Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: CheapProductsCoupons

  1. #11
    Junior Member
    Join Date
    Mar 2015
    Posts
    13

    Default CheapProductsCoupons

    OK. Here's the file.
    Attached Files Attached Files

  2. #12
    Junior Member
    Join Date
    Mar 2015
    Posts
    13

    Default CheapProductsCoupons

    OK. Here's the log.
    Attached Files Attached Files

  3. #13
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Good. Please run FRST again (like earlier without using fix) and copy-paste log contents in your reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #14
    Junior Member
    Join Date
    Mar 2015
    Posts
    13

    Default CheapProductsCoupons

    Don't know where my replies have gone -- have already sent log twice, but will try again as I don't see it here.
    Attached Files Attached Files

  5. #15
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Don't know where my replies have gone -- have already sent log twice, but will try again as I don't see it here.
    Neither of your replies has gone anywhere and I saw them. However, after that I asked you to run FRST again but without pressing Fix button

    Right click FRST.exe and select run as administrator.
    Press Scan button in FRST and wait until tool has finished. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy-paste contents of that log back here.
    Last edited by Blade81; 2015-03-19 at 23:35.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #16
    Junior Member
    Join Date
    Mar 2015
    Posts
    13

    Default CheapProductsCoupons

    Quote Originally Posted by Blade81 View Post
    Good. Please run FRST again (like earlier without using fix) and copy-paste log contents in your reply.
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
    Ran by Catherine (administrator) on CATHERINE-PC on 20-03-2015 15:24:54
    Running from C:\Users\Catherine\Desktop
    Loaded Profiles: Catherine (Available profiles: Catherine)
    Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    (Sonic Solutions) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    (Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Microsoft Corporation) C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-03] (Realtek Semiconductor)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [240112 2007-08-24] (Sonic Solutions)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [DXDllRegExe] => dxdllreg.exe
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Run: [OneDrive] => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-11] (Microsoft Corporation)
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Policies\Explorer: [DisallowRun] 1
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
    IFEO: [Debugger] svchost.exe
    Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Catherine\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    BootExecute: autocheck autochk * sdnclean.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?fr=yfp-t-403
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie9
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://my.yahoo.com/
    SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> URL http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {5320134B-25BC-C2D4-1AF8-8C5F8CAA52F3} URL = http://www.bing.com/search?q={searchTerms}&pc=Z020&form=ZGAIDF
    SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {59D81261-FBA5-4DBB-85BF-3014E49D605F} URL = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
    SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {617D4867-3277-41B4-A578-6614A00C16EA} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> {C09145E9-A2BA-49E1-A4D3-560A676F105F} URL = http://www.flickr.com/search/?q={searchTerms}
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-3958275423-1937913606-3708625069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27] (Google Inc.)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-09-23] (Adobe Systems, Inc.)
    FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-10] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-03] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-03] (RealNetworks, Inc.)
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-09] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Catherine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-01] (Citrix Online)
    FF Plugin HKU\S-1-5-21-3958275423-1937913606-3708625069-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Catherine\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-11-23]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-11-23]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
    FF HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-20]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
    CHR Extension: (Skype Click to Call) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-04]
    CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-04]
    CHR Extension: (Second Home) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmemlnpjmfkcddknibchodllhnnidlp [2015-02-25]
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR HKU\S-1-5-21-3958275423-1937913606-3708625069-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CATHER~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-08]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
    R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [344056 2013-04-01] (Verizon) [File not signed]
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
    R2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
    S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    S2 SessionLauncher; C:\Users\CATHER~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
    S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2010-10-18] (Oak Technology Inc.) [File not signed]
    R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
    S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
    S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
    S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-07-16] (HP)
    S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-07-16] (HP)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
    S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
    S3 scsiscan; C:\Windows\system32\drivers\scsiscan.sys [14848 2009-07-13] (Microsoft Corporation)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-20 14:15 - 2015-03-20 14:15 - 00000000 ___HD () C:\OneDriveTemp
    2015-03-19 15:48 - 2015-03-19 15:50 - 00000000 ____D () C:\Users\Catherine\Documents\OLLI
    2015-03-16 08:03 - 2015-03-20 14:14 - 00000336 _____ () C:\Windows\setupact.log
    2015-03-16 08:03 - 2015-03-16 13:59 - 00000924 _____ () C:\Windows\PFRO.log
    2015-03-16 08:03 - 2015-03-16 08:03 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-15 23:06 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150315-230629.backup
    2015-03-15 23:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150315-230550.backup
    2015-03-13 11:09 - 2015-03-13 11:09 - 00000000 ____D () C:\Users\Catherine\Desktop\FRST-OlderVersion
    2015-03-11 09:53 - 2015-02-25 23:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-11 09:53 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-11 09:53 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-11 09:53 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-11 09:53 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-11 09:53 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-11 09:53 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-11 09:53 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-11 09:53 - 2015-02-19 22:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-11 09:53 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-11 09:53 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-11 09:53 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-11 09:53 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-11 09:53 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-11 09:53 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-11 09:53 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-11 09:53 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-11 09:53 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-11 09:53 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-11 09:53 - 2015-02-19 21:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-11 09:53 - 2015-02-19 21:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-11 09:53 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-11 09:53 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-11 09:53 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-11 09:53 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-11 09:53 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-11 09:53 - 2015-02-19 21:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-11 09:53 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-11 09:53 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-11 09:53 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-11 09:53 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-11 09:53 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-11 09:53 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-11 09:53 - 2015-01-30 23:32 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-11 09:53 - 2015-01-30 22:52 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-11 09:53 - 2015-01-30 22:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-03-11 09:53 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-11 09:52 - 2015-03-06 01:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-11 09:52 - 2015-03-06 01:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-03-11 09:52 - 2015-03-06 01:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-03-11 09:52 - 2015-03-06 01:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-03-11 09:52 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-03-11 09:52 - 2015-03-06 01:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-03-11 09:52 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-11 09:52 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-03-11 09:52 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-11 09:52 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-11 09:52 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-11 09:52 - 2015-02-20 00:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-11 09:52 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-11 09:52 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-03-11 09:52 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-11 09:52 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-11 09:51 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-03-11 09:51 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-11 09:51 - 2015-02-02 23:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-11 09:51 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-03-11 09:51 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-03-11 09:51 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-03-11 09:51 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-03-11 09:51 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-03-11 09:51 - 2015-02-02 23:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-03-11 09:51 - 2015-02-02 23:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-03-11 09:51 - 2015-02-02 23:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-03-11 09:51 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-03-11 09:51 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-03-11 09:51 - 2015-02-02 23:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-03-11 09:51 - 2015-02-02 23:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-03-11 09:51 - 2015-02-02 23:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-03-11 09:51 - 2015-02-02 23:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-03-11 09:51 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-03-11 09:51 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-03-11 09:51 - 2015-02-02 23:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-03-11 09:51 - 2015-02-02 22:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-03-11 09:51 - 2015-01-30 19:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-11 09:51 - 2014-10-31 18:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-11 09:51 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-03-11 09:51 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-03-10 13:38 - 2015-03-10 13:38 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{19F585E6-DF04-45B4-B69A-F673D2679F7A}
    2015-03-10 12:34 - 2015-03-10 12:32 - 02171392 _____ () C:\Users\Catherine\Desktop\AdwCleaner.exe
    2015-03-10 11:41 - 2015-03-13 11:30 - 00000000 ____D () C:\AdwCleaner
    2015-03-09 17:28 - 2015-03-13 11:02 - 00001181 _____ () C:\Users\Catherine\Desktop\aswMBR.txt
    2015-03-09 17:08 - 2015-03-09 17:09 - 00049397 _____ () C:\Users\Catherine\Desktop\Addition.txt
    2015-03-09 17:07 - 2015-03-20 15:25 - 00000000 ____D () C:\FRST
    2015-03-09 17:07 - 2015-03-20 15:24 - 00025047 _____ () C:\Users\Catherine\Desktop\FRST.txt
    2015-03-09 17:03 - 2015-03-09 17:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CATHERINE-PC-Windows-7-Enterprise-(32-bit).dat
    2015-03-09 17:02 - 2015-03-09 17:02 - 00000000 ____D () C:\RegBackup
    2015-03-09 16:59 - 2015-03-09 16:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-03-09 16:59 - 2015-03-09 16:59 - 00000000 ____D () C:\Program Files\Tweaking.com
    2015-03-09 16:58 - 2015-03-09 16:58 - 05198336 _____ (AVAST Software) C:\Users\Catherine\Desktop\aswMBR.exe
    2015-03-09 16:54 - 2015-03-13 11:09 - 01135104 _____ (Farbar) C:\Users\Catherine\Desktop\FRST.exe
    2015-03-09 16:40 - 2015-03-09 16:40 - 04804736 _____ () C:\Users\Catherine\Desktop\tweaking.com_registry_backup_setup.exe
    2015-03-09 14:01 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150309-140157.backup
    2015-03-06 19:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150306-181238.backup
    2015-03-06 19:09 - 2015-03-06 19:10 - 00000560 _____ () C:\Users\Catherine\Documents\cc_20150306_180948.reg
    2015-03-06 16:24 - 2015-03-06 16:24 - 00025906 _____ () C:\Users\Catherine\Documents\cc_20150306_152401.reg
    2015-03-02 20:54 - 2015-03-02 20:54 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{52BCCC98-434A-4857-B895-68ED3442C0A4}
    2015-03-01 17:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150301-160510.backup
    2015-02-28 18:17 - 2015-02-28 18:17 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-02-28 18:17 - 2015-02-28 18:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-02-28 18:16 - 2015-02-28 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-02-27 16:54 - 2015-02-27 18:42 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\HP Photo Creations
    2015-02-27 16:54 - 2015-02-27 16:54 - 00002120 _____ () C:\Users\Catherine\Desktop\HP Photo Creations.lnk
    2015-02-27 16:10 - 2015-02-27 16:10 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{3BCC05A3-14C1-4E95-BD55-A773CD55C6E9}
    2015-02-27 12:47 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150227-114702.backup
    2015-02-26 19:05 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-180511.backup
    2015-02-25 22:00 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-210027.backup
    2015-02-25 21:59 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-205948.backup
    2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201343.backup
    2015-02-25 21:13 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201310.backup
    2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201236.backup
    2015-02-25 21:12 - 2011-02-26 16:05 - 00002124 _____ () C:\Windows\system32\Drivers\etc\hosts.20150225-201211.backup
    2015-02-19 10:18 - 2015-02-19 10:18 - 00000000 ____D () C:\Users\Catherine\AppData\Local\{C0B36FD4-E9B7-4666-BD67-F535C2DAE402}

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-20 15:05 - 2013-12-12 10:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-20 14:46 - 2013-12-02 11:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-20 14:22 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-20 14:22 - 2009-07-14 00:34 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-20 14:20 - 2010-10-02 18:01 - 01395733 _____ () C:\Windows\WindowsUpdate.log
    2015-03-20 14:16 - 2014-10-09 18:03 - 00000000 ___RD () C:\Users\Catherine\Google Drive
    2015-03-20 14:16 - 2013-12-03 13:53 - 00000000 ___RD () C:\Users\Catherine\Dropbox
    2015-03-20 14:16 - 2013-12-03 13:49 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Dropbox
    2015-03-20 14:15 - 2013-08-10 19:00 - 00000000 ___RD () C:\Users\Catherine\SkyDrive
    2015-03-20 14:14 - 2013-12-12 10:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-20 14:14 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-19 19:48 - 2012-06-26 16:38 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000UA.job
    2015-03-19 16:48 - 2012-06-26 16:38 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958275423-1937913606-3708625069-1000Core.job
    2015-03-19 15:51 - 2010-10-06 04:26 - 02514944 ___SH () C:\Users\Catherine\Documents\Thumbs.db
    2015-03-17 22:53 - 2011-10-05 11:12 - 00015504 _____ () C:\Users\Catherine\Documents\Book1.xlsx
    2015-03-17 22:16 - 2010-10-02 18:04 - 00739918 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-16 22:16 - 2010-10-18 11:51 - 00000000 ____D () C:\Program Files\Google
    2015-03-16 17:08 - 2010-10-03 02:32 - 00007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
    2015-03-16 14:17 - 2013-08-10 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-15 19:35 - 2014-08-03 20:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-13 19:17 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
    2015-03-13 16:07 - 2010-10-02 21:04 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Adobe
    2015-03-13 11:29 - 2013-12-03 13:53 - 00001033 _____ () C:\Users\Catherine\Desktop\Dropbox.lnk
    2015-03-13 11:29 - 2013-12-03 13:50 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-03-13 10:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-11 20:20 - 2014-02-24 11:18 - 00002176 _____ () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2015-03-11 20:16 - 2009-07-14 00:33 - 00524224 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-11 12:22 - 2010-10-03 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-03-11 12:21 - 2013-08-14 16:32 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-11 12:14 - 2010-10-02 20:14 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-03-08 11:24 - 2010-10-06 11:08 - 00000000 ___RD () C:\Program Files\Skype
    2015-03-07 20:57 - 2010-10-06 17:42 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Microsoft Games
    2015-03-07 11:07 - 2014-06-26 10:25 - 00000000 ____D () C:\Users\Catherine\Documents\SHINE
    2015-03-06 18:54 - 2010-10-06 11:58 - 00000000 ____D () C:\Users\Public\Documents\Trade King
    2015-03-06 16:46 - 2015-01-01 12:37 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-03-06 16:46 - 2015-01-01 12:37 - 00000000 ____D () C:\Program Files\CCleaner
    2015-03-06 10:59 - 2014-12-10 18:17 - 00000000 ____D () C:\ProgramData\9171614046202116540
    2015-03-03 09:16 - 2010-11-07 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-02 16:25 - 2010-10-06 04:26 - 00000000 ____D () C:\Users\Catherine\Documents\Idlewild
    2015-03-01 23:59 - 2010-10-06 11:11 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Skype
    2015-02-28 21:54 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Offline Web Pages
    2015-02-28 18:16 - 2013-12-03 13:35 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-28 18:16 - 2010-10-02 21:09 - 00000000 ____D () C:\Program Files\Java
    2015-02-28 10:54 - 2013-07-14 19:03 - 00001044 _____ () C:\Windows\Output.txt
    2015-02-27 18:43 - 2012-07-21 17:03 - 00000000 ___RD () C:\Users\Catherine\Documents\HP Photo Creations
    2015-02-27 18:17 - 2015-01-01 22:52 - 00000000 ____D () C:\Users\Catherine\Documents\My Albums
    2015-02-27 16:58 - 2011-02-04 21:46 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Visan
    2015-02-27 16:55 - 2010-10-04 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-02-27 16:54 - 2010-10-19 13:27 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
    2015-02-27 13:02 - 2010-10-05 13:10 - 00000000 ____D () C:\Users\Catherine\Documents\Family Trees
    2015-02-19 09:57 - 2010-10-15 22:13 - 00040116 _____ () C:\Windows\$CCW_D02.CC$
    2015-02-19 09:57 - 2010-10-07 08:55 - 00005612 _____ () C:\Windows\POWERUP.INI
    2015-02-19 09:44 - 2010-10-17 11:29 - 00000030 _____ () C:\Windows\GRAPHICS FILTERS
    2015-02-19 09:44 - 2010-10-07 08:55 - 00000788 _____ () C:\Windows\CCSTYLES.CCY
    2015-02-19 02:07 - 2013-03-01 18:50 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2015-02-19 02:06 - 2013-03-01 18:51 - 00000000 ____D () C:\ProgramData\Garmin
    2015-02-19 02:05 - 2013-03-01 18:50 - 00000000 ____D () C:\Program Files\Garmin

    ==================== Files in the root of some directories =======

    2015-02-07 11:10 - 2015-02-13 16:58 - 0000020 _____ () C:\Users\Catherine\AppData\Roaming\appdataFr3.bin
    2014-11-21 13:01 - 2014-11-06 08:17 - 1859904 _____ (BeFrugal.com ) C:\Users\Catherine\AppData\Roaming\BeFrugal.com-Install.exe
    2010-10-03 02:32 - 2015-03-16 17:08 - 0007188 _____ () C:\Users\Catherine\AppData\Roaming\wklnhst.dat
    2010-10-18 16:03 - 2015-01-08 17:53 - 0014848 _____ () C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-10-18 21:22 - 2010-10-18 21:22 - 0000097 _____ () C:\Users\Catherine\AppData\Local\fusioncache.dat
    2010-11-17 16:44 - 2010-11-17 16:49 - 0007611 _____ () C:\Users\Catherine\AppData\Local\resmon.resmoncfg
    2011-05-29 14:52 - 2015-02-10 14:46 - 0499596 _____ () C:\Users\Catherine\AppData\Local\rx_audio.Cache
    2010-10-03 00:07 - 2015-02-10 14:43 - 0016920 _____ () C:\Users\Catherine\AppData\Local\rx_image.Cache
    2013-08-04 12:42 - 2013-08-04 12:42 - 0000000 _____ () C:\ProgramData\2b28273c2a2030262c5e242c_c
    2010-10-06 11:12 - 2010-10-06 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2010-10-04 15:59 - 2010-11-20 18:37 - 0004445 _____ () C:\ProgramData\hpzinstall.log

    Some content of TEMP:
    ====================
    C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpongwd5.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-15 16:41

    ==================== End Of Log ============================

  7. #17
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #18
    Junior Member
    Join Date
    Mar 2015
    Posts
    13

    Default CheapProductsCoupons

    Quote Originally Posted by Blade81 View Post
    Hi,

    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.
    Hi,
    Yes, threats were found. File enclosed. However, I messed up and forgot to go to advanced settings and unclick "remove found threats". So, they've been removed. Sorry. I can't believe we went through all those steps and there were still threats.

    C:\AdwCleaner\Quarantine\C\Program Files\CheapProductsCoupons\Shopalooza.dll.vir a variant of Win32/SProtector.Q potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\ProgramData\comiomcpmjjbamckaofaihngeohecbnl\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\ProgramData\comiomcpmjjbamckaofaihngeohecbnl\t8e7OdYke.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\ProgramData\fdnolplnofjhffmggppnjejkonmhlnkl\lsdb.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\ProgramData\fdnolplnofjhffmggppnjejkonmhlnkl\tKmbca9.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\ProgramData\gdjnohoegomjephliankgbomeifahlcp\hNrk_ac.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\ProgramData\rrealdeaal\DdC0BJhhdR9XDg.exe.vir a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
    C:\Users\Catherine\Desktop\Downloads\FreeFileViewerSetup.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined

  9. #19
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    All but the last one on the list were items that adwCleaner had already quarantined so situation looks good from that point of view. How's the system running now? Any problems left?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #20
    Junior Member
    Join Date
    Mar 2015
    Posts
    13

    Default CheapProductsCoupons

    Quote Originally Posted by Blade81 View Post
    Hi,

    All but the last one on the list were items that adwCleaner had already quarantined so situation looks good from that point of view. How's the system running now? Any problems left?
    So far it seems OK. Thanks so much for your time and expertise.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •