - 00000000 ____D () C:\Users\Catherine\Documents\Family Trees
2015-02-19 09:57 - 2010-10-15 22:13 - 00040116 _____ () C:\Windows\$CCW_D02.CC$
2015-02-19 09:57 - 2010-10-07 08:55 - 00005612 _____ () C:\Windows\POWERUP.INI
2015-02-19 09:44 - 2010-10-17 11:29 - 00000030 _____ () C:\Windows\GRAPHICS FILTERS
2015-02-19 09:44 - 2010-10-07 08:55 - 00000788 _____ () C:\Windows\CCSTYLES.CCY
2015-02-19 02:07 - 2013-03-01 18:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 02:05 - 2013-03-01 18:50 - 00000000 ____D () C:\Program Files\Garmin

==================== Files in the root of some directories =======

2015-02-07 11:10 - 2015-02-13 16:58 - 0000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2014-11-21 13:01 - 2014-11-06 08:17 - 1859904 _____ (BeFrugal.com ) C:\Users\Catherine\AppData\Roaming\BeFrugal.com-Install.exe
2010-10-03 02:32 - 2015-03-16 17:08 - 0007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2010-10-18 16:03 - 2015-01-08 17:53 - 0014848 _____ () C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-18 21:22 - 2010-10-18 21:22 - 0000097 _____ () C:\Users\Catherine\AppData\Local\fusioncache.dat
2010-11-17 16:44 - 2010-11-17 16:49 - 0007611 _____ () C:\Users\Catherine\AppData\Local\resmon.resmoncfg
2011-05-29 14:52 - 2015-02-10 14:46 - 0499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
2010-10-03 00:07 - 2015-02-10 14:43 - 0016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache
2013-08-04 12:42 - 2013-08-04 12:42 - 0000000 _____ () C:\ProgramData\2b28273c2a2030262c5e242c_c
2010-10-06 11:12 - 2010-10-06 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-04 15:59 - 2010-11-20 18:37 - 0004445 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpongwd5.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 16:41

==================== End Of Log ============================

Blade81
2015-03-21, 19:17
Hi,

Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts. Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html). Click the blue Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications Click on Advanced Settings Make sure that the option Remove found threats is unticked. Ensure these options are ticked Scan archives Scan for potentially unsafe applications Enable Anti-Stealth technology Click Start Wait for the scan to finish When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..." Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic. Close the ESET online scan, and let me know how things are now.

tampacate
2015-03-22, 22:19
Hi,

Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts. Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html). Click the blue Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications Click on Advanced Settings Make sure that the option Remove found threats is unticked. Ensure these options are ticked Scan archives Scan for potentially unsafe applications Enable Anti-Stealth technology Click Start Wait for the scan to finish When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..." Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic. Close the ESET online scan, and let me know how things are now.

Hi,
Yes, threats were found. File enclosed. However, I messed up and forgot to go to advanced settings and unclick "remove found threats". So, they've been removed. Sorry. I can't believe we went through all those steps and there were still threats.

C:\AdwCleaner\Quarantine\C\Program Files\CheapProductsCoupons\Shopalooza.dll.vir a variant of Win32/SProtector.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\comiomcpmjjbamckaofaihngeohecbnl\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\comiomcpmjjbamckaofaihngeohecbnl\t8e7OdYke.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\fdnolplnofjhffmggppnjejkonmhlnkl\lsdb.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\fdnolplnofjhffmggppnjejkonmhlnkl\tKmbca9.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\gdjnohoegomjephliankgbomeifahlcp\hNrk_ac.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\rrealdeaal\DdC0BJhhdR9XDg.exe.vir a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\Users\Catherine\Desktop\Downloads\FreeFileViewerSetup.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined

Blade81
2015-03-23, 09:36
Hi,

All but the last one on the list were items that adwCleaner had already quarantined so situation looks good from that point of view. How's the system running now? Any problems left?

tampacate
2015-03-25, 17:22
Hi,

All but the last one on the list were items that adwCleaner had already quarantined so situation looks good from that point of view. How's the system running now? Any problems left?

So far it seems OK. Thanks so much for your time and expertise.

Blade81
2015-03-26, 22:32
Good. Let's see the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Now let's uninstall adwCleaner:

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.



Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Recommended program to help in keeping the system up-to-date:
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) (tutorial can be found here (http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/)) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Blade81
2015-04-02, 00:22
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.