Jump to content

spiedrahita

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by spiedrahita

  1. Great, thank you for your help and the extra information. I really appreciate it.
  2. Well, so far so good. I've reset the start page manually and restarted both IE and my computer and Trovi has not returned. Is there anything else I should do? Thank you!
  3. Sorry, Trovi is only hijacking the start page in Internet Explorer. Chrome seems fine.
  4. Okay I've reset the browsers. Unfortunately it doesn't seem to have changed the Trovi start page.
  5. Okay, I ran the fix and the log is attached. When I open Internet Explorer Trovi is still there however. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014 Ran by Home at 2014-07-29 10:01:53 Run:1 Running from C:\Users\Home\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...124775B9C&SSPV= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://download.eset...lineScanner.cab CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Sandra\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_1.exe C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_2.exe Task: {0484A257-5507-42E7-8536-D8477039DD69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.) Task: {5B0CE3CC-0228-4F06-9B49-4268DE295BE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {91DF7F87-9D22-4BB7-9FE6-103078224082} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-properties AlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-thumbnail ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key deleted successfully. "HKCR\CLSID\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key deleted successfully. "HKCR\CLSID\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully. "HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk" => Key deleted successfully. "CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Sandra\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx" => File/Directory not found. C:\ProgramData\MakeMarkerFile.exe => Moved successfully. C:\Users\EasySurvey\EasySurvey.exe => Moved successfully. C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe => Moved successfully. C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_1.exe => Moved successfully. C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_2.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0484A257-5507-42E7-8536-D8477039DD69}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0484A257-5507-42E7-8536-D8477039DD69}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B0CE3CC-0228-4F06-9B49-4268DE295BE2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B0CE3CC-0228-4F06-9B49-4268DE295BE2}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CC813C9-712A-41EF-9512-B233444FC669}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CC813C9-712A-41EF-9512-B233444FC669}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91DF7F87-9D22-4BB7-9FE6-103078224082}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91DF7F87-9D22-4BB7-9FE6-103078224082}" => Key deleted successfully. C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => Key deleted successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Users\Home\SkyDrive => ":ms-properties" ADS removed successfully. C:\Users\Home\Documents\Truck 1.jpg => ":ms-properties" ADS removed successfully. C:\Users\Home\Documents\Truck 1.jpg => ":ms-thumbnail" ADS removed successfully. ==== End of Fixlog ====
  6. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/28/2014 Scan Time: 1:39:55 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.28.06 Rootkit Database: v2014.07.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Home Scan Type: Threat Scan Result: Completed Objects Scanned: 432582 Time Elapsed: 16 min, 31 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 1 PUP.Optional.Trovi.A, HKU\S-1-5-21-3214703091-3445229301-533389535-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=),Replaced,[18cea1033d3ef93d9c0e119b2bd97b85] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  7. Okay, please find new FRST, Additions and MBAM logs to follow: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by Home (administrator) on LAPTOP on 28-07-2014 13:34:42 Running from C:\Users\Home\Downloads Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (M-Audio) C:\Program Files (x86)\M-Audio\Axiom AIR\AudioDevMon.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-06] (Realtek Semiconductor) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-21] (Synaptics Incorporated) HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkFor (the data entry has 8 more characters). HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit) HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHDA.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION) AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found Startup: C:\Users\Sandra.bak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = SearchScopes: HKLM - DefaultScope {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - DefaultScope {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-06-23] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-16] Chrome: ======= CHR HomePage: CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26] CHR Extension: (Norton Identity Protection) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-23] CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-10] CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Sandra\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2014-07-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) R2 AxiomAIRAudioDevMon; C:\Program Files (x86)\M-Audio\Axiom AIR\AudioDevMon.exe [540368 2013-11-01] (M-Audio) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-26] (Symantec Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AXIOM; C:\Windows\system32\DRIVERS\MAudioAxiomAIR.sys [477392 2013-11-01] (M-Audio) S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-16] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-16] (Symantec Corporation) S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation) S3 MADFUAXIOM; C:\Windows\System32\drivers\MAudioAxiomAIR_DFU.sys [29904 2013-11-01] (M-Audio) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140728.003\ENG64.SYS [126040 2014-06-22] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140728.003\EX64.SYS [2099288 2014-06-22] (Symantec Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-15] (Windows ® 2003 DDK 3790 provider) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation) S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-29] (Symantec Corporation) S3 SymDS; C:\Windows\system32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) S3 SymEFA; C:\Windows\system32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1504000.00D\SymELAM.sys [23568 2013-10-30] (Symantec Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-10] (Symantec Corporation) S3 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-29] (Symantec Corporation) S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 13:34 - 2014-07-28 13:34 - 00018801 _____ () C:\Users\Home\Downloads\FRST.txt 2014-07-28 13:21 - 2014-07-28 13:22 - 02093568 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe 2014-07-28 13:03 - 2014-07-28 13:12 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe 2014-07-24 22:05 - 2014-07-24 22:08 - 00001814 _____ () C:\Users\Home\Downloads\SystemLook.txt 2014-07-24 20:53 - 2014-07-24 20:53 - 00165376 _____ () C:\Users\Home\Downloads\SystemLook_x64.exe 2014-07-23 14:10 - 2014-07-23 14:18 - 00012895 _____ () C:\Users\Home\Documents\Memberships.xlsx 2014-07-22 22:05 - 2014-07-22 22:05 - 00015298 _____ () C:\Users\Home\Desktop\JavaRa.log 2014-07-22 17:54 - 2014-07-22 17:55 - 00000000 ____D () C:\Users\Home\Desktop\Remove Java 2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-07-22 10:29 - 2014-07-28 12:44 - 00008994 _____ () C:\WINDOWS\PFRO.log 2014-07-22 10:29 - 2014-07-22 10:29 - 00000000 _____ () C:\asc_rdflag 2014-07-22 10:14 - 2014-07-09 21:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-07-22 10:14 - 2014-07-09 21:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-07-22 10:14 - 2014-07-09 20:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EpsonNet 2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EPSON 2014-07-21 22:11 - 2011-08-30 13:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll 2014-07-21 22:11 - 2011-08-30 13:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll 2014-07-21 22:11 - 2011-08-30 13:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll 2014-07-21 22:11 - 2011-08-30 13:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll 2014-07-21 22:11 - 2011-08-01 18:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll 2014-07-21 22:11 - 2011-08-01 18:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll 2014-07-21 22:10 - 2014-07-21 22:10 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\Epson Software 2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\epson 2014-07-21 22:10 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll 2014-07-21 22:10 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BHDA.DLL 2014-07-21 22:10 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe 2014-07-21 22:10 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll 2014-07-21 22:02 - 2014-07-21 22:05 - 02867200 _____ () C:\Users\Home\Downloads\epson15049 (1).exe 2014-07-21 21:39 - 2014-07-21 21:39 - 00000000 ____D () C:\Users\Home\AppData\Local\ABBYY 2014-07-21 21:38 - 2014-07-22 10:42 - 00000000 ____D () C:\ProgramData\ABBYY 2014-07-21 21:30 - 2014-07-21 21:33 - 19462432 _____ () C:\Users\Home\Downloads\epson15049.exe 2014-07-21 20:55 - 2014-07-21 20:58 - 18663712 _____ () C:\Users\Home\Downloads\epson15545.exe 2014-07-21 18:07 - 2014-07-28 11:46 - 01017486 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-21 17:33 - 2014-07-21 17:33 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software 2014-07-21 16:58 - 2014-07-21 16:58 - 01063464 _____ (SEIKO EPSON Corp.) C:\Users\Home\Downloads\standard.exe 2014-07-21 16:53 - 2014-07-21 16:55 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (2).exe 2014-07-21 15:46 - 2014-07-21 15:48 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (1).exe 2014-07-21 13:38 - 2014-07-21 13:40 - 127015200 _____ () C:\Users\Home\Downloads\epson15716.exe 2014-07-21 11:17 - 2014-07-21 11:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\InstallShield 2014-07-21 11:12 - 2011-04-19 21:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMHDA.DLL 2014-07-21 11:05 - 2014-07-21 22:10 - 00000079 _____ () C:\WINDOWS\EW7520.ini 2014-07-21 10:24 - 2011-12-14 12:21 - 00086016 _____ () C:\WINDOWS\SysWOW64\SYNSOPOS.exe 2014-07-21 10:23 - 2014-07-21 10:24 - 00000000 ____D () C:\Program Files (x86)\eLicenser 2014-07-21 10:23 - 2012-12-07 08:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\SYNSOACC.dll 2014-07-21 10:22 - 2014-07-21 10:22 - 00001173 _____ () C:\Users\Home\Desktop\Analog Lab.lnk 2014-07-21 10:22 - 2014-07-21 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia 2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\VST3 2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\Avid 2014-07-21 10:11 - 2014-07-21 10:14 - 295057568 _____ (Arturia Musical Instruments ) C:\Users\Home\Downloads\Analog_Lab_1_1.exe 2014-07-20 18:52 - 2014-07-21 21:21 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps 2014-07-19 22:52 - 2014-07-19 22:52 - 00001617 _____ () C:\Users\Home\Desktop\MBAM.txt 2014-07-19 22:51 - 2014-07-19 22:51 - 00049656 _____ () C:\Users\Home\Desktop\FRST.txt 2014-07-19 22:51 - 2014-07-19 22:51 - 00035924 _____ () C:\Users\Home\Desktop\Addition.txt 2014-07-19 22:45 - 2014-07-19 22:46 - 00035924 _____ () C:\Users\Home\Downloads\Addition.txt 2014-07-19 22:42 - 2014-07-28 13:22 - 00000000 ____D () C:\Users\Home\Downloads\FRST-OlderVersion 2014-07-18 15:26 - 2014-07-18 15:26 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-18 15:05 - 2014-07-18 15:05 - 00001273 _____ () C:\Users\Home\Desktop\AdwCleaner[s1].txt 2014-07-18 14:56 - 2014-07-18 14:56 - 01354223 _____ () C:\Users\Home\Downloads\adwcleaner_3.216.exe 2014-07-18 14:55 - 2014-07-18 14:55 - 00000621 _____ () C:\Users\Home\Desktop\JRT.txt 2014-07-16 17:14 - 2014-07-16 17:14 - 00030312 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-07-16 16:55 - 2014-07-16 16:55 - 00791393 _____ (Lars Hederer ) C:\Users\Home\Downloads\erunt-setup.exe 2014-07-16 09:02 - 2014-07-22 21:57 - 00015298 _____ () C:\JavaRa.log 2014-07-16 09:01 - 2014-07-16 09:01 - 00000000 ____D () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13 2014-07-16 08:01 - 2014-07-28 13:34 - 00000000 ____D () C:\FRST 2014-07-15 17:29 - 2014-07-18 15:00 - 00000000 ____D () C:\AdwCleaner 2014-07-15 17:29 - 2014-07-15 17:29 - 01348263 _____ () C:\Users\Home\Downloads\adwcleaner_3.215.exe 2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-15 17:00 - 2014-07-15 17:00 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Downloads\TFC.exe 2014-07-15 16:59 - 2014-07-15 16:59 - 05336664 _____ () C:\Users\Home\Downloads\RogueKillerX64.exe 2014-07-15 16:59 - 2014-07-15 16:59 - 00165483 _____ () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13.zip 2014-07-15 16:51 - 2014-07-15 16:51 - 00004535 _____ () C:\Users\Home\Downloads\RKreport_SCN_07132014_220711.log 2014-07-15 14:44 - 2014-07-15 14:44 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-07-15 14:09 - 2014-07-15 14:09 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2014-07-15 14:09 - 2014-07-15 14:09 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-07-15 14:01 - 2014-07-15 14:01 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-15 14:01 - 2014-07-15 14:01 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-15 14:01 - 2014-07-15 14:01 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-15 14:00 - 2014-07-15 14:00 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-15 13:59 - 2014-07-15 13:59 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2014-07-14 10:20 - 2014-07-14 10:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment 2014-07-08 20:40 - 2014-06-26 13:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-07-08 20:40 - 2014-06-26 13:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-08 20:37 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-08 20:37 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-08 20:37 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-08 20:37 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-08 20:37 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-08 20:37 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-08 20:37 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-08 20:37 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-08 20:37 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-08 20:37 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-08 20:37 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-08 20:37 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-08 20:37 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-08 20:37 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-08 20:37 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-08 20:37 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-08 20:37 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-08 20:37 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-08 20:37 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-08 20:37 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-08 20:37 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-08 20:37 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-08 20:37 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-08 20:37 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-08 20:37 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-07-08 20:37 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-07-08 20:37 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-07-08 20:37 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-07-08 20:37 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-07-08 20:37 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-08 20:36 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-08 20:35 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-08 20:34 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-08 20:34 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-08 20:34 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-08 20:34 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-08 20:34 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-08 20:34 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-07-08 20:34 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-08 20:31 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-08 20:31 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-07-08 20:31 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-07-08 20:31 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-07-08 20:31 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-08 20:31 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-08 20:31 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-08 20:31 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-08 20:31 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-08 20:31 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-08 20:31 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-08 20:31 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-07-08 20:31 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-07-08 20:31 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-07-08 20:31 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-07-08 20:30 - 2014-07-08 20:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 13:34 - 2014-07-28 13:34 - 00018801 _____ () C:\Users\Home\Downloads\FRST.txt 2014-07-28 13:34 - 2014-07-16 08:01 - 00000000 ____D () C:\FRST 2014-07-28 13:34 - 2014-01-23 12:26 - 00000000 __RDO () C:\Users\Home\SkyDrive 2014-07-28 13:33 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-28 13:33 - 2013-03-30 09:18 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-28 13:28 - 2013-07-15 20:47 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3214703091-3445229301-533389535-1011 2014-07-28 13:22 - 2014-07-28 13:21 - 02093568 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe 2014-07-28 13:22 - 2014-07-19 22:42 - 00000000 ____D () C:\Users\Home\Downloads\FRST-OlderVersion 2014-07-28 13:21 - 2013-03-30 09:19 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-28 13:12 - 2014-07-28 13:03 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe 2014-07-28 13:08 - 2014-04-21 21:53 - 00000000 ____D () C:\Users\Home\Documents\Outlook Files 2014-07-28 13:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-28 12:44 - 2014-07-22 10:29 - 00008994 _____ () C:\WINDOWS\PFRO.log 2014-07-28 12:43 - 2014-06-12 10:38 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job 2014-07-28 12:42 - 2012-09-18 03:47 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-28 12:42 - 2012-09-18 03:47 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-07-28 12:35 - 2012-09-18 03:49 - 00000000 ____D () C:\ProgramData\WinClon 2014-07-28 11:46 - 2014-07-21 18:07 - 01017486 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-27 11:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-25 15:42 - 2013-07-15 21:09 - 00000000 ____D () C:\Users\Home\Documents\Work 2014-07-25 15:41 - 2014-06-21 21:29 - 00000000 ____D () C:\Users\Home\AppData\Local\VirtualStore 2014-07-25 15:41 - 2013-11-12 18:53 - 00000000 ____D () C:\Users\Home 2014-07-25 11:45 - 2013-08-22 06:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-24 22:08 - 2014-07-24 22:05 - 00001814 _____ () C:\Users\Home\Downloads\SystemLook.txt 2014-07-24 20:53 - 2014-07-24 20:53 - 00165376 _____ () C:\Users\Home\Downloads\SystemLook_x64.exe 2014-07-24 20:43 - 2014-06-12 10:38 - 00002233 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-07-23 14:18 - 2014-07-23 14:10 - 00012895 _____ () C:\Users\Home\Documents\Memberships.xlsx 2014-07-23 11:33 - 2014-06-22 22:47 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-22 22:05 - 2014-07-22 22:05 - 00015298 _____ () C:\Users\Home\Desktop\JavaRa.log 2014-07-22 21:57 - 2014-07-16 09:02 - 00015298 _____ () C:\JavaRa.log 2014-07-22 21:44 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-22 21:42 - 2014-01-17 12:19 - 00000000 ____D () C:\ProgramData\ProductData 2014-07-22 21:11 - 2013-07-15 20:40 - 00000000 ____D () C:\Users\Home\AppData\Local\Packages 2014-07-22 17:55 - 2014-07-22 17:54 - 00000000 ____D () C:\Users\Home\Desktop\Remove Java 2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-07-22 10:42 - 2014-07-21 21:38 - 00000000 ____D () C:\ProgramData\ABBYY 2014-07-22 10:29 - 2014-07-22 10:29 - 00000000 _____ () C:\asc_rdflag 2014-07-22 10:29 - 2014-01-28 21:11 - 00376832 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2014-07-22 10:29 - 2014-01-28 21:11 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2014-07-22 10:29 - 2014-01-28 21:11 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak 2014-07-22 10:29 - 2014-01-28 21:10 - 86781952 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2014-07-22 10:28 - 2014-06-12 10:38 - 00000254 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Home.job 2014-07-21 22:47 - 2013-03-29 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EpsonNet 2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EPSON 2014-07-21 22:11 - 2013-05-23 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2014-07-21 22:11 - 2012-09-18 03:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-21 22:10 - 2014-07-21 22:10 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\Epson Software 2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\epson 2014-07-21 22:10 - 2014-07-21 11:05 - 00000079 _____ () C:\WINDOWS\EW7520.ini 2014-07-21 22:10 - 2013-03-29 11:56 - 00000000 ____D () C:\ProgramData\EPSON 2014-07-21 22:08 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2014-07-21 22:05 - 2014-07-21 22:02 - 02867200 _____ () C:\Users\Home\Downloads\epson15049 (1).exe 2014-07-21 21:39 - 2014-07-21 21:39 - 00000000 ____D () C:\Users\Home\AppData\Local\ABBYY 2014-07-21 21:33 - 2014-07-21 21:30 - 19462432 _____ () C:\Users\Home\Downloads\epson15049.exe 2014-07-21 21:21 - 2014-07-20 18:52 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps 2014-07-21 20:58 - 2014-07-21 20:55 - 18663712 _____ () C:\Users\Home\Downloads\epson15545.exe 2014-07-21 19:28 - 2014-06-11 15:35 - 00004962 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-Home Laptop 2014-07-21 18:24 - 2013-09-29 21:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-21 18:15 - 2013-07-15 20:41 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Epson 2014-07-21 17:33 - 2014-07-21 17:33 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software 2014-07-21 16:58 - 2014-07-21 16:58 - 01063464 _____ (SEIKO EPSON Corp.) C:\Users\Home\Downloads\standard.exe 2014-07-21 16:55 - 2014-07-21 16:53 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (2).exe 2014-07-21 15:48 - 2014-07-21 15:46 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (1).exe 2014-07-21 13:40 - 2014-07-21 13:38 - 127015200 _____ () C:\Users\Home\Downloads\epson15716.exe 2014-07-21 11:17 - 2014-07-21 11:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\InstallShield 2014-07-21 10:29 - 2014-05-25 09:06 - 00000000 ____D () C:\ProgramData\eLicenser 2014-07-21 10:24 - 2014-07-21 10:23 - 00000000 ____D () C:\Program Files (x86)\eLicenser 2014-07-21 10:24 - 2014-05-25 09:07 - 00000049 _____ () C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg 2014-07-21 10:24 - 2014-05-25 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser 2014-07-21 10:22 - 2014-07-21 10:22 - 00001173 _____ () C:\Users\Home\Desktop\Analog Lab.lnk 2014-07-21 10:22 - 2014-07-21 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia 2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\VST3 2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\Avid 2014-07-21 10:20 - 2014-05-25 09:03 - 00000000 ____D () C:\Program Files\VstPlugins 2014-07-21 10:14 - 2014-07-21 10:11 - 295057568 _____ (Arturia Musical Instruments ) C:\Users\Home\Downloads\Analog_Lab_1_1.exe 2014-07-19 22:52 - 2014-07-19 22:52 - 00001617 _____ () C:\Users\Home\Desktop\MBAM.txt 2014-07-19 22:52 - 2014-06-18 20:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-19 22:51 - 2014-07-19 22:51 - 00049656 _____ () C:\Users\Home\Desktop\FRST.txt 2014-07-19 22:51 - 2014-07-19 22:51 - 00035924 _____ () C:\Users\Home\Desktop\Addition.txt 2014-07-19 22:46 - 2014-07-19 22:45 - 00035924 _____ () C:\Users\Home\Downloads\Addition.txt 2014-07-18 15:26 - 2014-07-18 15:26 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-18 15:05 - 2014-07-18 15:05 - 00001273 _____ () C:\Users\Home\Desktop\AdwCleaner[s1].txt 2014-07-18 15:00 - 2014-07-15 17:29 - 00000000 ____D () C:\AdwCleaner 2014-07-18 14:56 - 2014-07-18 14:56 - 01354223 _____ () C:\Users\Home\Downloads\adwcleaner_3.216.exe 2014-07-18 14:55 - 2014-07-18 14:55 - 00000621 _____ () C:\Users\Home\Desktop\JRT.txt 2014-07-16 17:14 - 2014-07-16 17:14 - 00030312 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-07-16 16:55 - 2014-07-16 16:55 - 00791393 _____ (Lars Hederer ) C:\Users\Home\Downloads\erunt-setup.exe 2014-07-16 09:02 - 2013-03-31 20:24 - 00000000 ____D () C:\Program Files (x86)\java 2014-07-16 09:01 - 2014-07-16 09:01 - 00000000 ____D () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13 2014-07-15 17:29 - 2014-07-15 17:29 - 01348263 _____ () C:\Users\Home\Downloads\adwcleaner_3.215.exe 2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-15 17:00 - 2014-07-15 17:00 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Downloads\TFC.exe 2014-07-15 16:59 - 2014-07-15 16:59 - 05336664 _____ () C:\Users\Home\Downloads\RogueKillerX64.exe 2014-07-15 16:59 - 2014-07-15 16:59 - 00165483 _____ () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13.zip 2014-07-15 16:51 - 2014-07-15 16:51 - 00004535 _____ () C:\Users\Home\Downloads\RKreport_SCN_07132014_220711.log 2014-07-15 15:09 - 2014-06-23 10:22 - 11185664 _____ (SurfRight B.V.) C:\Users\Home\Downloads\HitmanPro_x64.exe 2014-07-15 14:44 - 2014-07-15 14:44 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-07-15 14:35 - 2012-07-26 01:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-07-15 14:10 - 2012-09-18 03:48 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 2014-07-15 14:09 - 2014-07-15 14:09 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2014-07-15 14:09 - 2014-07-15 14:09 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-07-15 14:09 - 2014-06-16 18:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-07-15 14:08 - 2013-04-05 10:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-07-15 14:01 - 2014-07-15 14:01 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-15 14:01 - 2014-07-15 14:01 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-15 14:01 - 2014-07-15 14:01 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-15 14:01 - 2014-07-15 14:01 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-15 14:01 - 2014-07-15 14:01 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-15 14:00 - 2014-07-15 14:00 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-15 13:59 - 2014-07-15 13:59 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2014-07-14 10:20 - 2014-07-14 10:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment 2014-07-10 15:29 - 2013-07-11 15:08 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-10 15:15 - 2013-03-29 14:32 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-09 21:16 - 2014-07-22 10:14 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-07-09 21:10 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-07-09 21:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-07-09 21:09 - 2013-08-22 07:44 - 05098592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-09 21:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-09 21:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-09 21:03 - 2014-07-22 10:14 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-07-09 20:33 - 2014-07-22 10:14 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-07-08 20:38 - 2013-09-29 20:51 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-08 20:30 - 2014-07-08 20:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe Some content of TEMP: ==================== C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_1.exe C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_2.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 13:29 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014 Ran by Home at 2014-07-28 13:36:07 Running from C:\Users\Home\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ableton Live 8 (HKLM-x32\...\{3CBF4CD3-9370-44A0-B464-A21E588DD122}) (Version: 8.0.0.0 - Ableton) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.2.1.260 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit) Analog Lab 1.1.0 (HKLM-x32\...\analoglab073_is1) (Version: 1.1.0 - Arturia) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.) Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.) Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.) Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.) Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.) Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.) Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2136 - Steinberg Media Technologies GmbH) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-7520 Series Printer Uninstall (HKLM\...\EPSON WF-7520 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 4.6.4 (HKLM-x32\...\{DDAFC46A-90E2-11E2-B700-984BE15F174E}) (Version: 4.6.4.8136 - Evernote Corp.) Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Ignite (HKLM-x32\...\{9A731246-E02E-44DC-940D-0F8110C1789D}) (Version: 1.3.1 - AIR Music Technology) Ignite (x32 Version: 1.3.1 - AIR Music Technology) Hidden Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel) Intel PROSet Wireless (Version: - ) Hidden Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation) Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{AD0F3D6D-202A-4BAB-8838-0134531FD3AF}) (Version: 15.5.6.0460 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1657 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) M-Audio Axiom AIR 1.0.8 (x64) (HKLM\...\{ACD73767-8749-4268-B78D-8CF135BC0C25}) (Version: 1.0.8 - M-Audio) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden MyHarmony (HKCU\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech) Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation) NVIDIA Control Panel 305.46 (Version: 305.46 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.) Realtime Landscaping Pro 2013 (HKLM-x32\...\{9553CB41-9B98-4FA0-8919-2FE6BE278C7B}) (Version: 8.1.5 - Idea Spectrum) Realtime Landscaping Pro 2013 Trial (HKLM-x32\...\{0B1E5DED-C94D-4C21-96E0-D71BB7897B44}) (Version: 5.1.5 - Idea Spectrum) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.) S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.) Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.1 - Synaptics Incorporated) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer) User Guide (HKLM-x32\...\{9914AD8E-C0D6-420D-BEF6-40BF4DEDE3BA}) (Version: 1.2.00 - Samsung Electronics CO., LTD.) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.) Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-07-2014 22:11:47 Windows Update 15-07-2014 20:58:10 Windows Modules Installer 21-07-2014 18:13:03 Installed Epson Event Manager 28-07-2014 19:41:42 Removed Adobe Reader XI (11.0.07). ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0484A257-5507-42E7-8536-D8477039DD69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0A51506B-657B-4096-8D66-C477033F97F3} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0D15E43D-34A9-4912-AF76-3B260EAFE8D9} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-sandra2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated) Task: {1A51B650-896E-49D1-AC22-E3256B14F3E2} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Home2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated) Task: {1B198CCE-8A06-46A0-8EF3-63E9EB685ED8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {22CF0F19-46F2-4A5D-AF62-6A1A464A359F} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-16] (Samsung Electronics CO., LTD.) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3FFC866D-E100-494D-9D0B-C14726C7B6F2} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {42A6319B-771C-4031-9654-0DB01DC779A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {46E724FE-CE00-4B68-BC46-2DDFDF95217E} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated) Task: {4899564C-BA96-481A-85B5-662C505C1396} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {55029777-A770-4BAE-884F-8FAE3DE69587} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {585D1B9B-2C63-44F1-8A76-8C911E563BE7} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.) Task: {5B0CE3CC-0228-4F06-9B49-4268DE295BE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.) Task: {640CCA43-F540-495D-86AA-5FA96D7C42BD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation) Task: {67454999-0147-411B-9C68-D71328512DE2} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6CDB0831-F16C-47B8-902D-C703A6055462} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {72E38400-DDB2-4B0D-8D4A-8389F17FF3F0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7B5BFACE-E767-4CF8-B71B-9089C703724D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {91DF7F87-9D22-4BB7-9FE6-103078224082} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {93AFEA39-BD09-4001-BD77-2B1237856B15} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-Home Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation) Task: {9600FE73-6503-4251-B9B1-8D8EDE9CA4C8} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Home => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated) Task: {9DB18519-896B-4139-8BB6-B21C0EB9569C} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-16] (SEC) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {B588494B-6E78-40CA-8004-1373A9EA7440} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Laptop => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated) Task: {B820D568-B41C-4F36-AF34-D1AB732C5BCA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-21] (Synaptics Incorporated) Task: {C07137EA-E8FE-44B4-856D-C32C8E50879C} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Sandra => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated) Task: {C83A53A4-1CF5-4E13-8BBE-3D99C450E5D0} - System32\Tasks\ASC7_SkipUac_Home => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-28] (IObit) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D2938CE5-A2F3-45D4-87F2-A4F62D42039E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {E828094D-8C9B-4D85-A392-3AE6B7545173} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {EA38FA66-E290-4076-8041-CE7D24B7E17D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation) Task: {EF31621A-ABCA-436F-AC05-64237ED617E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation) Task: {F18F3196-37E8-495D-AB97-527EE2C22C85} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {F4839C07-61B6-4381-8920-61DBAEA9A2C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Home.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-15 10:07 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2013-10-16 19:02 - 2013-10-16 19:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2014-07-11 09:21 - 2014-05-20 09:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-06-12 10:37 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-09-05 00:50 - 2012-09-05 00:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-properties AlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-thumbnail ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center" HKLM\...\StartupApproved\Run32: => "Norton Online Backup" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "FUFAXSTM" HKLM\...\StartupApproved\Run32: => "FUFAXRCV" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "MaxMenuMgr" HKLM\...\StartupApproved\Run32: => "SearchProtectAll" HKCU\...\StartupApproved\Run: => "iCloudServices" HKCU\...\StartupApproved\Run: => "SearchProtect" HKCU\...\StartupApproved\Run: => "AppleIEDAV" HKCU\...\StartupApproved\Run: => "Advanced SystemCare 6" HKCU\...\StartupApproved\Run: => "Advanced SystemCare 7" HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:32:32 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 26.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1790 Start Time: 01cfaaa2cf97948a Termination Time: 60000 Application Path: C:\Users\Home\Downloads\FRST64.exe Report Id: 20808150-1696-11e4-bf23-50b7c37dc940 Faulting package full name: Faulting package-relative application ID: Error: (07/28/2014 01:31:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 26.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a8 Start Time: 01cfaaa1e475aecf Termination Time: 60000 Application Path: C:\Users\Home\Downloads\FRST64.exe Report Id: 01136587-1696-11e4-bf23-50b7c37dc940 Faulting package full name: Faulting package-relative application ID: Error: (07/28/2014 01:24:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 26.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: aac Start Time: 01cfaaa19950b878 Termination Time: 60000 Application Path: C:\Users\Home\Downloads\FRST64.exe Report Id: 101c4bb5-1695-11e4-bf23-50b7c37dc940 Faulting package full name: Faulting package-relative application ID: Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (07/28/2014 01:33:54 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:33:54 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:33:53 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:33:53 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:24:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:24:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:24:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:10:23 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:10:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:10:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Microsoft Office Sessions: ========================= Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:32:32 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe26.7.2014.0179001cfaaa2cf97948a60000C:\Users\Home\Downloads\FRST64.exe20808150-1696-11e4-bf23-50b7c37dc940 Error: (07/28/2014 01:31:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe26.7.2014.0a801cfaaa1e475aecf60000C:\Users\Home\Downloads\FRST64.exe01136587-1696-11e4-bf23-50b7c37dc940 Error: (07/28/2014 01:24:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe26.7.2014.0aac01cfaaa19950b87860000C:\Users\Home\Downloads\FRST64.exe101c4bb5-1695-11e4-bf23-50b7c37dc940 Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 3983.59 MB Available physical RAM: 2858.72 MB Total Pagefile: 5519.59 MB Available Pagefile: 4428.89 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:673.53 GB) (Free:433.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 3BE520E4) Partition: GPT Partition Type. ==================== End Of Log ============================
  8. Hi Again, so unfortunately after restarting my computer Trovi is back on my IE start page. It was temporarily gone as mentioned in my previous post.
  9. Hi Ron, I reset Internet Explorer and then manually deleted the trovi registry entries and it appears to be gone! When I reopen IE Trovi is no longer my start page. Should I do anything else to complete the removal process? Thanks so much!
  10. I've reset all my browsers however when I reopen Internet Explorer Trovi is still taking over my start page.
  11. Ok, please find the SystemLook log attached SystemLook 30.07.11 by jpshortstuff Log created at 22:05 on 24/07/2014 by Home Administrator - Elevation successful ========== filefind ========== Searching for "*Trovi*" No files found. ========== folderfind ========== Searching for "*Trovi*" No folders found. ========== regfind ========== Searching for "Trovi" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=" [HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=" -= EOF =-
  12. Thanks Ron, I had removed Java prior to your assistance but I've rerun JavaRa and the log is as follows. I also reset all my browsers however Trovi is still coming up as my Internet Explorer Start page. Is it possible that the problem has something to do with my User Profile? There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Jul 22 21:57:07 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting.
  13. Please find the log files attached. Trovi is still showing as my Internet Explorer homepage despite being removed by Malwarebytes though. Thanks AdwCleanerS1.txt JRT.txt Addition.txt FRST.txt MBAM.txt
  14. Great, thank you! Please find the MBAM and Rogue Killer Logs to follow: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/16/2014Scan Time: 4:59:35 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.16.09Rootkit Database: v2014.07.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Home Scan Type: Threat ScanResult: CompletedObjects Scanned: 419673Time Elapsed: 12 min, 25 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 1PUP.Optional.Trovi.A, HKU\S-1-5-21-3214703091-3445229301-533389535-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=),Replaced,[3e36c7d87902e5513f2264357f855ba5] Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : Home [Admin rights]Mode : Scan -- Date : 07/16/2014 17:23:08 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC67F90F-5B10-49B5-8C05-D0AE70F1B5BC} | DhcpNameServer : 172.20.10.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC67F90F-5B10-49B5-8C05-D0AE70F1B5BC} | DhcpNameServer : 172.20.10.1 -> FOUND[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++--- User ---[MBR] f41926123983d1e2dea8ac4720eb50ee[bSP] 618a35838522b70c2808716c4ec7c884 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_07152014_171814.log - RKreport_SCN_07162014_122914.log
  15. Hi Ron, Thanks for your reply. Yes, if you have any advice I could definitely still use help on this issue. Thanks again!
  16. I noticed that Trovi had taken over my home page last week. I've attempted running RKill followed by ADW Cleaner, Malwarebytes, Junkware Removal Tool and Hitman Pro (in safe mode) as advised in several articles I found online. The cleaners appear to find the malware and remove it however when I start up Internet Explorer Trovi is still there (note Trovi is now only appearing on IE, not Chrome). I've also tried editing the registry to delete Trovi.com as the Start Page at Computer\HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main I've also cleared the Cache, temp files and reset Internet Explorer and Chrome and checked for any suspicious add-ons or search engines in the browser settings. I've attached the log files from Malwarebytes, AdwCleaner, JRT, Rkill and the Text and Extras files from OTL I'm not sure what else to try so any advice would be greatly appreciated. mbam-log-2014-06-23 (10-47-13).xml AdwCleanerS0.txt Extras.Txt JRT.txt OTL.Txt Rkill.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.