tampacate
2015-03-09, 23:44
Don't know where my last post went.
Edit:
Original topic: http://forums.spybot.info/showthread.php?72150-CheapProductsCoupons
But now I believe I have the attachments.
I found a CheapProductsCoupons folder on my C drive along with others that also seemed to be pop-up ad related. I was able to delete the others, but this one will not delete, saying it is open in TrustMix,which I can't find.
Lately, no matter how often I run SpyBots it finds problem. I can run it three times in a row and each time it finds something -- this without my doing anything on line between the scans!
Any help will be GREATLY appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2015 01
Ran by Catherine (administrator) on CATHERINE-PC on 09-03-2015 17:07:14
Running from C:\Users\Catherine\Desktop
Loaded Profiles: Catherine (Available profiles: Catherine)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Sonic Solutions) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [240112 2007-08-24] (Sonic Solutions)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [DXDllRegExe] => dxdllreg.exe
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [OneDrive] => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281256 2015-03-06] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\RunOnce: [Adobe Speed Launcher] => 1425913134
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
IFEO: [Debugger] svchost.exe
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3958275423-1937913606-3708625069-1000] => http=127.0.0.1:25424
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?fr=yfp-t-403
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://my.yahoo.com/
URLSearchHook: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-19 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {471C2803-C5DB-4AED-AB61-06BFC9FACC85} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_49_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtC0FtDtAtByE0D0ByBtAyCtN0D0Tzu0SzyyEyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyDyEtB0DyB0CtDtGtAyBtAtAtGtB0DtAtCtGyEtD0E0AtGyByEtB0D0AtA0ByCyE0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0Ezz0BtA0DtBtGtC0B0A0FtG0Fzy0CyDtG0AtCtAyDtGyDyC0F0A0BzytAyBtCtDyDyD2Q&cr=676245291&ir=
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {5320134B-25BC-C2D4-1AF8-8C5F8CAA52F3} URL = http://www.bing.com/search?q={searchTerms}&pc=Z020&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {54C851C9-DB04-4DBF-AF30-9677CF5C390C} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {59D81261-FBA5-4DBB-85BF-3014E49D605F} URL = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {617D4867-3277-41B4-A578-6614A00C16EA} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {93E195B9-9CD4-4BAA-88CD-079A1F82ED12} URL = http://isearch.shopathome.com?user_id={47bc1061-77db-41f8-9305-7c47a4e4e0b3}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=10003&iwk=296&lng=en
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {C09145E9-A2BA-49E1-A4D3-560A676F105F} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: QueenCCoupon -> {ce9d8595-6f6a-4e73-afeb-671e00779aed} -> C:\Program Files\QueenCCoupon\KeeLcK5NdIQchl.dll No File
Toolbar: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-12] (AVG Secure Search)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-09-23] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Catherine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Catherine\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-20]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Awesome Dictionary Widget ANTP) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdigjjbkpjljoknifbgaijaemafihhga [2015-02-26]
CHR Extension: (Skype Click to Call) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-04]
CHR Extension: (Second Home) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmemlnpjmfkcddknibchodllhnnidlp [2015-02-25]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CATHER~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-08]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
R2 d696664e; c:\Program Files\CheapProductsCoupons\Shopalooza.dll [4044288 2014-11-21] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [344056 2013-04-01] (Verizon) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
R2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 SessionLauncher; C:\Users\CATHER~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2010-10-18] (Oak Technology Inc.) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-07-16] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-07-16] (HP)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsle4e93467; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{942D42FE-E209-4992-9B1F-44776DDF9CA7}\MpKsle4e93467.sys [39464 2015-03-08] (Microsoft Corporation)
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 scsiscan; C:\Windows\system32\drivers\scsiscan.sys [14848 2009-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-09 17:07 - 2015-03-09 17:07 - 00027639 _____ () C:\Users\Catherine\Desktop\FRST.txt
2015-03-09 17:07 - 2015-03-09 17:07 - 00000000 ____D () C:\FRST
2015-03-09 17:03 - 2015-03-09 17:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CATHERINE-PC-Windows-7-Enterprise-(32-bit).dat
2015-03-09 17:02 - 2015-03-09 17:02 - 00000000 ____D () C:\RegBackup
2015-03-09 16:59 - 2015-03-09 16:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-09 16:58 - 2015-03-09 16:58 - 05198336 _____ (AVAST Software) C:\Users\Catherine\Desktop\aswMBR.exe
2015-03-09 16:54 - 2015-03-09 16:54 - 01134592 _____ (Farbar) C:\Users\Catherine\Desktop\FRST.exe
2015-03-09 16:40 - 2015-03-09 16:40 - 04804736 _____ () C:\Users\Catherine\Desktop\tweaking.com_registry_backup_setup.exe
2015-03-09 14:01 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150309-140157.backup
2015-03-09 10:58 - 2015-03-09 10:58 - 00000000 ___HD () C:\OneDriveTemp
2015-03-09 10:56 - 2015-03-09 10:56 - 00000394 _____ () C:\Windows\PFRO.log
2015-03-07 10:07 - 2015-03-09 10:56 - 00000168 _____ () C:\Windows\setupact.log
2015-03-07 10:07 - 2015-03-07 10:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 19:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150306-181238.backup
2015-03-06 19:09 - 2015-03-06 19:10 - 00000560 _____ () C:\Users\Catherine\Documents\cc_20150306_180948.reg
2015-03-06 16:24 - 2015-03-06 16:24 - 00025906 _____ () C:\Users\Catherine\Documents\cc_20150306_152401.reg
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{52BCCC98-434A-4857-B895-68ED3442C0A4}
2015-03-01 17:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150301-160510.backup
2015-02-28 18:17 - 2015-02-28 18:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-28 18:17 - 2015-02-28 18:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-28 18:16 - 2015-02-28 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-27 16:54 - 2015-02-27 18:42 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\HP Photo Creations
2015-02-27 16:54 - 2015-02-27 16:54 - 00002120 _____ () C:\Users\Catherine\Desktop\HP Photo Creations.lnk
2015-02-27 16:10 - 2015-02-27 16:10 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{3BCC05A3-14C1-4E95-BD55-A773CD55C6E9}
2015-02-27 12:47 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150227-114702.backup
2015-02-26 19:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-180511.backup
2015-02-26 00:48 - 2015-02-26 00:49 - 00000000 ____D () C:\Program Files\Awesome Dictionary Widget ANTP
2015-02-25 22:00 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-210027.backup
2015-02-25 21:59 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-205948.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201343.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201310.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201236.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201211.backup
2015-02-19 10:18 - 2015-02-19 10:18 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{C0B36FD4-E9B7-4666-BD67-F535C2DAE402}
2015-02-14 08:19 - 2015-02-14 08:19 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 08:19 - 2015-02-14 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-12 19:57 - 2015-01-22 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 19:57 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 09:19 - 2015-01-15 03:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:19 - 2015-01-15 03:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:19 - 2015-01-15 03:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:19 - 2015-01-15 03:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:19 - 2015-01-15 03:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:19 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:19 - 2015-01-15 03:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:19 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:19 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:19 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:19 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:19 - 2015-01-15 00:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:19 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 09:19 - 2015-01-08 21:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:18 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:18 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:18 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:18 - 2015-01-11 22:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:18 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:18 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:18 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:18 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:18 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:18 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:18 - 2015-01-11 21:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:18 - 2015-01-11 21:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:18 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:18 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:18 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:18 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:18 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:18 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:18 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:18 - 2015-01-11 21:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:18 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:18 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:18 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:18 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:17 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:17 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:17 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:17 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:17 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:17 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:17 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 06:38 - 2015-02-10 15:19 - 00000000 ____D () C:\Users\Catherine\Documents\Italian Class
2015-02-07 11:10 - 2015-02-13 16:58 - 00000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2015-02-07 06:38 - 2015-02-07 06:38 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{D1A3F280-6812-4998-B7D9-045703249E6F}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-09 17:05 - 2013-12-12 10:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 16:48 - 2012-06-26 16:38 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000UA.job
2015-03-09 16:48 - 2012-06-26 16:38 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000Core.job
2015-03-09 16:46 - 2013-12-02 11:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 16:23 - 2010-10-02 18:01 - 01309043 _____ () C:\Windows\WindowsUpdate.log
2015-03-09 11:04 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 11:04 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 11:03 - 2010-10-02 18:04 - 00739918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-09 10:58 - 2014-10-09 18:03 - 00000000 ___RD () C:\Users\Catherine\Google Drive
2015-03-09 10:58 - 2013-12-03 13:53 - 00000000 ___RD () C:\Users\Catherine\Dropbox
2015-03-09 10:58 - 2013-12-03 13:49 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Dropbox
2015-03-09 10:58 - 2013-08-10 19:00 - 00000000 ___RD () C:\Users\Catherine\SkyDrive
2015-03-09 10:56 - 2013-12-12 10:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-09 10:56 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 17:36 - 2014-08-03 20:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 16:29 - 2010-10-06 04:26 - 02514944 ___SH () C:\Users\Catherine\Documents\Thumbs.db
2015-03-08 11:24 - 2010-10-06 11:08 - 00000000 ___RD () C:\Program Files\Skype
2015-03-07 20:57 - 2010-10-06 17:42 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Microsoft Games
2015-03-07 11:07 - 2014-06-26 10:25 - 00000000 ____D () C:\Users\Catherine\Documents\SHINE
2015-03-06 18:54 - 2010-10-06 11:58 - 00000000 ____D () C:\Users\Public\Documents\Trade King
2015-03-06 16:46 - 2015-01-01 12:37 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-06 16:46 - 2015-01-01 12:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-06 16:21 - 2014-02-24 11:18 - 00002176 _____ () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-06 10:59 - 2014-12-10 18:17 - 00000000 ____D () C:\ProgramData\9171614046202116540
2015-03-04 15:29 - 2015-01-05 09:03 - 00000000 ____D () C:\ProgramData\SMartCompaereo
2015-03-04 15:29 - 2015-01-05 09:03 - 00000000 ____D () C:\ProgramData\easytoshooP
2015-03-04 15:29 - 2014-12-30 20:18 - 00000000 ____D () C:\ProgramData\Realidaeal
2015-03-04 15:29 - 2014-12-30 20:17 - 00000000 ____D () C:\ProgramData\CoUpScaanNer
2015-03-03 15:24 - 2010-10-03 02:32 - 00007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2015-03-03 09:16 - 2010-11-07 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:25 - 2010-10-06 04:26 - 00000000 ____D () C:\Users\Catherine\Documents\Idlewild
2015-03-01 23:59 - 2010-10-06 11:11 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Skype
2015-02-28 21:54 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-28 18:16 - 2013-12-03 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 18:16 - 2010-10-02 21:09 - 00000000 ____D () C:\Program Files\Java
2015-02-28 10:54 - 2013-07-14 19:03 - 00001044 _____ () C:\Windows\Output.txt
2015-02-27 18:43 - 2012-07-21 17:03 - 00000000 ___RD () C:\Users\Catherine\Documents\HP Photo Creations
2015-02-27 18:17 - 2015-01-01 22:52 - 00000000 ____D () C:\Users\Catherine\Documents\My Albums
2015-02-27 16:58 - 2011-02-04 21:46 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Visan
2015-02-27 16:55 - 2010-10-04 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 16:54 - 2010-10-19 13:27 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 13:02 - 2010-10-05 13:10 - 00000000 ____D () C:\Users\Catherine\Documents\Family Trees
2015-02-25 17:29 - 2014-08-04 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-02-19 14:33 - 2013-08-10 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-19 09:57 - 2010-10-15 22:13 - 00040116 _____ () C:\Windows\$CCW_D02.CC$
2015-02-19 09:57 - 2010-10-07 08:55 - 00005612 _____ () C:\Windows\POWERUP.INI
2015-02-19 09:44 - 2010-10-17 11:29 - 00000030 _____ () C:\Windows\GRAPHICS FILTERS
2015-02-19 09:44 - 2010-10-07 08:55 - 00000788 _____ () C:\Windows\CCSTYLES.CCY
2015-02-19 02:07 - 2013-03-01 18:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 02:05 - 2013-03-01 18:50 - 00000000 ____D () C:\Program Files\Garmin
2015-02-16 09:57 - 2010-10-13 11:38 - 00000000 ____D () C:\Users\Public\Documents\Uncommon Travelers
2015-02-15 18:00 - 2011-10-05 11:12 - 00015359 _____ () C:\Users\Catherine\Documents\Book1.xlsx
2015-02-14 08:19 - 2010-10-18 11:51 - 00000000 ____D () C:\Program Files\Google
2015-02-13 13:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-02-13 13:40 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-12 19:42 - 2013-12-03 13:53 - 00001033 _____ () C:\Users\Catherine\Desktop\Dropbox.lnk
2015-02-12 19:42 - 2013-12-03 13:50 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 19:34 - 2009-07-14 00:33 - 00524224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 10:36 - 2013-08-14 16:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:29 - 2010-10-02 20:14 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 10:27 - 2010-10-03 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 10:25 - 2012-05-20 12:24 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 10:25 - 2011-01-28 17:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 10:25 - 2011-01-28 17:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-10 14:46 - 2011-05-29 14:52 - 00499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
2015-02-10 14:43 - 2010-10-03 00:07 - 00016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache
==================== Files in the root of some directories =======
2015-02-07 11:10 - 2015-02-13 16:58 - 0000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2014-11-21 13:01 - 2014-11-06 08:17 - 1859904 _____ (BeFrugal.com ) C:\Users\Catherine\AppData\Roaming\BeFrugal.com-Install.exe
2010-10-03 02:32 - 2015-03-03 15:24 - 0007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2010-10-18 16:03 - 2015-01-08 17:53 - 0014848 _____ () C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-18 21:22 - 2010-10-18 21:22 - 0000097 _____ () C:\Users\Catherine\AppData\Local\fusioncache.dat
2010-11-17 16:44 - 2010-11-17 16:49 - 0007611 _____ () C:\Users\Catherine\AppData\Local\resmon.resmoncfg
2011-05-29 14:52 - 2015-02-10 14:46 - 0499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
2010-10-03 00:07 - 2015-02-10 14:43 - 0016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache
2013-08-04 12:42 - 2013-08-04 12:42 - 0000000 _____ () C:\ProgramData\2b28273c2a2030262c5e242c_c
2010-10-06 11:12 - 2010-10-06 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-04 15:59 - 2010-11-20 18:37 - 0004445 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnmvjkl.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 08:49
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-03-09 17:25:06
-----------------------------
17:25:06.749 OS Version: Windows 6.1.7601 Service Pack 1
17:25:06.749 Number of processors: 2 586 0x170A
17:25:06.749 ComputerName: CATHERINE-PC UserName: Catherine
17:25:09.349 Initialize success
17:25:09.429 VM: initialized successfully
17:25:09.429 VM: Intel CPU supported
17:25:13.809 VM: disk I/O atapi.sys
17:28:05.222 The log file has been saved successfully to "C:\Users\Catherine\Desktop\aswMBR.txt"
Edit:
Original topic: http://forums.spybot.info/showthread.php?72150-CheapProductsCoupons
But now I believe I have the attachments.
I found a CheapProductsCoupons folder on my C drive along with others that also seemed to be pop-up ad related. I was able to delete the others, but this one will not delete, saying it is open in TrustMix,which I can't find.
Lately, no matter how often I run SpyBots it finds problem. I can run it three times in a row and each time it finds something -- this without my doing anything on line between the scans!
Any help will be GREATLY appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2015 01
Ran by Catherine (administrator) on CATHERINE-PC on 09-03-2015 17:07:14
Running from C:\Users\Catherine\Desktop
Loaded Profiles: Catherine (Available profiles: Catherine)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Sonic Solutions) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [240112 2007-08-24] (Sonic Solutions)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [DXDllRegExe] => dxdllreg.exe
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [OneDrive] => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281256 2015-03-06] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\RunOnce: [Adobe Speed Launcher] => 1425913134
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
IFEO: [Debugger] svchost.exe
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3958275423-1937913606-3708625069-1000] => http=127.0.0.1:25424
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?fr=yfp-t-403
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://my.yahoo.com/
URLSearchHook: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-19 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {471C2803-C5DB-4AED-AB61-06BFC9FACC85} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_49_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtC0FtDtAtByE0D0ByBtAyCtN0D0Tzu0SzyyEyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyDyEtB0DyB0CtDtGtAyBtAtAtGtB0DtAtCtGyEtD0E0AtGyByEtB0D0AtA0ByCyE0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0Ezz0BtA0DtBtGtC0B0A0FtG0Fzy0CyDtG0AtCtAyDtGyDyC0F0A0BzytAyBtCtDyDyD2Q&cr=676245291&ir=
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {5320134B-25BC-C2D4-1AF8-8C5F8CAA52F3} URL = http://www.bing.com/search?q={searchTerms}&pc=Z020&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {54C851C9-DB04-4DBF-AF30-9677CF5C390C} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {59D81261-FBA5-4DBB-85BF-3014E49D605F} URL = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {617D4867-3277-41B4-A578-6614A00C16EA} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {93E195B9-9CD4-4BAA-88CD-079A1F82ED12} URL = http://isearch.shopathome.com?user_id={47bc1061-77db-41f8-9305-7c47a4e4e0b3}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=10003&iwk=296&lng=en
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {C09145E9-A2BA-49E1-A4D3-560A676F105F} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: QueenCCoupon -> {ce9d8595-6f6a-4e73-afeb-671e00779aed} -> C:\Program Files\QueenCCoupon\KeeLcK5NdIQchl.dll No File
Toolbar: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-12] (AVG Secure Search)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-09-23] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Catherine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Catherine\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-20]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Awesome Dictionary Widget ANTP) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdigjjbkpjljoknifbgaijaemafihhga [2015-02-26]
CHR Extension: (Skype Click to Call) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-04]
CHR Extension: (Second Home) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmemlnpjmfkcddknibchodllhnnidlp [2015-02-25]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CATHER~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-08]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
R2 d696664e; c:\Program Files\CheapProductsCoupons\Shopalooza.dll [4044288 2014-11-21] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [344056 2013-04-01] (Verizon) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
R2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 SessionLauncher; C:\Users\CATHER~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2010-10-18] (Oak Technology Inc.) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-07-16] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-07-16] (HP)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsle4e93467; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{942D42FE-E209-4992-9B1F-44776DDF9CA7}\MpKsle4e93467.sys [39464 2015-03-08] (Microsoft Corporation)
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 scsiscan; C:\Windows\system32\drivers\scsiscan.sys [14848 2009-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-09 17:07 - 2015-03-09 17:07 - 00027639 _____ () C:\Users\Catherine\Desktop\FRST.txt
2015-03-09 17:07 - 2015-03-09 17:07 - 00000000 ____D () C:\FRST
2015-03-09 17:03 - 2015-03-09 17:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CATHERINE-PC-Windows-7-Enterprise-(32-bit).dat
2015-03-09 17:02 - 2015-03-09 17:02 - 00000000 ____D () C:\RegBackup
2015-03-09 16:59 - 2015-03-09 16:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-09 16:58 - 2015-03-09 16:58 - 05198336 _____ (AVAST Software) C:\Users\Catherine\Desktop\aswMBR.exe
2015-03-09 16:54 - 2015-03-09 16:54 - 01134592 _____ (Farbar) C:\Users\Catherine\Desktop\FRST.exe
2015-03-09 16:40 - 2015-03-09 16:40 - 04804736 _____ () C:\Users\Catherine\Desktop\tweaking.com_registry_backup_setup.exe
2015-03-09 14:01 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150309-140157.backup
2015-03-09 10:58 - 2015-03-09 10:58 - 00000000 ___HD () C:\OneDriveTemp
2015-03-09 10:56 - 2015-03-09 10:56 - 00000394 _____ () C:\Windows\PFRO.log
2015-03-07 10:07 - 2015-03-09 10:56 - 00000168 _____ () C:\Windows\setupact.log
2015-03-07 10:07 - 2015-03-07 10:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 19:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150306-181238.backup
2015-03-06 19:09 - 2015-03-06 19:10 - 00000560 _____ () C:\Users\Catherine\Documents\cc_20150306_180948.reg
2015-03-06 16:24 - 2015-03-06 16:24 - 00025906 _____ () C:\Users\Catherine\Documents\cc_20150306_152401.reg
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{52BCCC98-434A-4857-B895-68ED3442C0A4}
2015-03-01 17:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150301-160510.backup
2015-02-28 18:17 - 2015-02-28 18:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-28 18:17 - 2015-02-28 18:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-28 18:16 - 2015-02-28 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-27 16:54 - 2015-02-27 18:42 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\HP Photo Creations
2015-02-27 16:54 - 2015-02-27 16:54 - 00002120 _____ () C:\Users\Catherine\Desktop\HP Photo Creations.lnk
2015-02-27 16:10 - 2015-02-27 16:10 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{3BCC05A3-14C1-4E95-BD55-A773CD55C6E9}
2015-02-27 12:47 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150227-114702.backup
2015-02-26 19:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-180511.backup
2015-02-26 00:48 - 2015-02-26 00:49 - 00000000 ____D () C:\Program Files\Awesome Dictionary Widget ANTP
2015-02-25 22:00 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-210027.backup
2015-02-25 21:59 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-205948.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201343.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201310.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201236.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201211.backup
2015-02-19 10:18 - 2015-02-19 10:18 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{C0B36FD4-E9B7-4666-BD67-F535C2DAE402}
2015-02-14 08:19 - 2015-02-14 08:19 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 08:19 - 2015-02-14 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-12 19:57 - 2015-01-22 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 19:57 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 09:19 - 2015-01-15 03:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:19 - 2015-01-15 03:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:19 - 2015-01-15 03:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:19 - 2015-01-15 03:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:19 - 2015-01-15 03:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:19 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:19 - 2015-01-15 03:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:19 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:19 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:19 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:19 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:19 - 2015-01-15 00:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:19 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 09:19 - 2015-01-08 21:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:18 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:18 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:18 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:18 - 2015-01-11 22:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:18 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:18 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:18 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:18 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:18 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:18 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:18 - 2015-01-11 21:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:18 - 2015-01-11 21:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:18 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:18 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:18 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:18 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:18 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:18 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:18 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:18 - 2015-01-11 21:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:18 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:18 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:18 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:18 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:18 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:17 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:17 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:17 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:17 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:17 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:17 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:17 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 06:38 - 2015-02-10 15:19 - 00000000 ____D () C:\Users\Catherine\Documents\Italian Class
2015-02-07 11:10 - 2015-02-13 16:58 - 00000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2015-02-07 06:38 - 2015-02-07 06:38 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{D1A3F280-6812-4998-B7D9-045703249E6F}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-09 17:05 - 2013-12-12 10:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 16:48 - 2012-06-26 16:38 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000UA.job
2015-03-09 16:48 - 2012-06-26 16:38 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000Core.job
2015-03-09 16:46 - 2013-12-02 11:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 16:23 - 2010-10-02 18:01 - 01309043 _____ () C:\Windows\WindowsUpdate.log
2015-03-09 11:04 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 11:04 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 11:03 - 2010-10-02 18:04 - 00739918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-09 10:58 - 2014-10-09 18:03 - 00000000 ___RD () C:\Users\Catherine\Google Drive
2015-03-09 10:58 - 2013-12-03 13:53 - 00000000 ___RD () C:\Users\Catherine\Dropbox
2015-03-09 10:58 - 2013-12-03 13:49 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Dropbox
2015-03-09 10:58 - 2013-08-10 19:00 - 00000000 ___RD () C:\Users\Catherine\SkyDrive
2015-03-09 10:56 - 2013-12-12 10:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-09 10:56 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 17:36 - 2014-08-03 20:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 16:29 - 2010-10-06 04:26 - 02514944 ___SH () C:\Users\Catherine\Documents\Thumbs.db
2015-03-08 11:24 - 2010-10-06 11:08 - 00000000 ___RD () C:\Program Files\Skype
2015-03-07 20:57 - 2010-10-06 17:42 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Microsoft Games
2015-03-07 11:07 - 2014-06-26 10:25 - 00000000 ____D () C:\Users\Catherine\Documents\SHINE
2015-03-06 18:54 - 2010-10-06 11:58 - 00000000 ____D () C:\Users\Public\Documents\Trade King
2015-03-06 16:46 - 2015-01-01 12:37 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-06 16:46 - 2015-01-01 12:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-06 16:21 - 2014-02-24 11:18 - 00002176 _____ () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-06 10:59 - 2014-12-10 18:17 - 00000000 ____D () C:\ProgramData\9171614046202116540
2015-03-04 15:29 - 2015-01-05 09:03 - 00000000 ____D () C:\ProgramData\SMartCompaereo
2015-03-04 15:29 - 2015-01-05 09:03 - 00000000 ____D () C:\ProgramData\easytoshooP
2015-03-04 15:29 - 2014-12-30 20:18 - 00000000 ____D () C:\ProgramData\Realidaeal
2015-03-04 15:29 - 2014-12-30 20:17 - 00000000 ____D () C:\ProgramData\CoUpScaanNer
2015-03-03 15:24 - 2010-10-03 02:32 - 00007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2015-03-03 09:16 - 2010-11-07 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:25 - 2010-10-06 04:26 - 00000000 ____D () C:\Users\Catherine\Documents\Idlewild
2015-03-01 23:59 - 2010-10-06 11:11 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Skype
2015-02-28 21:54 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-28 18:16 - 2013-12-03 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 18:16 - 2010-10-02 21:09 - 00000000 ____D () C:\Program Files\Java
2015-02-28 10:54 - 2013-07-14 19:03 - 00001044 _____ () C:\Windows\Output.txt
2015-02-27 18:43 - 2012-07-21 17:03 - 00000000 ___RD () C:\Users\Catherine\Documents\HP Photo Creations
2015-02-27 18:17 - 2015-01-01 22:52 - 00000000 ____D () C:\Users\Catherine\Documents\My Albums
2015-02-27 16:58 - 2011-02-04 21:46 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Visan
2015-02-27 16:55 - 2010-10-04 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 16:54 - 2010-10-19 13:27 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 13:02 - 2010-10-05 13:10 - 00000000 ____D () C:\Users\Catherine\Documents\Family Trees
2015-02-25 17:29 - 2014-08-04 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-02-19 14:33 - 2013-08-10 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-19 09:57 - 2010-10-15 22:13 - 00040116 _____ () C:\Windows\$CCW_D02.CC$
2015-02-19 09:57 - 2010-10-07 08:55 - 00005612 _____ () C:\Windows\POWERUP.INI
2015-02-19 09:44 - 2010-10-17 11:29 - 00000030 _____ () C:\Windows\GRAPHICS FILTERS
2015-02-19 09:44 - 2010-10-07 08:55 - 00000788 _____ () C:\Windows\CCSTYLES.CCY
2015-02-19 02:07 - 2013-03-01 18:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 02:05 - 2013-03-01 18:50 - 00000000 ____D () C:\Program Files\Garmin
2015-02-16 09:57 - 2010-10-13 11:38 - 00000000 ____D () C:\Users\Public\Documents\Uncommon Travelers
2015-02-15 18:00 - 2011-10-05 11:12 - 00015359 _____ () C:\Users\Catherine\Documents\Book1.xlsx
2015-02-14 08:19 - 2010-10-18 11:51 - 00000000 ____D () C:\Program Files\Google
2015-02-13 13:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-02-13 13:40 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-12 19:42 - 2013-12-03 13:53 - 00001033 _____ () C:\Users\Catherine\Desktop\Dropbox.lnk
2015-02-12 19:42 - 2013-12-03 13:50 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 19:34 - 2009-07-14 00:33 - 00524224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 10:36 - 2013-08-14 16:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:29 - 2010-10-02 20:14 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 10:27 - 2010-10-03 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 10:25 - 2012-05-20 12:24 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 10:25 - 2011-01-28 17:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 10:25 - 2011-01-28 17:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-10 14:46 - 2011-05-29 14:52 - 00499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
2015-02-10 14:43 - 2010-10-03 00:07 - 00016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache
==================== Files in the root of some directories =======
2015-02-07 11:10 - 2015-02-13 16:58 - 0000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2014-11-21 13:01 - 2014-11-06 08:17 - 1859904 _____ (BeFrugal.com ) C:\Users\Catherine\AppData\Roaming\BeFrugal.com-Install.exe
2010-10-03 02:32 - 2015-03-03 15:24 - 0007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2010-10-18 16:03 - 2015-01-08 17:53 - 0014848 _____ () C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-18 21:22 - 2010-10-18 21:22 - 0000097 _____ () C:\Users\Catherine\AppData\Local\fusioncache.dat
2010-11-17 16:44 - 2010-11-17 16:49 - 0007611 _____ () C:\Users\Catherine\AppData\Local\resmon.resmoncfg
2011-05-29 14:52 - 2015-02-10 14:46 - 0499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
2010-10-03 00:07 - 2015-02-10 14:43 - 0016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache
2013-08-04 12:42 - 2013-08-04 12:42 - 0000000 _____ () C:\ProgramData\2b28273c2a2030262c5e242c_c
2010-10-06 11:12 - 2010-10-06 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-04 15:59 - 2010-11-20 18:37 - 0004445 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnmvjkl.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 08:49
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-03-09 17:25:06
-----------------------------
17:25:06.749 OS Version: Windows 6.1.7601 Service Pack 1
17:25:06.749 Number of processors: 2 586 0x170A
17:25:06.749 ComputerName: CATHERINE-PC UserName: Catherine
17:25:09.349 Initialize success
17:25:09.429 VM: initialized successfully
17:25:09.429 VM: Intel CPU supported
17:25:13.809 VM: disk I/O atapi.sys
17:28:05.222 The log file has been saved successfully to "C:\Users\Catherine\Desktop\aswMBR.txt"