Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by catma_000 (administrator) on LENSPC on 13-04-2015 10:12:12
Running from C:\Users\catma_000\Desktop
Loaded Profiles: Ginette & catma_000 (Available profiles: Ginette & catma_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\xag.exe
() C:\Windows\mxag.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\...\Run: [Lavasoft AdBlock] => C:\Program Files (x86)\Lavasoft\Ad-Aware AdBlocker (Alpha)\AdBlocker.exe [446520 2013-10-24] (Lavasoft)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1099608 2013-02-19] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [GenieFloater] => C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{a7f70dee-0abc-363f-a7f7-70dee0ab37b8}\hqghumeaylnlf.exe (PC Utilities Software Limited)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PriceLessInstaller.lnk
ShortcutTarget: PriceLessInstaller.lnk -> C:\ProgramData\{12ae6a53-13b6-41b1-12ae-e6a5313ba94c}\PriceLessInstaller.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.dell13.ca.msn.com/?st=1
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\S-1-5-21-1319240991-3494267394-1717728235-1005 -> {9B43D3F5-A8EE-44D5-AEAC-0EE1ED77E72A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\catma_000\AppData\Roaming\Mozilla\Firefox\Profiles\59bok9hk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-12] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-03-21] (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-06-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23]
CHR Extension: (Google Drive) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23]
CHR Extension: (YouTube) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23]
CHR Extension: (Adblock Plus) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-17]
CHR Extension: (Google Search) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Gmail) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185176 2013-02-19] (Garmin Ltd or its subsidiaries)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S3 LavasoftProxy; C:\Program Files (x86)\Lavasoft\Ad-Aware AdBlocker (Alpha)\LavasoftProxy.exe [3699768 2013-10-24] (Lavasoft Limited)
R2 mxag; c:\windows\mxag.exe [523264 2015-04-12] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 xag; c:\windows\xag.exe [531456 2015-04-12] () [File not signed]
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-03-17] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-02-12] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [290520 2015-02-12] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-02-12] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-02-12] (IBM Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 cherimoya; system32\drivers\cherimoya.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 10:12 - 2015-04-13 10:12 - 00044786 _____ () C:\Users\catma_000\Desktop\FRST.txt
2015-04-13 10:11 - 2015-04-13 10:11 - 02096640 _____ (Farbar) C:\Users\catma_000\Desktop\FRST64.exe
2015-04-13 10:06 - 2015-04-13 10:06 - 00000000 ____D () C:\Users\catma_000\AppData\Local\Macromedia
2015-04-12 20:39 - 2015-04-12 20:39 - 00000000 ____D () C:\Users\Ginette\AppData\Local\Macromedia
2015-04-12 20:37 - 2015-04-13 09:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-12 20:37 - 2015-04-12 20:39 - 00000000 ____D () C:\Users\Ginette\AppData\Local\Adobe
2015-04-12 20:37 - 2015-04-12 20:37 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-12 20:10 - 2015-04-12 20:11 - 00000000 ____D () C:\Users\Ginette\AppData\Roaming\Mozilla
2015-04-12 20:10 - 2015-04-12 20:11 - 00000000 ____D () C:\Users\Ginette\AppData\Local\Mozilla
2015-04-12 19:42 - 2015-04-12 19:42 - 00000000 _____ () C:\Users\catma_000\AppData\Local\Temp.dat
2015-04-12 19:41 - 2015-04-12 19:41 - 00000000 ____D () C:\ProgramData\f4bc8c5700000eee
2015-04-12 19:40 - 2015-04-12 19:40 - 00000000 ____D () C:\Users\catma_000\AppData\Roaming\Mozilla
2015-04-12 19:40 - 2015-04-12 19:40 - 00000000 ____D () C:\Users\catma_000\AppData\Local\Mozilla
2015-04-12 19:39 - 2015-04-12 19:39 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-12 19:39 - 2015-04-12 19:39 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-12 19:39 - 2015-04-12 19:39 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-12 19:39 - 2015-04-12 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-12 19:39 - 2015-04-12 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-12 19:38 - 2015-04-12 19:38 - 00000000 ____D () C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-04-12 19:38 - 2015-04-12 19:38 - 00000000 ____D () C:\ProgramData\2365417444323894397
2015-04-12 19:37 - 2015-04-12 22:37 - 00000000 ____D () C:\ProgramData\{a7f70dee-0abc-363f-a7f7-70dee0ab37b8}
2015-04-12 19:37 - 2015-04-12 22:37 - 00000000 ____D () C:\ProgramData\{12ae6a53-13b6-41b1-12ae-e6a5313ba94c}
2015-04-12 19:37 - 2015-04-12 19:38 - 00745984 _____ () C:\WINDOWS\xag.dat
2015-04-12 19:37 - 2015-04-12 19:38 - 00000000 ____D () C:\ProgramData\obmekjmmphfbhghjhpcldenlajaphdbc
2015-04-12 19:37 - 2015-04-12 19:38 - 00000000 ____D () C:\Program Files (x86)\GUPlayer
2015-04-12 19:37 - 2015-04-12 19:37 - 00531456 _____ () C:\WINDOWS\xag.exe
2015-04-12 19:37 - 2015-04-12 19:37 - 00523264 _____ () C:\WINDOWS\mxag.exe
2015-04-12 19:37 - 2015-04-12 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-04-12 09:34 - 2015-04-12 09:34 - 00000616 _____ () C:\Users\Ginette\Desktop\JRT.txt
2015-04-12 08:55 - 2015-04-12 08:55 - 02095616 _____ (Farbar) C:\Users\Ginette\Desktop\FRST64.exe
2015-04-11 22:00 - 2015-04-11 22:00 - 00003955 _____ () C:\Users\Ginette\Desktop\AdwCleaner[S2].txt
2015-04-11 21:48 - 2015-04-11 21:48 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-LENSPC-Windows-8.1-(64-bit).dat
2015-04-11 21:48 - 2015-04-11 21:48 - 00000000 ____D () C:\RegBackup
2015-04-11 21:47 - 2015-04-11 21:47 - 02686959 _____ (Thisisu) C:\Users\Ginette\Desktop\JRT.exe
2015-04-11 21:47 - 2015-04-11 21:47 - 02217984 _____ () C:\Users\Ginette\Desktop\adwcleaner_4.201.exe
2015-04-08 12:12 - 2015-04-13 10:12 - 00000000 ____D () C:\FRST
2015-04-07 11:15 - 2015-04-07 11:15 - 00004030 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-04-07 11:15 - 2015-04-07 11:15 - 00003484 _____ () C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-04-07 11:15 - 2015-04-07 11:15 - 00003218 _____ () C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-04-07 11:14 - 2015-04-07 11:14 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-04-07 11:14 - 2015-04-07 11:14 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-04-04 11:15 - 2015-04-04 11:15 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-04 11:15 - 2015-04-04 11:15 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-01 11:14 - 2015-04-01 11:14 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-04-01 11:13 - 2015-04-08 18:13 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-04-01 11:13 - 2015-04-01 11:13 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-04-01 11:13 - 2015-04-01 11:13 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-03-31 15:44 - 2015-04-12 09:31 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E73DC06-26A2-4764-BB69-579F7EB0A8BA}
2015-03-30 18:08 - 2015-03-30 18:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-18 20:13 - 2015-03-18 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 20:13 - 2015-03-18 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-18 20:12 - 2015-03-18 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 20:12 - 2015-03-18 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-18 20:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-18 20:12 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-18 20:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-17 18:37 - 2015-03-17 18:37 - 00000324 ____N () C:\WINDOWS\DtcInstall.log
2015-03-17 18:37 - 2015-03-04 17:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-17 18:37 - 2015-03-04 17:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 10:03 - 2015-02-09 21:06 - 01629061 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-13 10:01 - 2013-06-29 12:55 - 00000274 _____ () C:\WINDOWS\Tasks\HP Photo Creations Messager.job
2015-04-13 10:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-13 04:54 - 2014-09-04 11:56 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FC142B6-8440-4D26-B616-8BF62B8105F4}
2015-04-12 22:43 - 2013-02-04 23:39 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1319240991-3494267394-1717728235-1005
2015-04-12 22:37 - 2014-09-04 11:55 - 00000000 ___DO () C:\Users\catma_000\OneDrive
2015-04-12 20:10 - 2015-02-13 10:56 - 00000000 ____D () C:\AdwCleaner
2015-04-12 20:08 - 2015-02-20 22:50 - 00000000 ___RD () C:\Users\Ginette\OneDrive
2015-04-12 19:45 - 2015-03-12 06:45 - 00000000 ____D () C:\Program Files (x86)\SumatraPDF
2015-04-12 09:31 - 2014-03-18 06:03 - 00869476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-12 09:26 - 2015-02-12 10:17 - 00001770 _____ () C:\WINDOWS\setupact.log
2015-04-12 09:26 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-12 09:25 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-11 22:00 - 2014-09-04 10:21 - 00000000 ____D () C:\Users\Ginette
2015-04-11 22:00 - 2014-09-04 10:21 - 00000000 ____D () C:\Users\catma_000
2015-04-11 21:56 - 2013-02-04 22:48 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1319240991-3494267394-1717728235-1001
2015-04-11 21:07 - 2015-02-12 10:16 - 00352660 _____ () C:\WINDOWS\PFRO.log
2015-04-11 20:48 - 2013-08-26 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-11 05:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-07 14:14 - 2013-06-30 13:00 - 00000000 ____D () C:\Program Files (x86)\nito Installer.app
2015-04-07 11:14 - 2013-05-22 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-04-04 11:15 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-01 11:13 - 2015-02-21 15:07 - 00000000 ____D () C:\Program Files\Dell
2015-03-26 10:25 - 2015-01-20 01:28 - 00000000 ____D () C:\Program Files (x86)\Genie Soft
2015-03-26 10:23 - 2015-03-05 09:39 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2015-03-20 18:22 - 2013-02-12 05:29 - 00000382 _____ () C:\WINDOWS\SysWOW64\SystemPreferences.xml
2015-03-18 21:07 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Speech
2015-03-17 19:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-17 18:40 - 2013-08-26 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-03-17 18:35 - 2013-08-22 10:44 - 00490624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2014-05-04 16:30 - 2014-05-09 20:30 - 0118727 _____ () C:\Users\catma_000\AppData\Local\ars.cache
2014-05-04 16:30 - 2014-05-09 20:30 - 0288746 _____ () C:\Users\catma_000\AppData\Local\census.cache
2014-05-04 12:41 - 2014-05-04 12:41 - 0000036 _____ () C:\Users\catma_000\AppData\Local\housecall.guid.cache
2015-04-12 19:42 - 2015-04-12 19:42 - 0011768 _____ () C:\Users\catma_000\AppData\Local\Temp-log.txt
2015-04-12 19:42 - 2015-04-12 19:42 - 0000000 _____ () C:\Users\catma_000\AppData\Local\Temp.dat
2013-02-07 22:49 - 2013-02-07 22:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-01 00:39 - 2012-11-01 00:39 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-01 00:36 - 2012-11-01 00:37 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-01 00:37 - 2012-11-01 00:38 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-01 00:36 - 2012-11-01 00:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-01 00:38 - 2012-11-01 00:39 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\catma_000\AppData\Local\Temp\optprosetup.exe
C:\Users\catma_000\AppData\Local\Temp\sum~inst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-13 06:25

==================== End Of Log ============================