[RESOLVED] I picked this apparent virus and dont know how to rid of it - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 32

Thread: [RESOLVED] I picked this apparent virus and dont know how to rid of it

  1. #16
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067

    PART 2 ADDITIONAL

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
    ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/

    ==================== Loaded Modules (Whitelisted) ==============

    2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2015-10-05 15:17 - 2014-04-14 19:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2017-11-03 17:10 - 2017-12-09 05:31 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-02-14 21:48 - 2018-02-09 22:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-03-01 23:51 - 2018-03-02 00:13 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-03-01 23:51 - 2018-03-02 00:13 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-03-01 23:51 - 2018-03-02 00:13 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-03-01 23:51 - 2018-03-02 00:13 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-03-01 23:51 - 2018-03-02 00:13 - 000649216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2018-03-01 23:51 - 2018-03-02 00:13 - 000142848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
    2018-02-14 21:48 - 2018-02-09 22:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-09-29 07:41 - 2017-09-29 07:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
    2018-02-14 21:46 - 2018-02-09 22:46 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
    2018-01-12 15:22 - 2017-11-26 06:26 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
    2017-09-29 07:41 - 2017-09-29 07:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
    2018-03-01 23:51 - 2018-03-02 00:13 - 000242176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
    2018-03-01 23:51 - 2018-03-02 00:13 - 000040960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\TraceProvider.dll
    2018-03-01 23:51 - 2018-03-02 00:13 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\VideoN.dll
    2018-03-02 08:42 - 2018-03-02 08:43 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2018-03-02 08:42 - 2018-03-02 08:42 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2018-03-02 08:42 - 2018-03-02 08:42 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2018-03-02 08:41 - 2018-03-02 08:41 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2018-03-01 23:55 - 2018-02-26 05:24 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
    2018-03-01 23:55 - 2018-02-26 05:24 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
    2018-03-01 23:56 - 2018-02-26 05:24 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2018-03-01 23:56 - 2018-02-26 05:26 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2018-03-01 23:54 - 2018-02-26 05:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2018-03-01 23:54 - 2018-02-26 05:26 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2018-03-01 23:54 - 2018-02-26 05:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2018-03-01 23:55 - 2018-02-26 05:24 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2018-03-01 23:55 - 2018-02-26 05:24 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2018-03-01 23:56 - 2018-02-26 05:24 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2018-03-01 23:56 - 2018-02-26 05:26 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2018-03-01 23:55 - 2018-02-26 05:24 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000116184 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2018-03-01 23:55 - 2018-02-26 05:24 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2018-03-01 23:56 - 2018-02-26 05:26 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2018-03-01 23:56 - 2018-02-26 05:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2018-03-01 23:54 - 2018-02-26 05:26 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2018-03-01 23:56 - 2018-02-26 05:27 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
    2018-03-01 23:54 - 2018-02-26 05:26 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
    2018-03-01 23:56 - 2018-02-26 05:26 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2018-03-01 23:56 - 2018-02-26 05:27 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
    2018-03-01 23:56 - 2018-02-26 05:27 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2018-03-01 23:56 - 2018-02-26 05:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
    2018-03-01 23:56 - 2018-02-26 05:26 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2018-03-01 23:56 - 2018-02-26 05:26 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
    2018-03-01 23:56 - 2018-02-26 05:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
    2018-03-01 23:56 - 2018-02-26 05:27 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2018-03-01 23:56 - 2018-02-26 05:24 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
    2018-03-01 23:56 - 2018-02-26 05:27 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2018-03-01 23:55 - 2018-02-26 05:24 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2018-03-01 23:55 - 2018-02-26 05:26 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
    2018-03-01 23:55 - 2018-02-26 05:24 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2018-03-01 23:56 - 2018-02-26 05:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2018-03-01 23:56 - 2018-02-26 05:26 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
    2018-03-01 23:55 - 2018-02-26 05:26 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2018-03-01 23:56 - 2018-02-26 05:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2018-03-01 23:55 - 2018-02-26 05:26 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 05:04 - 2017-06-21 21:09 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-968513832-21562350-644682300-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\1patp\Pictures\baby precious.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
    HKU\S-1-5-21-968513832-21562350-644682300-1001\...\StartupApproved\Run: => "Chromium"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{8626C04D-1B06-4BC8-A182-8717905842F8}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
    FirewallRules: [TCP Query User{CE3F03BF-BC05-4CA2-B7B9-8C0C020A3C00}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
    FirewallRules: [UDP Query User{481482D7-F99E-41D2-B395-3AEB17CEDB08}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [TCP Query User{22BCEAE0-A05A-4876-B383-4D6994AA68DD}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [{93717F93-CE61-4A5E-9FDD-DFB1D0CB48BE}] => (Allow) C:\Users\1patp\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [UDP Query User{FFC5D908-3DD6-467A-BE36-8B5B84B3C131}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [TCP Query User{615582B2-3E61-440A-9DE2-C828F19A71C9}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [{AE5B7A06-183F-4893-BBAC-F4F44BE2F953}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{DB67BB39-55F0-414D-9C65-BD70C03594CE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{1F0D7CA1-34E0-46BB-9A67-7B1FEE1C8DC8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{2A95A47D-B046-4FFD-A052-60A19DD9DFEE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{BF212F25-5ABC-4235-8EF3-52155064FC35}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
    FirewallRules: [{9607CD9E-E0C9-4963-8DF2-02FDB4C73436}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{01B93DCA-2B7A-44A5-AEC6-BA33FCFD09AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0F9D4E2C-D791-4CA9-9F3C-292E9AB412FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{FA22119F-010E-415F-BE67-CD9D7B4BBBB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{FB465170-0787-47C5-85AB-732F7BB61FEC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7E211E7B-D270-43D4-B3BD-E4081FFBEE32}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{F7CD9756-9E77-4BD7-827E-BE250423BBA3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{CA6CDAB6-3369-44E4-A52D-7A1817C334AF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{93937BBE-5C62-4648-B3E7-0FDFA6C126DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    14-02-2018 21:45:10 Windows Update
    02-03-2018 00:17:04 Restore Operation

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/03/2018 10:34:49 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (03/03/2018 10:34:49 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: Windows cannot load the extensible counter DLL ASP.NET_64_2.0.50727. The first four bytes (DWORD) of the Data section contains the Windows error code.

    Error: (03/03/2018 10:34:49 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (03/03/2018 10:34:49 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (03/03/2018 09:45:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-NPLNS3T)
    Description: Package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

    Error: (03/03/2018 09:26:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.16299.15, time stamp: 0x9c786b9a
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x8400000e
    Fault offset: 0x0000000000000000
    Faulting process id: 0xb08
    Faulting application start time: 0x01d3b303dfb9f25c
    Faulting application path: C:\WINDOWS\System32\svchost.exe
    Faulting module path: unknown
    Report Id: a3db2a78-3039-4ddb-91ff-d97a98a0ebfa
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/03/2018 09:13:02 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.248, time stamp: 0x5a7e76b1
    Faulting module name: win32u.dll, version: 10.0.16299.15, time stamp: 0x1900dcc9
    Exception code: 0xcfffffff
    Fault offset: 0x0000000000009164
    Faulting process id: 0x1ce8
    Faulting application start time: 0x01d3b301c0ba8f37
    Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Faulting module path: C:\WINDOWS\System32\win32u.dll
    Report Id: ba372a1b-3dc6-46ee-99af-d02d7f9fc928
    Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: ContentProcess

    Error: (03/02/2018 11:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 16875


    System errors:
    =============
    Error: (03/03/2018 10:39:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/03/2018 10:24:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/03/2018 09:51:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Downloaded Maps Manager service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/03/2018 09:46:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/02/2018 10:00:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NPLNS3T)
    Description: The server Microsoft.AAD.BrokerPlugin_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.

    Error: (03/02/2018 09:45:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/02/2018 09:54:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/02/2018 09:44:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-02-06 23:22:32.439
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {750040FA-A862-4867-895C-7C62DDB4BB05}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-02-02 21:21:03.205
    Description:
    Windows Defender Antivirus scan has been stopped before completion.

  2. #17
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067

    PART 3 AND LAST OF ADDITIONAL

    Scan ID: {63705345-378E-486D-A3B9-46A1D24A854F}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-01-24 19:55:12.948
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...8&enterprise=0
    Name: Trojan:Win32/CoinMiner
    ID: 2147672528
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\1patp\AppData\Local\Mozilla\Firefox\Profiles\ko2vaeg6.default\cache2\entries\85B4C3FBCFD161E5074E2DFE4ED487BCEBBEB2EC
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Signature Version: AV: 1.261.118.0, AS: 1.261.118.0, NIS: 118.2.0.0
    Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

    Date: 2018-02-02 09:48:05.406
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.678.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-01-20 00:32:07.547
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.65.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x800704e8
    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Date: 2018-01-20 00:32:07.545
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.65.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x800704e8
    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Date: 2018-01-20 00:32:07.543
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.65.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x800704e8
    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Date: 2018-01-14 02:48:55.843
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.259.1596.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14405.2
    Error code: 0x80072ee2
    Error description: The operation timed out

    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
    Percentage of memory in use: 84%
    Total physical RAM: 3985.95 MB
    Available physical RAM: 632.61 MB
    Total Virtual: 10740.4 MB
    Available Virtual: 3491.86 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:446.06 GB) (Free:364.52 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:18.36 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{897c9b29-1e3f-4039-b4e2-3ee638ac9fbb}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
    \\?\Volume{da51aa89-c339-4c5a-b9e5-42a435c69b23}\ () (Fixed) (Total:0.96 GB) (Free:0.33 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 0CAD552D)

    Partition: GPT.

    ==================== End of Addition.txt ============================





    I HAVE ALL MY WEDDING AND MY GRAND DAUGHERS ON HERE SO NO PICS CAN BE TAKEN OF, NO CANON BECAUSE I HAVE A NEW CANON 4 WAY PRINTER, NO MICROSOFT UNLESS DAMAGED. I WANT TO KNOW WHAT IS GOING ON? WHY COULD I NOT JUST HAVE TYPED "COUPONXPLORER" IN THE SEARCH BOX AT TOP OF FARBAR AND JUST TAKEN THOSE OUT.

    I appreciate you replying to my questions as most of the time admins dont take the time.

  3. #18
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067

    Hope I can get back to see your reply as.....

    It just took 20 minutes to load this reply box. Don't know how long she is going to hold up. JUST DISCOVERED SOMETHING REALLY STRANGE. I have had Valvaldi on my desk top for some time but just haven't used it. Decided to see if it would work properly and it workes perfectly and as fast as when my computer was brand new. WHY would that be? Firefox is where the problem seems to be since the "couponXplorer was added with that browser. JUST CURIOUS?
    Last edited by Msbsgblue; March 3rd, 2018 at 05:34 PM.

  4. #19
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067
    It has been 3 1/2 hours and it has taken me this long to get back to check for a reply. Refreshing does not work. Someone please help me. I am a senior citizen, disabled and this is the only contact I have to the outside world. I sincerely need help. I do not know how much longer it is going to let me get back to see a reply.
    . /

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Now I have everything I need.

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  6. #21
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067
    I am old sick and disabled and will get with you on this in the morning. It is late and I am worn out. Why is the computer momentarily running good on Chrome and Avaldi but not on Firefox? IS THERE ANYWAY i CAN GIVE YOU ACCESS TO MY COMPUTER AND YOU RUN THESE FOR ME? I went to the 1st one and did not understand it at all. I would be eternally grateful if someone would kindly help me. This is my only contact with outside world as I am home bound.

    I do keep getting something about scripts running on some pages that I do not understand either,

    I ran Malwarebytes earlier tonight and had like 63 of those stupid pup things I get now and then. I did not restart computer for fear of not rebooting so they are not quaratined yet.
    Last edited by Msbsgblue; March 4th, 2018 at 01:53 AM.

  7. #22
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067
    READ ABOVE!! PLEASE ANSWER 2 QUESTIONS!!

    Was I suppose to click FIX on the FARBAR scan? I did not as you did not say.

    And, if Valvaldi and Chrome are working fine did it just effect Firefox and if so why not just delete Firefox?

    PLEASE do not close this post in 5 days because as sick as I am it may take me a day or so longer. WAITING FOR REPLY!

  8. #23
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067

    Rouge Killer

    PLEASE GO UP AND REPLY TO 2 QUESTIONS PLEASE!!

    RogueKiller V12.12.6.0 (x64) [Feb 26 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.16299) 64 bits version
    Started in : Normal mode
    User : 1patp [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 03/04/2018 09:55:07 (Duration : 01:14:03)
    Switches : -refid

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 2 ¤¤¤
    [PUP.Wintonic] (X64) HKEY_LOCAL_MACHINE\Software\pctonics.com -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f671e557-e47f-40f3-875f-0bb43240512e} | DhcpNameServer : 40.23.1.11 ([United States]) -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 7 ¤¤¤
    [PUP.Wintonic][Folder] C:\ProgramData\pctonics.com -> Deleted
    [PUP.Wintonic][File] C:\ProgramData\pctonics.com\Ad-BlockerPro\FF\com.adblockerpro.native.json -> Deleted
    [PUP.Wintonic][File] C:\ProgramData\pctonics.com\Ad-BlockerPro\FF\install_host.bat -> Deleted
    [PUP.Wintonic][Folder] C:\ProgramData\pctonics.com\Ad-BlockerPro\FF -> Deleted
    [PUP.Wintonic][File] C:\ProgramData\pctonics.com\Ad-BlockerPro\GC\com.adblockerpro.native.json -> Deleted
    [PUP.Wintonic][File] C:\ProgramData\pctonics.com\Ad-BlockerPro\GC\install_host.bat -> Deleted
    [PUP.Wintonic][Folder] C:\ProgramData\pctonics.com\Ad-BlockerPro\GC -> Deleted
    [PUP.Wintonic][File] C:\ProgramData\pctonics.com\Ad-BlockerPro\IE\com.adblockerpro.native.json -> Deleted
    [PUP.Wintonic][File] C:\ProgramData\pctonics.com\Ad-BlockerPro\IE\install_host.bat -> Deleted
    [PUP.Wintonic][Folder] C:\ProgramData\pctonics.com\Ad-BlockerPro\IE -> Deleted
    [PUP.Wintonic][Folder] C:\ProgramData\pctonics.com\Ad-BlockerPro -> Deleted
    [PUP.Wintonic][Folder] C:\Users\1patp\AppData\Roaming\pctonics.com -> Deleted
    [PUP.Wintonic][File] C:\Users\1patp\AppData\Roaming\pctonics.com\Ad-BlockerPro\2017_09_29_ErrorLog.txt -> Deleted
    [PUP.Wintonic][Folder] C:\Users\1patp\AppData\Roaming\pctonics.com\Ad-BlockerPro -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\blink_image_resources_200_percent.pak -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\data_0 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\data_1 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\data_2 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\data_3 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000001 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000002 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000003 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000004 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000005 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000006 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000007 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000008 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000009 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00000a -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00000b -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00000c -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00000d -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00000e -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00000f -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000010 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000011 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000012 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000013 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000014 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000015 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000016 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000017 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000018 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000019 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00001a -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00001b -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00001c -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00001d -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00001e -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00001f -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000020 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000021 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000022 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000023 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000024 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000025 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000026 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000027 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000028 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000029 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00002a -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00002b -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00002c -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00002d -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00002e -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00002f -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000030 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000031 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000032 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000033 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000035 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000036 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000037 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000038 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000039 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00003a -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00003b -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00003c -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00003d -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00003e -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00003f -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000040 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000041 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000042 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000043 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000044 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000045 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000046 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000047 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000048 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000049 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00004a -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00004b -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00004c -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00004d -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00004e -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00004f -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000050 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000051 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000052 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000053 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000054 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000055 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000056 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000057 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000058 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000059 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00005a -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00005b -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00005c -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00005d -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00005e -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00005f -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000060 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000061 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000062 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000063 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000064 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000065 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000066 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000067 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000068 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000069 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00006a -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00006b -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00006c -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00006d -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00006e -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_00006f -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000070 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000071 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000072 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000073 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\f_000074 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache\index -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Cache -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\content_resources_200_percent.pak -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\content_shell.pak -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cookies -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Cookies-journal -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\d3dcompiler_47.dll -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\ffmpeg.dll -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\GPUCache\data_0 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\GPUCache\data_1 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\GPUCache\data_2 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\GPUCache\data_3 -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\GPUCache\index -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\GPUCache -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\icudtl.dat -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\libEGL.dll -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\libGLESv2.dll -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Local Storage\file__0.localstorage -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Local Storage\file__0.localstorage-journal -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Local Storage\http_pluto.tv_0.localstorage -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Local Storage\http_pluto.tv_0.localstorage-journal -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Local Storage -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\locales\en-US.pak -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\locales -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\lockfile -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\natives_blob.bin -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\node.dll -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\pepflashplayer32_22_0_0_158.dll -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\BB93.tmp -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\8Z9JDLJ5 -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\DDE3.tmp -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TG3QGTUV\macromedia.com\support\flashplayer\sys\settings.sol -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TG3QGTUV\macromedia.com\support\flashplayer\sys -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TG3QGTUV\macromedia.com\support\flashplayer -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TG3QGTUV\macromedia.com\support -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TG3QGTUV\macromedia.com -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TG3QGTUV -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\Pepper Data -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\PlutoTV.exe -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\Preferences -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\resources\electron.asar -> Deleted
    [PUP.Filefinder][Folder] C:\Users\1patp\AppData\Roaming\Pluto TV\resources -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\snapshot_blob.bin -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\ui_resources_200_percent.pak -> Deleted
    [PUP.Filefinder][File] C:\Users\1patp\AppData\Roaming\Pluto TV\views_resources_200_percent.pak -> Deleted
    [PUP.PCProtect][Folder] C:\Users\1patp\AppData\Roaming\TotalAV -> Deleted
    [PUP.PCProtect][File] C:\Users\1patp\AppData\Roaming\TotalAV\1.12.0\avira32redist.zip -> Deleted
    [PUP.PCProtect][Folder] C:\Users\1patp\AppData\Roaming\TotalAV\1.12.0 -> Deleted
    [PUP.PCProtect][File] C:\Users\1patp\AppData\Roaming\TotalAV\1.17.0\avira32redist.zip -> Deleted
    [PUP.PCProtect][Folder] C:\Users\1patp\AppData\Roaming\TotalAV\1.17.0 -> Deleted
    [PUP.PCProtect][File] C:\Users\1patp\AppData\Roaming\TotalAV\2.2.0\avira32redist.zip -> Deleted
    [PUP.PCProtect][Folder] C:\Users\1patp\AppData\Roaming\TotalAV\2.2.0 -> Deleted
    [PUP.PCProtect][File] C:\Users\1patp\AppData\Roaming\TotalAV\vdf_1509303464.zip -> Deleted
    [PUP.PCProtect][File] C:\Users\1patp\AppData\Roaming\TotalAV\vdf_1516215998.zip -> Deleted
    [PUP.Wintonic][Folder] C:\ProgramData\pctonics.com -> ERROR [3]
    [PUP.ByteFence|PUP.Gen1][Folder] C:\Program Files\ByteFence -> Deleted
    [PUP.ByteFence|PUP.Gen1][File] C:\Program Files\ByteFence\SignaturesPacks.dat -> Deleted
    [PUP.Firefox][File] C:\Users\1patp\AppData\Roaming\Mozilla\Firefox\Profiles\ko2vaeg6.default\Invalidprefs.js -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUP.PCProtect][Chrome:Addon] Default : Total AV Web Shield [looohgelibjoplmkhecmalapkgadkfcc] -> Not selected
    [PUM.HomePage][Firefox:Config] ko2vaeg6.default : user_pref("browser.startup.homepage", "moz-extension://83a8ee0c-2966-4e85-bc8a-9f85a90dd977/dynamicHomePage.html"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
    --- User ---
    [MBR] 3984d5ef89935341351599e1638f9589
    [BSP] 5fdf1bbce543f8303ce2f7daeb8fe426 : Empty MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
    2 - Basic data partition | Offset (sectors): 796672 | Size: 456760 MB
    3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 936243200 | Size: 986 MB
    4 - [SYSTEM] Basic data partition | Offset (sectors): 938262528 | Size: 18801 MB
    User = LL1 ... OK
    User = LL2 ... OK

  9. #24
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067
    MAWAREBYTES - I told you I ran this before I started any of this post. Had 63 pups, they are now quarantined. So there is no reason to run this one again.

  10. #25
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067

    LAST ONE OF YOUR SCANS

    # AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 04 18:19:39 2018
    # Updated on 2018/08/02 by Malwarebytes
    # Database: 03-02-2018.1
    # Running on Windows 10 Home (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.Legacy, C:\Users\All Users\Documents\Downloaded Installers
    PUP.Optional.Legacy, C:\Users\Public\Documents\Downloaded Installers
    PUP.Optional.Legacy, C:\Users\1patp\Documents\TotalAV


    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d169bbxks24g2u.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d2m2wsoho8qq12.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d359xmryfs3fye.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d3mwhxgzltpnyp.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\therapypet.org
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d169bbxks24g2u.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d2m2wsoho8qq12.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d359xmryfs3fye.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d3mwhxgzltpnyp.cloudfront.net
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\therapypet.org
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
    PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
    PUP.Optional.MyWebShield, [Key] - HKCU\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
    PUP.Optional.DriverAgent, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\download.driversupport.com
    PUP.Optional.DriverAgent, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driversupport.com
    PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
    PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
    PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
    PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
    PUP.Optional.WinTonic, [Key] - HKLM\SOFTWARE\pctonics.com


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    PUP.Optional.MyWebShield, Plugin found: Total AV Web Shield -

    /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


    *************************



    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

  11. #26
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067
    The AdWare Cleaner you gave me said nothing about being by Explode. Afterwards I also ran Kaspersky and my computer looked good. Now to go try Firefox.

  12. #27
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Why is the computer momentarily running good on Chrome and Avaldi but not on Firefox?
    We're trying to find out.

    IS THERE ANYWAY i CAN GIVE YOU ACCESS TO MY COMPUTER AND YOU RUN THESE FOR ME?
    No, I don't do this.

    Was I suppose to click FIX on the FARBAR scan?
    No.

    if Valvaldi and Chrome are working fine did it just effect Firefox and if so why not just delete Firefox?
    At some point we can reset or reinstall it.


    If Firefox still misbehaves...

    Reset Firefox: https://support.mozilla.org/en-US/kb...-most-problems

    If the above didn't help...

    Uninstall Firefox completely using this manual: https://support.mozilla.org/en-US/kb...-your-computer
    NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
    Install fresh copy.

    Let me know if it helped.

  13. #28
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067
    At the moment we seem to be in good condition so for now I am going to leave things as is. I had added Vivaldi to my computer a couple months ago but really had not taken the time to check it out a lot. This afternoon I "played" with it a while and I like some of the things you can do. It is certainly different from other browsers and so far I really like it so along with Chrome I'm fairly happy. I really want to learn all that Vivaldi can do. There is quite a lot to learn.

    I don't like Edge at all and Cortana quit working with the last update they did which was really a non issue to me anyway although it was fun in a way but the browser itself was never that much.

    As for security I just downloaded Kaspersky today and really like it. I had heard a lot of good things about it before.

    I THANK YOU so much and think for now that I am in a good place.
    Last edited by Msbsgblue; March 4th, 2018 at 10:09 PM.

  14. #29
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Fair enough. Good luck

  15. #30
    Join Date
    Nov 2003
    Location
    Missouri
    Posts
    1,067

    Angry Uh Oh Broni, unfortunately this morning Firefox is back to old trick.

    O.K. So we thought we had this resolved yesterday after all the scans. So I decided to try Firefox again this morning again to be sure. it does not appear to have effected Vivaldi or Chrome so is there any reason that I can't just uninstall it from my computer?

    Since beginning to use Vivaldi last evening I am getting most attached to it and it is certainly a fast browser. Love the capability of stacking the tabs if I choose and other features. Plus, being a woman I love the fact that it is so colorful, LOL!

    Unless I JUST HAVE TO find out what is wrong with it, I am just done with it.
    Last edited by Msbsgblue; March 5th, 2018 at 11:54 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •