What web browser are you using to try and post? I would try Firefox if you haven't.
IE starts with ads and no one on computer. [Solved]
Started by
ginnyjoe
, Apr 09 2015 08:01 PM
-
This topic is locked
#17
Posted 12 April 2015 - 10:54 AM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
I am using IE. Can I now download Chrome as this is my preferred browser. If not I will download firefox.
#18
Posted 12 April 2015 - 12:32 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Your log shows Firefox entries but I don't see it as installed. Maybe it was once installed but isn't any longer. Chrome looks to be compromised.
If you want to attach the logs for now, that's fine. I will post them here for you until we better sort out your malware issues. 
#19
Posted 12 April 2015 - 05:48 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
I downloaded firefox.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by catma_000 on 2015-02-13 at 8:50:34.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater
Successfully stopped: [Service] recipehub_2jservice
Successfully deleted: [Service] recipehub_2jservice
Successfully stopped: [Service] totalrecipesearch_14service
Successfully deleted: [Service] totalrecipesearch_14service
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.TBSB07898
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB07898
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB07898.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3298568
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.DynamicBarButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.DynamicBarButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.SkinLauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.SkinLauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.SkinLauncherSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.SkinLauncherSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SkinLauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SkinLauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SkinLauncherSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SkinLauncherSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.UrlAlertButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.UrlAlertButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.UrlAlertButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.UrlAlertButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.XMLSessionPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.XMLSessionPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.XMLSessionPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.XMLSessionPlugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.TBSB07898
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.TBSB07898.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar3.TBSB07898
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar3.TBSB07898.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298568
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e3475c-5521-4de8-bb12-50720f21631c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{06e3475c-5521-4de8-bb12-50720f21631c}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{494b9726-9084-415c-a499-68c07e187244}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{494b9726-9084-415c-a499-68c07e187244}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab56dfde-0c14-45b3-9df6-7b0eba617870}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7acdf9c-c4f9-4d5d-998e-b147866b4d4c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{b7acdf9c-c4f9-4d5d-998e-b147866b4d4c}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df22384f-cf68-4d19-969f-10423715528b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{df22384f-cf68-4d19-969f-10423715528b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e3475c-5521-4de8-bb12-50720f21631c}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{06e3475c-5521-4de8-bb12-50720f21631c}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{494b9726-9084-415c-a499-68c07e187244}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{494b9726-9084-415c-a499-68c07e187244}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab56dfde-0c14-45b3-9df6-7b0eba617870}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7acdf9c-c4f9-4d5d-998e-b147866b4d4c}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b7acdf9c-c4f9-4d5d-998e-b147866b4d4c}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df22384f-cf68-4d19-969f-10423715528b}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{df22384f-cf68-4d19-969f-10423715528b}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e3475c-5521-4de8-bb12-50720f21631c}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{06e3475c-5521-4de8-bb12-50720f21631c}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{494b9726-9084-415c-a499-68c07e187244}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{494b9726-9084-415c-a499-68c07e187244}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab56dfde-0c14-45b3-9df6-7b0eba617870}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7acdf9c-c4f9-4d5d-998e-b147866b4d4c}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b7acdf9c-c4f9-4d5d-998e-b147866b4d4c}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df22384f-cf68-4d19-969f-10423715528b}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{df22384f-cf68-4d19-969f-10423715528b}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\catma_000\AppData\Roaming\mobogenie"
Successfully deleted: [Folder] "C:\Users\catma_000\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\catma_000\appdata\local\mobogenie"
Successfully deleted: [Folder] "C:\Users\catma_000\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Users\catma_000\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Failed to delete: [Folder] "C:\Program Files (x86)\mobogenie"
Failed to delete: [Folder] "C:\Program Files (x86)\recipehub_2j"
Successfully deleted: [Folder] "C:\Program Files (x86)\search extensions"
Failed to delete: [Folder] "C:\Program Files (x86)\totalrecipesearch_14"
Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ Chrome
Successfully deleted: [Folder] C:\Users\catma_000\appdata\local\Google\Chrome\User Data\Default\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof
Successfully deleted: [Folder] C:\Users\catma_000\appdata\local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Folder] C:\Users\catma_000\appdata\local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Folder] C:\Users\catma_000\appdata\local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Successfully deleted: [Folder] C:\Users\catma_000\appdata\local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof
Successfully deleted: [Folder] C:\Users\catma_000\appdata\local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-02-13 at 8:54:51.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Edited by ginnyjoe, 12 April 2015 - 05:50 PM.
#20
Posted 12 April 2015 - 06:03 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
here is the log it looks like it was cleared but I don't remember clearing it. I will have to attach as it will not let me paste and I am in Firefox
The last log looks like an old one from before. so I redid a scan and the attachment is what I got
Edited by ginnyjoe, 12 April 2015 - 06:04 PM.
#21
Posted 12 April 2015 - 06:21 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
I don't know why I cannot copy and paste. I will have to attach this also.
#22
Posted 12 April 2015 - 06:43 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Whatever works is fine, attachments are A-OK with me in this case.
I didn't see an attachment on either of your last two posts. 
#23
Posted 12 April 2015 - 06:51 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
As far as copy&paste, which of these aren't working?
- With the mouse right-click menu
- With Control-A (select all) Control-C (copy) and Control-V (paste)
- Both
No worries, take your time. We'll sort this out.
#25
Posted 13 April 2015 - 05:02 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Hi ginnyjoe,
Did you see my question in my last post about which way you cannot copy&paste? Could you let me know please?
Yes, the JRT log you posted in Post #19 is from February. The one you attached is empty. Maybe JRT was run before this...
AdwCleaner was run in Cleaning mode, not Scan mode, but it doesn't look like any false positives were deleted.
I'll be back...
#26
Posted 13 April 2015 - 05:13 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Let's get a new FRST scan. If the tool asks to overwrite the existing copy on your Desktop, please allow it.
Run FRST
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(http://www.bleepingc...very-scan-tool/)
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
- Make sure the Addition.txt check-box is checked.
- Press Scan button.
- It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
- Please copy and paste the contents of both of those logs back here.
And if you haven't seen my last post, please also answer the methods by which you cannot copy & paste (mouse or keyboard or both).
#27
Posted 13 April 2015 - 08:17 AM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
I use the right click with the mouse. I then click select all then copy and try to paste.
I just tried section 2 and it did not work either. I will attach the txt.
Attached Files
-
FRST.txt 55.03KB
189 downloads
-
Addition.txt 22.87KB
158 downloads
#28
Posted 13 April 2015 - 10:39 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Here is the FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by catma_000 (administrator) on LENSPC on 13-04-2015 10:12:12
Running from C:\Users\catma_000\Desktop
Loaded Profiles: Ginette & catma_000 (Available profiles: Ginette & catma_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\xag.exe
() C:\Windows\mxag.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\...\Run: [Lavasoft AdBlock] => C:\Program Files (x86)\Lavasoft\Ad-Aware AdBlocker (Alpha)\AdBlocker.exe [446520 2013-10-24] (Lavasoft)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1099608 2013-02-19] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Run: [GenieFloater] => C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{a7f70dee-0abc-363f-a7f7-70dee0ab37b8}\hqghumeaylnlf.exe (PC Utilities Software Limited)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PriceLessInstaller.lnk
ShortcutTarget: PriceLessInstaller.lnk -> C:\ProgramData\{12ae6a53-13b6-41b1-12ae-e6a5313ba94c}\PriceLessInstaller.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.dell13.ca.msn.com/?st=1
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\S-1-5-21-1319240991-3494267394-1717728235-1005 -> {9B43D3F5-A8EE-44D5-AEAC-0EE1ED77E72A} URL = http://search.yahoo....p={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect121.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\catma_000\AppData\Roaming\Mozilla\Firefox\Profiles\59bok9hk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-12] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-03-21] (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-06-29]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23]
CHR Extension: (Google Drive) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23]
CHR Extension: (YouTube) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23]
CHR Extension: (Adblock Plus) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-17]
CHR Extension: (Google Search) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Gmail) - C:\Users\catma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185176 2013-02-19] (Garmin Ltd or its subsidiaries)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S3 LavasoftProxy; C:\Program Files (x86)\Lavasoft\Ad-Aware AdBlocker (Alpha)\LavasoftProxy.exe [3699768 2013-10-24] (Lavasoft Limited)
R2 mxag; c:\windows\mxag.exe [523264 2015-04-12] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 xag; c:\windows\xag.exe [531456 2015-04-12] () [File not signed]
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-03-17] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-02-12] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [290520 2015-02-12] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-02-12] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-02-12] (IBM Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 cherimoya; system32\drivers\cherimoya.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-13 10:12 - 2015-04-13 10:12 - 00044786 _____ () C:\Users\catma_000\Desktop\FRST.txt
2015-04-13 10:11 - 2015-04-13 10:11 - 02096640 _____ (Farbar) C:\Users\catma_000\Desktop\FRST64.exe
2015-04-13 10:06 - 2015-04-13 10:06 - 00000000 ____D () C:\Users\catma_000\AppData\Local\Macromedia
2015-04-12 20:39 - 2015-04-12 20:39 - 00000000 ____D () C:\Users\Ginette\AppData\Local\Macromedia
2015-04-12 20:37 - 2015-04-13 09:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-12 20:37 - 2015-04-12 20:39 - 00000000 ____D () C:\Users\Ginette\AppData\Local\Adobe
2015-04-12 20:37 - 2015-04-12 20:37 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-12 20:10 - 2015-04-12 20:11 - 00000000 ____D () C:\Users\Ginette\AppData\Roaming\Mozilla
2015-04-12 20:10 - 2015-04-12 20:11 - 00000000 ____D () C:\Users\Ginette\AppData\Local\Mozilla
2015-04-12 19:42 - 2015-04-12 19:42 - 00000000 _____ () C:\Users\catma_000\AppData\Local\Temp.dat
2015-04-12 19:41 - 2015-04-12 19:41 - 00000000 ____D () C:\ProgramData\f4bc8c5700000eee
2015-04-12 19:40 - 2015-04-12 19:40 - 00000000 ____D () C:\Users\catma_000\AppData\Roaming\Mozilla
2015-04-12 19:40 - 2015-04-12 19:40 - 00000000 ____D () C:\Users\catma_000\AppData\Local\Mozilla
2015-04-12 19:39 - 2015-04-12 19:39 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-12 19:39 - 2015-04-12 19:39 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-12 19:39 - 2015-04-12 19:39 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-12 19:39 - 2015-04-12 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-12 19:39 - 2015-04-12 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-12 19:38 - 2015-04-12 19:38 - 00000000 ____D () C:\Users\catma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-04-12 19:38 - 2015-04-12 19:38 - 00000000 ____D () C:\ProgramData\2365417444323894397
2015-04-12 19:37 - 2015-04-12 22:37 - 00000000 ____D () C:\ProgramData\{a7f70dee-0abc-363f-a7f7-70dee0ab37b8}
2015-04-12 19:37 - 2015-04-12 22:37 - 00000000 ____D () C:\ProgramData\{12ae6a53-13b6-41b1-12ae-e6a5313ba94c}
2015-04-12 19:37 - 2015-04-12 19:38 - 00745984 _____ () C:\WINDOWS\xag.dat
2015-04-12 19:37 - 2015-04-12 19:38 - 00000000 ____D () C:\ProgramData\obmekjmmphfbhghjhpcldenlajaphdbc
2015-04-12 19:37 - 2015-04-12 19:38 - 00000000 ____D () C:\Program Files (x86)\GUPlayer
2015-04-12 19:37 - 2015-04-12 19:37 - 00531456 _____ () C:\WINDOWS\xag.exe
2015-04-12 19:37 - 2015-04-12 19:37 - 00523264 _____ () C:\WINDOWS\mxag.exe
2015-04-12 19:37 - 2015-04-12 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-04-12 09:34 - 2015-04-12 09:34 - 00000616 _____ () C:\Users\Ginette\Desktop\JRT.txt
2015-04-12 08:55 - 2015-04-12 08:55 - 02095616 _____ (Farbar) C:\Users\Ginette\Desktop\FRST64.exe
2015-04-11 22:00 - 2015-04-11 22:00 - 00003955 _____ () C:\Users\Ginette\Desktop\AdwCleaner[S2].txt
2015-04-11 21:48 - 2015-04-11 21:48 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-LENSPC-Windows-8.1-(64-bit).dat
2015-04-11 21:48 - 2015-04-11 21:48 - 00000000 ____D () C:\RegBackup
2015-04-11 21:47 - 2015-04-11 21:47 - 02686959 _____ (Thisisu) C:\Users\Ginette\Desktop\JRT.exe
2015-04-11 21:47 - 2015-04-11 21:47 - 02217984 _____ () C:\Users\Ginette\Desktop\adwcleaner_4.201.exe
2015-04-08 12:12 - 2015-04-13 10:12 - 00000000 ____D () C:\FRST
2015-04-07 11:15 - 2015-04-07 11:15 - 00004030 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-04-07 11:15 - 2015-04-07 11:15 - 00003484 _____ () C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-04-07 11:15 - 2015-04-07 11:15 - 00003218 _____ () C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-04-07 11:14 - 2015-04-07 11:14 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-04-07 11:14 - 2015-04-07 11:14 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-04-04 11:15 - 2015-04-04 11:15 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-04 11:15 - 2015-04-04 11:15 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-01 11:14 - 2015-04-01 11:14 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-04-01 11:13 - 2015-04-08 18:13 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-04-01 11:13 - 2015-04-01 11:13 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-04-01 11:13 - 2015-04-01 11:13 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-03-31 15:44 - 2015-04-12 09:31 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E73DC06-26A2-4764-BB69-579F7EB0A8BA}
2015-03-30 18:08 - 2015-03-30 18:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-18 20:13 - 2015-03-18 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 20:13 - 2015-03-18 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-18 20:12 - 2015-03-18 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 20:12 - 2015-03-18 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-18 20:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-18 20:12 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-18 20:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-17 18:37 - 2015-03-17 18:37 - 00000324 ____N () C:\WINDOWS\DtcInstall.log
2015-03-17 18:37 - 2015-03-04 17:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-17 18:37 - 2015-03-04 17:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-13 10:03 - 2015-02-09 21:06 - 01629061 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-13 10:01 - 2013-06-29 12:55 - 00000274 _____ () C:\WINDOWS\Tasks\HP Photo Creations Messager.job
2015-04-13 10:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-13 04:54 - 2014-09-04 11:56 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FC142B6-8440-4D26-B616-8BF62B8105F4}
2015-04-12 22:43 - 2013-02-04 23:39 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1319240991-3494267394-1717728235-1005
2015-04-12 22:37 - 2014-09-04 11:55 - 00000000 ___DO () C:\Users\catma_000\OneDrive
2015-04-12 20:10 - 2015-02-13 10:56 - 00000000 ____D () C:\AdwCleaner
2015-04-12 20:08 - 2015-02-20 22:50 - 00000000 ___RD () C:\Users\Ginette\OneDrive
2015-04-12 19:45 - 2015-03-12 06:45 - 00000000 ____D () C:\Program Files (x86)\SumatraPDF
2015-04-12 09:31 - 2014-03-18 06:03 - 00869476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-12 09:26 - 2015-02-12 10:17 - 00001770 _____ () C:\WINDOWS\setupact.log
2015-04-12 09:26 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-12 09:25 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-11 22:00 - 2014-09-04 10:21 - 00000000 ____D () C:\Users\Ginette
2015-04-11 22:00 - 2014-09-04 10:21 - 00000000 ____D () C:\Users\catma_000
2015-04-11 21:56 - 2013-02-04 22:48 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1319240991-3494267394-1717728235-1001
2015-04-11 21:07 - 2015-02-12 10:16 - 00352660 _____ () C:\WINDOWS\PFRO.log
2015-04-11 20:48 - 2013-08-26 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-11 05:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-07 14:14 - 2013-06-30 13:00 - 00000000 ____D () C:\Program Files (x86)\nito Installer.app
2015-04-07 11:14 - 2013-05-22 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-04-04 11:15 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-01 11:13 - 2015-02-21 15:07 - 00000000 ____D () C:\Program Files\Dell
2015-03-26 10:25 - 2015-01-20 01:28 - 00000000 ____D () C:\Program Files (x86)\Genie Soft
2015-03-26 10:23 - 2015-03-05 09:39 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2015-03-20 18:22 - 2013-02-12 05:29 - 00000382 _____ () C:\WINDOWS\SysWOW64\SystemPreferences.xml
2015-03-18 21:07 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Speech
2015-03-17 19:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-17 18:40 - 2013-08-26 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-03-17 18:35 - 2013-08-22 10:44 - 00490624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2014-05-04 16:30 - 2014-05-09 20:30 - 0118727 _____ () C:\Users\catma_000\AppData\Local\ars.cache
2014-05-04 16:30 - 2014-05-09 20:30 - 0288746 _____ () C:\Users\catma_000\AppData\Local\census.cache
2014-05-04 12:41 - 2014-05-04 12:41 - 0000036 _____ () C:\Users\catma_000\AppData\Local\housecall.guid.cache
2015-04-12 19:42 - 2015-04-12 19:42 - 0011768 _____ () C:\Users\catma_000\AppData\Local\Temp-log.txt
2015-04-12 19:42 - 2015-04-12 19:42 - 0000000 _____ () C:\Users\catma_000\AppData\Local\Temp.dat
2013-02-07 22:49 - 2013-02-07 22:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-01 00:39 - 2012-11-01 00:39 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-01 00:36 - 2012-11-01 00:37 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-01 00:37 - 2012-11-01 00:38 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-01 00:36 - 2012-11-01 00:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-01 00:38 - 2012-11-01 00:39 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Some content of TEMP:
====================
C:\Users\catma_000\AppData\Local\Temp\optprosetup.exe
C:\Users\catma_000\AppData\Local\Temp\sum~inst.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-13 06:25
==================== End Of Log ============================
#29
Posted 13 April 2015 - 10:40 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Here is the Addition.txt log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by catma_000 at 2015-04-13 10:13:09
Running from C:\Users\catma_000\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bingo Cafe (HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Bingo Cafe) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Parables 3 Rise of the Snow Queen Collectors Edition 1.00 (HKLM-x32\...\Dark Parables 3 Rise of the Snow Queen Collectors Edition 1.00) (Version: - )
Dark Strokes Sins of the Fathers Collectors Edition 1.00 (HKLM-x32\...\Dark Strokes Sins of the Fathers Collectors Edition 1.00) (Version: - )
Dark Tales 2 Edgar Allan Poes The Black Cat Collectors Edition 1.00 (HKLM-x32\...\Dark Tales 2 Edgar Allan Poes The Black Cat Collectors Edition 1.00) (Version: - )
Dark Tales 3 Edgar Allan Poes The Premature Burial CE 1.00 (HKLM-x32\...\Dark Tales 3 Edgar Allan Poes The Premature Burial CE 1.00) (Version: - )
Death Under Tuscan Skies A Dana Knightstone Novel 2 Collectors Edition 1.00 (HKLM-x32\...\Death Under Tuscan Skies A Dana Knightstone Novel 2 Collectors Edition 1.00) (Version: - )
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Depths of Betrayal Collectors Edition 1.00 (HKLM-x32\...\Depths of Betrayal Collectors Edition 1.00) (Version: - )
Echoes of the Past The Castle of Shadows Collectors Edition 1.00 (HKLM-x32\...\Echoes of the Past The Castle of Shadows Collectors Edition 1.00) (Version: - )
Elevated Installer (x32 Version: 2.1.8 - Garmin Ltd or its subsidiaries) Hidden
Enigma 7 1.00 (HKLM-x32\...\Enigma 7 1.00) (Version: - )
Escape from Frankensteins Castle 1.00 (HKLM-x32\...\Escape from Frankensteins Castle 1.00) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Eternal Journey New Atlantis Collectors Edition 1.00 (HKLM-x32\...\Eternal Journey New Atlantis Collectors Edition 1.00) (Version: - )
Experiment 1.00 (HKLM-x32\...\Experiment 1.00) (Version: - )
Fabled Legends The Dark Piper Collectors Edition 1.00 (HKLM-x32\...\Fabled Legends The Dark Piper Collectors Edition 1.00) (Version: - )
Fierce Tales The Dogs Heart Collectors Edition 1.00 (HKLM-x32\...\Fierce Tales The Dogs Heart Collectors Edition 1.00) (Version: - )
Film Fatale BFG 1.00 (HKLM-x32\...\Film Fatale BFG 1.00) (Version: - )
Flux Family Secrets The Book of Oracles 1.00 (HKLM-x32\...\Flux Family Secrets The Book of Oracles 1.00) (Version: - )
Forbidden Secrets Alien Town Collectors Edition 1.00 (HKLM-x32\...\Forbidden Secrets Alien Town Collectors Edition 1.00) (Version: 1.00 - Games)
Freemake Video Converter version 4.0.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.3 - Ellora Assets Corporation)
Gardenscapes Mansion Makeover CE 1.00 (HKLM-x32\...\Gardenscapes Mansion Makeover CE 1.00) (Version: - )
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{f8045cae-2c45-445b-a15b-f77ffe0f1956}) (Version: 2.1.8 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.8 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.8 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.8 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Ghost Encounters Deadwood 1.00 (HKLM-x32\...\Ghost Encounters Deadwood 1.00) (Version: - )
Golden Trails 3 The Guardians Creed 1.00 (HKLM-x32\...\Golden Trails 3 The Guardians Creed 1.00) (Version: - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grim Tales The Legacy Collectors Edition 1.00 (HKLM-x32\...\Grim Tales The Legacy Collectors Edition 1.00) (Version: - )
Grim Tales The Wishes Collectors Edition 1.00 (HKLM-x32\...\Grim Tales The Wishes Collectors Edition 1.00) (Version: - )
Guardian Dragons New 1.00 (HKLM-x32\...\Guardian Dragons New 1.00) (Version: - )
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - )
Haunted Halls Fears from Childhood Collectors Edition 1.00 (HKLM-x32\...\Haunted Halls Fears from Childhood Collectors Edition 1.00) (Version: - )
Heaven and [bleep] Angelos Quest 1.00 (HKLM-x32\...\Heaven and [bleep] Angelos Quest 1.00) (Version: - )
Hidden Mysteries Return to Titanic 1.00 (HKLM-x32\...\Hidden Mysteries Return to Titanic 1.00) (Version: - )
Hidden Mysteries Royal Family Secrets 1.00 (HKLM-x32\...\Hidden Mysteries Royal Family Secrets 1.00) (Version: - )
House of 1000 Doors The Palm of Zoroaster Collectors Edition 1.00 (HKLM-x32\...\House of 1000 Doors The Palm of Zoroaster Collectors Edition 1.00) (Version: - )
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
Inspector Magnusson Murder On The Titanic 1.00 (HKLM-x32\...\Inspector Magnusson Murder On The Titanic 1.00) (Version: - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Jet Bingo (HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\Jet Bingo) (Version: - )
Living Legends Ice Rose Collectors Edition 1.00 (HKLM-x32\...\Living Legends Ice Rose Collectors Edition 1.00) (Version: - )
Lost City of Z 1.00 (HKLM-x32\...\Lost City of Z 1.00) (Version: - )
Love Chronicles The Spell Collectors Edition 1.00 (HKLM-x32\...\Love Chronicles The Spell Collectors Edition 1.00) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-GB)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Nat Geo Adventure Ghost Fleet 1.00 (HKLM-x32\...\Nat Geo Adventure Ghost Fleet 1.00) (Version: - )
Rapport (x32 Version: 3.5.1404.75 - Trusteer) Hidden
Recipe Hub toolbar (HKLM-x32\...\RecipeHub_2jbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TotalRecipeSearch Toolbar (HKLM-x32\...\TotalRecipeSearch_14bar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.75 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
YTD Toolbar v10.9 (HKLM-x32\...\{D065A3E2-6502-4EA2-91D3-FE98B72B6CDE}) (Version: 10.9 - Spigot, Inc.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
11-04-2015 20:58:23 Removed Adblock Plus for IE (32-bit and 64-bit)
12-04-2015 09:16:56 Restore Point Created by FRST
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B0C4A89-888E-4400-B2B4-70B80C31D908} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {106D0C58-619B-4199-AB38-0A235EF1B0D8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {15E34D96-86DD-41C5-BEB5-BB457682FBBC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {20AFA765-DEDB-477F-9FF5-F72775E9D5DC} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {27FA629B-B8E9-456C-AD62-08EF7A09AD5B} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {3FDAAE6E-3971-4785-8BFD-E51D95E59791} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {42EBF3C2-A1B2-4820-9A63-6FA346A0B0E3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-12] (Adobe Systems Incorporated)
Task: {487CA2F5-19B5-4BF5-99E5-B1143D4149D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {54FD991C-2EA9-4FA6-BF4F-1DE7EFFFA0C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5D8F56F4-A613-473D-BE71-BA22A300E9CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {7B13CEF5-D065-48E6-A1E7-330705D23A53} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {7D88F6CF-3B70-402E-85E8-84C483E9BF3C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2012-12-17] (Apple Inc.)
Task: {8F4A638A-6CBA-4994-991C-8626521E7DB3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {9110A2F2-172E-4F3F-9849-A5440125D054} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {9273A96A-219F-4C6E-9A56-3EE547FBC250} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {B0466165-BD2D-4FC2-990D-78FA16E55778} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {B2B4AB74-9443-402E-996B-EB77E90BBD78} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {D21E4F20-929A-49FA-A2E8-C7020326989D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
==================== Loaded Modules (whitelisted) ==============
2015-04-12 19:37 - 2015-04-12 19:37 - 00531456 _____ () c:\windows\xag.exe
2015-04-12 19:37 - 2015-04-12 19:37 - 00523264 _____ () c:\windows\mxag.exe
2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-11-01 00:37 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-11-01 00:32 - 2012-07-18 15:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\catma_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Ginette\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Ginette\OneDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1319240991-3494267394-1717728235-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ginette\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\catma_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\photo gallery wallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "TotalRecipeSearch Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "TotalRecipeSearch_14 Browser Plugin Loader"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1319240991-3494267394-1717728235-1005\...\StartupApproved\Run: => "HP Deskjet 3050A J611 series (NET)"
==================== Accounts: =============================
Administrator (S-1-5-21-1319240991-3494267394-1717728235-500 - Administrator - Disabled)
catma_000 (S-1-5-21-1319240991-3494267394-1717728235-1005 - Administrator - Enabled) => C:\Users\catma_000
Ginette (S-1-5-21-1319240991-3494267394-1717728235-1001 - Administrator - Enabled) => C:\Users\Ginette
Guest (S-1-5-21-1319240991-3494267394-1717728235-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2015 06:28:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
System errors:
=============
Error: (04/13/2015 06:48:42 AM) (Source: Ntfs) (EventID: 138) (User: )
Description: The transaction resource manager at C:\ encountered a fatal error and was shut down. The data contains the error code.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Core™ i3-2130 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 6013.55 MB
Available physical RAM: 3966.77 MB
Total Pagefile: 7357.55 MB
Available Pagefile: 4860.78 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:918.45 GB) (Free:854.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2F06AA7B)
Partition: GPT Partition Type.
==================== End Of Log ============================
#30
Posted 13 April 2015 - 02:12 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Regarding the copy & paste failure, is it just in the web browser or in any program on the machine?
Can you also tell me when the strange computer behavior started happening?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
