OK. Here's the file.
Printable View
OK. Here's the file.
OK. Here's the log.
Good. Please run FRST again (like earlier without using fix) and copy-paste log contents in your reply.
Don't know where my replies have gone -- have already sent log twice, but will try again as I don't see it here.
Neither of your replies has gone anywhere and I saw them. However, after that I asked you to run FRST again but without pressing Fix button :)Quote:
Don't know where my replies have gone -- have already sent log twice, but will try again as I don't see it here.
Right click FRST.exe and select run as administrator.
Press Scan button in FRST and wait until tool has finished. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy-paste contents of that log back here.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Catherine (administrator) on CATHERINE-PC on 20-03-2015 15:24:54
Running from C:\Users\Catherine\Desktop
Loaded Profiles: Catherine (Available profiles: Catherine)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Sonic Solutions) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [240112 2007-08-24] (Sonic Solutions)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [DXDllRegExe] => dxdllreg.exe
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [OneDrive] => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-11] (Microsoft Corporation)
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
IFEO: [Debugger] svchost.exe
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?fr=yfp-t-403
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://my.yahoo.com/
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {5320134B-25BC-C2D4-1AF8-8C5F8CAA52F3} URL = http://www.bing.com/search?q={searchTerms}&pc=Z020&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {59D81261-FBA5-4DBB-85BF-3014E49D605F} URL = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {617D4867-3277-41B4-A578-6614A00C16EA} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {C09145E9-A2BA-49E1-A4D3-560A676F105F} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-09-23] (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Catherine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Catherine\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-11-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-20]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Skype Click to Call) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-04]
CHR Extension: (Second Home) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmemlnpjmfkcddknibchodllhnnidlp [2015-02-25]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CATHER~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-08]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [344056 2013-04-01] (Verizon) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
R2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 SessionLauncher; C:\Users\CATHER~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2010-10-18] (Oak Technology Inc.) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-07-16] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-07-16] (HP)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 scsiscan; C:\Windows\system32\drivers\scsiscan.sys [14848 2009-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-20 14:15 - 2015-03-20 14:15 - 00000000 ___HD () C:\OneDriveTemp
2015-03-19 15:48 - 2015-03-19 15:50 - 00000000 ____D () C:\Users\Catherine\Documents\OLLI
2015-03-16 08:03 - 2015-03-20 14:14 - 00000336 _____ () C:\Windows\setupact.log
2015-03-16 08:03 - 2015-03-16 13:59 - 00000924 _____ () C:\Windows\PFRO.log
2015-03-16 08:03 - 2015-03-16 08:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-15 23:06 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150315-230629.backup
2015-03-15 23:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150315-230550.backup
2015-03-13 11:09 - 2015-03-13 11:09 - 00000000 ____D () C:\Users\Catherine\Desktop\FRST-OlderVersion
2015-03-11 09:53 - 2015-02-25 23:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:53 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:53 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:53 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:53 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:53 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:53 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:53 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:53 - 2015-02-19 22:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 09:53 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:53 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:53 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 09:53 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 09:53 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:53 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:53 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:53 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 09:53 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 09:53 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:53 - 2015-02-19 21:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 09:53 - 2015-02-19 21:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:53 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:53 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:53 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:53 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:53 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:53 - 2015-02-19 21:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:53 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 09:53 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:53 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:53 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 09:53 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:53 - 2015-01-30 23:32 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 09:53 - 2015-01-30 22:52 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:53 - 2015-01-30 22:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 09:53 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:52 - 2015-03-06 01:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:52 - 2015-03-06 01:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:52 - 2015-03-06 01:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:52 - 2015-03-06 01:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:52 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:52 - 2015-03-06 01:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:52 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:52 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:52 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:52 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:52 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:52 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:52 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:51 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 09:51 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:51 - 2015-02-02 23:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:51 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:51 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:51 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:51 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:51 - 2015-02-02 23:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:51 - 2015-02-02 23:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:51 - 2015-02-02 23:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:51 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:51 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:51 - 2015-02-02 23:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:51 - 2015-02-02 22:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:51 - 2015-01-30 19:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:51 - 2014-10-31 18:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:51 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 09:51 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 13:38 - 2015-03-10 13:38 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{19F585E6-DF04-45B4-B69A-F673D2679F7A}
2015-03-10 12:34 - 2015-03-10 12:32 - 02171392 _____ () C:\Users\Catherine\Desktop\AdwCleaner.exe
2015-03-10 11:41 - 2015-03-13 11:30 - 00000000 ____D () C:\AdwCleaner
2015-03-09 17:28 - 2015-03-13 11:02 - 00001181 _____ () C:\Users\Catherine\Desktop\aswMBR.txt
2015-03-09 17:08 - 2015-03-09 17:09 - 00049397 _____ () C:\Users\Catherine\Desktop\Addition.txt
2015-03-09 17:07 - 2015-03-20 15:25 - 00000000 ____D () C:\FRST
2015-03-09 17:07 - 2015-03-20 15:24 - 00025047 _____ () C:\Users\Catherine\Desktop\FRST.txt
2015-03-09 17:03 - 2015-03-09 17:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CATHERINE-PC-Windows-7-Enterprise-(32-bit).dat
2015-03-09 17:02 - 2015-03-09 17:02 - 00000000 ____D () C:\RegBackup
2015-03-09 16:59 - 2015-03-09 16:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-09 16:58 - 2015-03-09 16:58 - 05198336 _____ (AVAST Software) C:\Users\Catherine\Desktop\aswMBR.exe
2015-03-09 16:54 - 2015-03-13 11:09 - 01135104 _____ (Farbar) C:\Users\Catherine\Desktop\FRST.exe
2015-03-09 16:40 - 2015-03-09 16:40 - 04804736 _____ () C:\Users\Catherine\Desktop\tweaking.com_registry_backup_setup.exe
2015-03-09 14:01 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150309-140157.backup
2015-03-06 19:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150306-181238.backup
2015-03-06 19:09 - 2015-03-06 19:10 - 00000560 _____ () C:\Users\Catherine\Documents\cc_20150306_180948.reg
2015-03-06 16:24 - 2015-03-06 16:24 - 00025906 _____ () C:\Users\Catherine\Documents\cc_20150306_152401.reg
2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{52BCCC98-434A-4857-B895-68ED3442C0A4}
2015-03-01 17:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150301-160510.backup
2015-02-28 18:17 - 2015-02-28 18:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-28 18:17 - 2015-02-28 18:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-28 18:16 - 2015-02-28 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-27 16:54 - 2015-02-27 18:42 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\HP Photo Creations
2015-02-27 16:54 - 2015-02-27 16:54 - 00002120 _____ () C:\Users\Catherine\Desktop\HP Photo Creations.lnk
2015-02-27 16:10 - 2015-02-27 16:10 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{3BCC05A3-14C1-4E95-BD55-A773CD55C6E9}
2015-02-27 12:47 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150227-114702.backup
2015-02-26 19:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-180511.backup
2015-02-25 22:00 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-210027.backup
2015-02-25 21:59 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-205948.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201343.backup
2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201310.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201236.backup
2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201211.backup
2015-02-19 10:18 - 2015-02-19 10:18 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{C0B36FD4-E9B7-4666-BD67-F535C2DAE402}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-20 15:05 - 2013-12-12 10:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 14:46 - 2013-12-02 11:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 14:22 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 14:22 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 14:20 - 2010-10-02 18:01 - 01395733 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 14:16 - 2014-10-09 18:03 - 00000000 ___RD () C:\Users\Catherine\Google Drive
2015-03-20 14:16 - 2013-12-03 13:53 - 00000000 ___RD () C:\Users\Catherine\Dropbox
2015-03-20 14:16 - 2013-12-03 13:49 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Dropbox
2015-03-20 14:15 - 2013-08-10 19:00 - 00000000 ___RD () C:\Users\Catherine\SkyDrive
2015-03-20 14:14 - 2013-12-12 10:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-20 14:14 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 19:48 - 2012-06-26 16:38 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000UA.job
2015-03-19 16:48 - 2012-06-26 16:38 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000Core.job
2015-03-19 15:51 - 2010-10-06 04:26 - 02514944 ___SH () C:\Users\Catherine\Documents\Thumbs.db
2015-03-17 22:53 - 2011-10-05 11:12 - 00015504 _____ () C:\Users\Catherine\Documents\Book1.xlsx
2015-03-17 22:16 - 2010-10-02 18:04 - 00739918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 22:16 - 2010-10-18 11:51 - 00000000 ____D () C:\Program Files\Google
2015-03-16 17:08 - 2010-10-03 02:32 - 00007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2015-03-16 14:17 - 2013-08-10 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-15 19:35 - 2014-08-03 20:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 19:17 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-03-13 16:07 - 2010-10-02 21:04 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Adobe
2015-03-13 11:29 - 2013-12-03 13:53 - 00001033 _____ () C:\Users\Catherine\Desktop\Dropbox.lnk
2015-03-13 11:29 - 2013-12-03 13:50 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-13 10:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-11 20:20 - 2014-02-24 11:18 - 00002176 _____ () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-11 20:16 - 2009-07-14 00:33 - 00524224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 12:22 - 2010-10-03 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 12:21 - 2013-08-14 16:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 12:14 - 2010-10-02 20:14 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 11:24 - 2010-10-06 11:08 - 00000000 ___RD () C:\Program Files\Skype
2015-03-07 20:57 - 2010-10-06 17:42 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Microsoft Games
2015-03-07 11:07 - 2014-06-26 10:25 - 00000000 ____D () C:\Users\Catherine\Documents\SHINE
2015-03-06 18:54 - 2010-10-06 11:58 - 00000000 ____D () C:\Users\Public\Documents\Trade King
2015-03-06 16:46 - 2015-01-01 12:37 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-06 16:46 - 2015-01-01 12:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-06 10:59 - 2014-12-10 18:17 - 00000000 ____D () C:\ProgramData\9171614046202116540
2015-03-03 09:16 - 2010-11-07 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:25 - 2010-10-06 04:26 - 00000000 ____D () C:\Users\Catherine\Documents\Idlewild
2015-03-01 23:59 - 2010-10-06 11:11 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Skype
2015-02-28 21:54 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-28 18:16 - 2013-12-03 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 18:16 - 2010-10-02 21:09 - 00000000 ____D () C:\Program Files\Java
2015-02-28 10:54 - 2013-07-14 19:03 - 00001044 _____ () C:\Windows\Output.txt
2015-02-27 18:43 - 2012-07-21 17:03 - 00000000 ___RD () C:\Users\Catherine\Documents\HP Photo Creations
2015-02-27 18:17 - 2015-01-01 22:52 - 00000000 ____D () C:\Users\Catherine\Documents\My Albums
2015-02-27 16:58 - 2011-02-04 21:46 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Visan
2015-02-27 16:55 - 2010-10-04 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 16:54 - 2010-10-19 13:27 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-02-27 13:02 - 2010-10-05 13:10 - 00000000 ____D () C:\Users\Catherine\Documents\Family Trees
2015-02-19 09:57 - 2010-10-15 22:13 - 00040116 _____ () C:\Windows\$CCW_D02.CC$
2015-02-19 09:57 - 2010-10-07 08:55 - 00005612 _____ () C:\Windows\POWERUP.INI
2015-02-19 09:44 - 2010-10-17 11:29 - 00000030 _____ () C:\Windows\GRAPHICS FILTERS
2015-02-19 09:44 - 2010-10-07 08:55 - 00000788 _____ () C:\Windows\CCSTYLES.CCY
2015-02-19 02:07 - 2013-03-01 18:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 02:05 - 2013-03-01 18:50 - 00000000 ____D () C:\Program Files\Garmin
==================== Files in the root of some directories =======
2015-02-07 11:10 - 2015-02-13 16:58 - 0000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
2014-11-21 13:01 - 2014-11-06 08:17 - 1859904 _____ (BeFrugal.com ) C:\Users\Catherine\AppData\Roaming\BeFrugal.com-Install.exe
2010-10-03 02:32 - 2015-03-16 17:08 - 0007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
2010-10-18 16:03 - 2015-01-08 17:53 - 0014848 _____ () C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-18 21:22 - 2010-10-18 21:22 - 0000097 _____ () C:\Users\Catherine\AppData\Local\fusioncache.dat
2010-11-17 16:44 - 2010-11-17 16:49 - 0007611 _____ () C:\Users\Catherine\AppData\Local\resmon.resmoncfg
2011-05-29 14:52 - 2015-02-10 14:46 - 0499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
2010-10-03 00:07 - 2015-02-10 14:43 - 0016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache
2013-08-04 12:42 - 2013-08-04 12:42 - 0000000 _____ () C:\ProgramData\2b28273c2a2030262c5e242c_c
2010-10-06 11:12 - 2010-10-06 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-04 15:59 - 2010-11-20 18:37 - 0004445 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpongwd5.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-15 16:41
==================== End Of Log ============================
Hi,
Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
- Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
- Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
- Click the blue Run ESET Online Scanner button
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
- Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
- Click on Advanced Settings
- Make sure that the option Remove found threats is unticked.
- Ensure these options are ticked
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Click Start
- Wait for the scan to finish
- When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
- Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
- Close the ESET online scan, and let me know how things are now.
Hi,
Yes, threats were found. File enclosed. However, I messed up and forgot to go to advanced settings and unclick "remove found threats". So, they've been removed. Sorry. I can't believe we went through all those steps and there were still threats.
C:\AdwCleaner\Quarantine\C\Program Files\CheapProductsCoupons\Shopalooza.dll.vir a variant of Win32/SProtector.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\comiomcpmjjbamckaofaihngeohecbnl\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\comiomcpmjjbamckaofaihngeohecbnl\t8e7OdYke.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\fdnolplnofjhffmggppnjejkonmhlnkl\lsdb.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\fdnolplnofjhffmggppnjejkonmhlnkl\tKmbca9.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\gdjnohoegomjephliankgbomeifahlcp\hNrk_ac.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\rrealdeaal\DdC0BJhhdR9XDg.exe.vir a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\Users\Catherine\Desktop\Downloads\FreeFileViewerSetup.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
Hi,
All but the last one on the list were items that adwCleaner had already quarantined so situation looks good from that point of view. How's the system running now? Any problems left?