spiedrahita Posted June 23, 2014 ID:845367 Share Posted June 23, 2014 I noticed that Trovi had taken over my home page last week. I've attempted running RKill followed by ADW Cleaner, Malwarebytes, Junkware Removal Tool and Hitman Pro (in safe mode) as advised in several articles I found online. The cleaners appear to find the malware and remove it however when I start up Internet Explorer Trovi is still there (note Trovi is now only appearing on IE, not Chrome). I've also tried editing the registry to delete Trovi.com as the Start Page at Computer\HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\MainI've also cleared the Cache, temp files and reset Internet Explorer and Chrome and checked for any suspicious add-ons or search engines in the browser settings. I've attached the log files from Malwarebytes, AdwCleaner, JRT, Rkill and the Text and Extras files from OTL I'm not sure what else to try so any advice would be greatly appreciated.mbam-log-2014-06-23 (10-47-13).xmlAdwCleanerS0.txtExtras.TxtJRT.txtOTL.TxtRkill.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 14, 2014 Root Admin ID:852475 Share Posted July 14, 2014 Very sorry for the delay as the site was just too busy and it looks as though your topic was overlooked. If you do still need help though please respond to this topic and we'll assist you. Thank you Link to post Share on other sites More sharing options...
spiedrahita Posted July 16, 2014 Author ID:853703 Share Posted July 16, 2014 Hi Ron, Thanks for your reply. Yes, if you have any advice I could definitely still use help on this issue. Thanks again! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2014 Root Admin ID:853716 Share Posted July 16, 2014 I'm going to be out till late tonight but please read the following and post back the logs when ready and we'll see about getting you cleaned up.General P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Before we proceed further, please read all of the following instructions carefully.If there is anything that you do not understand kindly ask before proceeding.If needed please print out these instructions.Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic:Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder) STEP 0RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processesso that your normal security software can then run and clean your computer of infections.When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policiesthat stop us from using certain tools. When finished it will display a log file that shows the processes that wereterminated while the program was running.As RKill only terminates a program's running process, and does not delete any files, after running it you should not rebootyour computer as any malware processes that are configured to start automatically will just be started again.Instead, after running RKill you should immediately scan your computer using the requested scans I've included.Please download Rkill by Grinler from one of the links below and save it to your desktop. Link 1Link 2On Windows XP double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer, you will need to run the application again.STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2xWhen reinstalling the program please try the latest version.Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... linkOpen up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. STEP 03Please download RogueKiller and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bitRogueKiller 32-bit | RogueKiller 64-bit Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes Close the program > Don't Fix anything! Don't run any other options, they're not all bad!! Post back the report which should be located on your desktop.Thank you Link to post Share on other sites More sharing options...
spiedrahita Posted July 17, 2014 Author ID:853838 Share Posted July 17, 2014 Great, thank you! Please find the MBAM and Rogue Killer Logs to follow: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/16/2014Scan Time: 4:59:35 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.16.09Rootkit Database: v2014.07.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Home Scan Type: Threat ScanResult: CompletedObjects Scanned: 419673Time Elapsed: 12 min, 25 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 1PUP.Optional.Trovi.A, HKU\S-1-5-21-3214703091-3445229301-533389535-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=),Replaced,[3e36c7d87902e5513f2264357f855ba5] Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : Home [Admin rights]Mode : Scan -- Date : 07/16/2014 17:23:08 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC67F90F-5B10-49B5-8C05-D0AE70F1B5BC} | DhcpNameServer : 172.20.10.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC67F90F-5B10-49B5-8C05-D0AE70F1B5BC} | DhcpNameServer : 172.20.10.1 -> FOUND[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++--- User ---[MBR] f41926123983d1e2dea8ac4720eb50ee[bSP] 618a35838522b70c2808716c4ec7c884 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_07152014_171814.log - RKreport_SCN_07162014_122914.log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 18, 2014 Root Admin ID:854277 Share Posted July 18, 2014 Please go ahead and run through the following steps and post back the logs when ready. STEP 04Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirusSTEP 05Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Please uncheck elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.STEP 06Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... linkOpen up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats foundOnce completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.STEP 07Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 08Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
spiedrahita Posted July 20, 2014 Author ID:855230 Share Posted July 20, 2014 Please find the log files attached. Trovi is still showing as my Internet Explorer homepage despite being removed by Malwarebytes though. ThanksAdwCleanerS1.txtJRT.txtAddition.txtFRST.txtMBAM.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 22, 2014 Root Admin ID:856149 Share Posted July 22, 2014 Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following. Please download JavaRa-1.16 and save it to your computer.Double click to open the zip file and then select all and choose Copy. Create a new folder on your Desktop named RemoveJava and paste the files into this new folder. Quit all browsers and other running applications. Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program. From the drop-down menu, choose English and click on Select. JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. Please save it to a convenient location and post it in your next reply.Next: Please Run TFC by OldTimer to clear temporary files:Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeChrome - Reset browser settingsOperaHow to Perform a (really) clean Reinstall of Opera Link to post Share on other sites More sharing options...
spiedrahita Posted July 23, 2014 Author ID:856568 Share Posted July 23, 2014 Thanks Ron, I had removed Java prior to your assistance but I've rerun JavaRa and the log is as follows. I also reset all my browsers however Trovi is still coming up as my Internet Explorer Start page. Is it possible that the problem has something to do with my User Profile? There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Jul 22 21:57:07 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 24, 2014 Root Admin ID:857317 Share Posted July 24, 2014 Please download the correct version of SystemLook for your computer and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bitSystemLook 32-bit x86 | or | SystemLook 64-bit x64If using Windows XP just double click on SystemLook.exe to run it. For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it Copy the contents of the following code box into the main text field - including the colon characters.:filefind*Trovi*:folderfind*Trovi*:regfindTrovi Click the Look button to start the scan When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop named SystemLook.txt Link to post Share on other sites More sharing options...
spiedrahita Posted July 25, 2014 Author ID:857571 Share Posted July 25, 2014 Ok, please find the SystemLook log attached SystemLook 30.07.11 by jpshortstuffLog created at 22:05 on 24/07/2014 by HomeAdministrator - Elevation successful ========== filefind ========== Searching for "*Trovi*"No files found. ========== folderfind ========== Searching for "*Trovi*"No folders found. ========== regfind ========== Searching for "Trovi"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV="[HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=" -= EOF =- Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 25, 2014 Root Admin ID:857625 Share Posted July 25, 2014 Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeChrome - Reset browser settingsOperaHow to Perform a (really) clean Reinstall of Opera Link to post Share on other sites More sharing options...
spiedrahita Posted July 25, 2014 Author ID:857816 Share Posted July 25, 2014 I've reset all my browsers however when I reopen Internet Explorer Trovi is still taking over my start page. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 26, 2014 Root Admin ID:857983 Share Posted July 26, 2014 Run the IE reset again. Then open Regedit and browse to each key and see if the entry was removed or not. If not then delete the entry. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.trovi.com...24775B9C&SSPV="[HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.trovi.com...24775B9C&SSPV=" Link to post Share on other sites More sharing options...
spiedrahita Posted July 28, 2014 Author ID:859240 Share Posted July 28, 2014 Hi Ron, I reset Internet Explorer and then manually deleted the trovi registry entries and it appears to be gone! When I reopen IE Trovi is no longer my start page. Should I do anything else to complete the removal process? Thanks so much! Link to post Share on other sites More sharing options...
spiedrahita Posted July 28, 2014 Author ID:859297 Share Posted July 28, 2014 Hi Again, so unfortunately after restarting my computer Trovi is back on my IE start page. It was temporarily gone as mentioned in my previous post. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 28, 2014 Root Admin ID:859323 Share Posted July 28, 2014 Okay, please post new FRST and ADDITONS.TXT log files as well as the new MBAM scan log. Link to post Share on other sites More sharing options...
spiedrahita Posted July 28, 2014 Author ID:859357 Share Posted July 28, 2014 Okay, please find new FRST, Additions and MBAM logs to follow: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014Ran by Home (administrator) on LAPTOP on 28-07-2014 13:34:42Running from C:\Users\Home\DownloadsPlatform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(M-Audio) C:\Program Files (x86)\M-Audio\Axiom AIR\AudioDevMon.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-06] (Realtek Semiconductor)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-21] (Synaptics Incorporated)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkFor (the data entry has 8 more characters).HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHDA.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not FoundStartup: C:\Users\Sandra.bak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = SearchScopes: HKLM - DefaultScope {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJSSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJSSearchScopes: HKCU - DefaultScope {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJSSearchScopes: HKCU - {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJSBHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-06-23]FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-16] Chrome: =======CHR HomePage: CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (Norton Identity Protection) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-23]CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-10]CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Sandra\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2014-07-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)R2 AxiomAIRAudioDevMon; C:\Program Files (x86)\M-Audio\Axiom AIR\AudioDevMon.exe [540368 2013-11-01] (M-Audio)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-26] (Symantec Corporation)S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AXIOM; C:\Windows\system32\DRIVERS\MAudioAxiomAIR.sys [477392 2013-11-01] (M-Audio)S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-16] (Symantec Corporation)S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-16] (Symantec Corporation)S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation)S3 MADFUAXIOM; C:\Windows\System32\drivers\MAudioAxiomAIR_DFU.sys [29904 2013-11-01] (M-Audio)S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140728.003\ENG64.SYS [126040 2014-06-22] (Symantec Corporation)S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140728.003\EX64.SYS [2099288 2014-06-22] (Symantec Corporation)R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-15] (Windows ® 2003 DDK 3790 provider)S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-29] (Symantec Corporation)S3 SymDS; C:\Windows\system32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)S3 SymEFA; C:\Windows\system32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)S0 SymELAM; C:\Windows\System32\drivers\NISx64\1504000.00D\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-10] (Symantec Corporation)S3 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-29] (Symantec Corporation)S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 13:34 - 2014-07-28 13:34 - 00018801 _____ () C:\Users\Home\Downloads\FRST.txt2014-07-28 13:21 - 2014-07-28 13:22 - 02093568 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe2014-07-28 13:03 - 2014-07-28 13:12 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe2014-07-24 22:05 - 2014-07-24 22:08 - 00001814 _____ () C:\Users\Home\Downloads\SystemLook.txt2014-07-24 20:53 - 2014-07-24 20:53 - 00165376 _____ () C:\Users\Home\Downloads\SystemLook_x64.exe2014-07-23 14:10 - 2014-07-23 14:18 - 00012895 _____ () C:\Users\Home\Documents\Memberships.xlsx2014-07-22 22:05 - 2014-07-22 22:05 - 00015298 _____ () C:\Users\Home\Desktop\JavaRa.log2014-07-22 17:54 - 2014-07-22 17:55 - 00000000 ____D () C:\Users\Home\Desktop\Remove Java2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setuperr.log2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setupact.log2014-07-22 10:29 - 2014-07-28 12:44 - 00008994 _____ () C:\WINDOWS\PFRO.log2014-07-22 10:29 - 2014-07-22 10:29 - 00000000 _____ () C:\asc_rdflag2014-07-22 10:14 - 2014-07-09 21:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll2014-07-22 10:14 - 2014-07-09 21:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-07-22 10:14 - 2014-07-09 20:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EpsonNet2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EPSON2014-07-21 22:11 - 2011-08-30 13:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll2014-07-21 22:11 - 2011-08-30 13:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll2014-07-21 22:11 - 2011-08-30 13:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll2014-07-21 22:11 - 2011-08-30 13:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll2014-07-21 22:11 - 2011-08-01 18:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll2014-07-21 22:11 - 2011-08-01 18:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll2014-07-21 22:10 - 2014-07-21 22:10 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\Epson Software2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\epson2014-07-21 22:10 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll2014-07-21 22:10 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BHDA.DLL2014-07-21 22:10 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe2014-07-21 22:10 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll2014-07-21 22:02 - 2014-07-21 22:05 - 02867200 _____ () C:\Users\Home\Downloads\epson15049 (1).exe2014-07-21 21:39 - 2014-07-21 21:39 - 00000000 ____D () C:\Users\Home\AppData\Local\ABBYY2014-07-21 21:38 - 2014-07-22 10:42 - 00000000 ____D () C:\ProgramData\ABBYY2014-07-21 21:30 - 2014-07-21 21:33 - 19462432 _____ () C:\Users\Home\Downloads\epson15049.exe2014-07-21 20:55 - 2014-07-21 20:58 - 18663712 _____ () C:\Users\Home\Downloads\epson15545.exe2014-07-21 18:07 - 2014-07-28 11:46 - 01017486 _____ () C:\WINDOWS\WindowsUpdate.log2014-07-21 17:33 - 2014-07-21 17:33 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software2014-07-21 16:58 - 2014-07-21 16:58 - 01063464 _____ (SEIKO EPSON Corp.) C:\Users\Home\Downloads\standard.exe2014-07-21 16:53 - 2014-07-21 16:55 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (2).exe2014-07-21 15:46 - 2014-07-21 15:48 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (1).exe2014-07-21 13:38 - 2014-07-21 13:40 - 127015200 _____ () C:\Users\Home\Downloads\epson15716.exe2014-07-21 11:17 - 2014-07-21 11:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\InstallShield2014-07-21 11:12 - 2011-04-19 21:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMHDA.DLL2014-07-21 11:05 - 2014-07-21 22:10 - 00000079 _____ () C:\WINDOWS\EW7520.ini2014-07-21 10:24 - 2011-12-14 12:21 - 00086016 _____ () C:\WINDOWS\SysWOW64\SYNSOPOS.exe2014-07-21 10:23 - 2014-07-21 10:24 - 00000000 ____D () C:\Program Files (x86)\eLicenser2014-07-21 10:23 - 2012-12-07 08:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\SYNSOACC.dll2014-07-21 10:22 - 2014-07-21 10:22 - 00001173 _____ () C:\Users\Home\Desktop\Analog Lab.lnk2014-07-21 10:22 - 2014-07-21 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\VST32014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\Avid2014-07-21 10:11 - 2014-07-21 10:14 - 295057568 _____ (Arturia Musical Instruments ) C:\Users\Home\Downloads\Analog_Lab_1_1.exe2014-07-20 18:52 - 2014-07-21 21:21 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps2014-07-19 22:52 - 2014-07-19 22:52 - 00001617 _____ () C:\Users\Home\Desktop\MBAM.txt2014-07-19 22:51 - 2014-07-19 22:51 - 00049656 _____ () C:\Users\Home\Desktop\FRST.txt2014-07-19 22:51 - 2014-07-19 22:51 - 00035924 _____ () C:\Users\Home\Desktop\Addition.txt2014-07-19 22:45 - 2014-07-19 22:46 - 00035924 _____ () C:\Users\Home\Downloads\Addition.txt2014-07-19 22:42 - 2014-07-28 13:22 - 00000000 ____D () C:\Users\Home\Downloads\FRST-OlderVersion2014-07-18 15:26 - 2014-07-18 15:26 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-18 15:05 - 2014-07-18 15:05 - 00001273 _____ () C:\Users\Home\Desktop\AdwCleaner[s1].txt2014-07-18 14:56 - 2014-07-18 14:56 - 01354223 _____ () C:\Users\Home\Downloads\adwcleaner_3.216.exe2014-07-18 14:55 - 2014-07-18 14:55 - 00000621 _____ () C:\Users\Home\Desktop\JRT.txt2014-07-16 17:14 - 2014-07-16 17:14 - 00030312 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\WINDOWS\ERDNT2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-07-16 16:55 - 2014-07-16 16:55 - 00791393 _____ (Lars Hederer ) C:\Users\Home\Downloads\erunt-setup.exe2014-07-16 09:02 - 2014-07-22 21:57 - 00015298 _____ () C:\JavaRa.log2014-07-16 09:01 - 2014-07-16 09:01 - 00000000 ____D () C:\Users\Home\Downloads\JavaRa-1.16-28-5-132014-07-16 08:01 - 2014-07-28 13:34 - 00000000 ____D () C:\FRST2014-07-15 17:29 - 2014-07-18 15:00 - 00000000 ____D () C:\AdwCleaner2014-07-15 17:29 - 2014-07-15 17:29 - 01348263 _____ () C:\Users\Home\Downloads\adwcleaner_3.215.exe2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-15 17:00 - 2014-07-15 17:00 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Downloads\TFC.exe2014-07-15 16:59 - 2014-07-15 16:59 - 05336664 _____ () C:\Users\Home\Downloads\RogueKillerX64.exe2014-07-15 16:59 - 2014-07-15 16:59 - 00165483 _____ () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13.zip2014-07-15 16:51 - 2014-07-15 16:51 - 00004535 _____ () C:\Users\Home\Downloads\RKreport_SCN_07132014_220711.log2014-07-15 14:44 - 2014-07-15 14:44 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security2014-07-15 14:09 - 2014-07-15 14:09 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration2014-07-15 14:09 - 2014-07-15 14:09 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk2014-07-15 14:01 - 2014-07-15 14:01 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2014-07-15 14:01 - 2014-07-15 14:01 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2014-07-15 14:01 - 2014-07-15 14:01 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2014-07-15 14:01 - 2014-07-15 14:01 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe2014-07-15 14:01 - 2014-07-15 14:01 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys2014-07-15 14:00 - 2014-07-15 14:00 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS2014-07-15 13:59 - 2014-07-15 13:59 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll2014-07-14 10:20 - 2014-07-14 10:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment2014-07-08 20:40 - 2014-06-26 13:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-07-08 20:40 - 2014-06-26 13:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 20:37 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-07-08 20:37 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-07-08 20:37 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-07-08 20:37 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-07-08 20:37 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-07-08 20:37 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-07-08 20:37 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-07-08 20:37 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-07-08 20:37 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-07-08 20:37 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-07-08 20:37 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-07-08 20:37 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-07-08 20:37 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-07-08 20:37 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-07-08 20:37 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-07-08 20:37 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-07-08 20:37 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-07-08 20:37 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-07-08 20:37 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-07-08 20:37 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-07-08 20:37 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-07-08 20:37 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-07-08 20:37 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-07-08 20:37 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys2014-07-08 20:37 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2014-07-08 20:37 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2014-07-08 20:37 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2014-07-08 20:37 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-07-08 20:37 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-07-08 20:37 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-07-08 20:36 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-07-08 20:35 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-07-08 20:34 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-07-08 20:34 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-07-08 20:34 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-07-08 20:34 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-07-08 20:34 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-07-08 20:34 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-07-08 20:34 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-07-08 20:31 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-07-08 20:31 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll2014-07-08 20:31 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-07-08 20:31 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-07-08 20:31 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-08 20:31 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-07-08 20:31 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-07-08 20:31 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-08 20:31 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-07-08 20:31 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-07-08 20:31 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-07-08 20:31 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2014-07-08 20:31 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-07-08 20:31 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2014-07-08 20:31 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-07-08 20:30 - 2014-07-08 20:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 13:34 - 2014-07-28 13:34 - 00018801 _____ () C:\Users\Home\Downloads\FRST.txt2014-07-28 13:34 - 2014-07-16 08:01 - 00000000 ____D () C:\FRST2014-07-28 13:34 - 2014-01-23 12:26 - 00000000 __RDO () C:\Users\Home\SkyDrive2014-07-28 13:33 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-07-28 13:33 - 2013-03-30 09:18 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-07-28 13:28 - 2013-07-15 20:47 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3214703091-3445229301-533389535-10112014-07-28 13:22 - 2014-07-28 13:21 - 02093568 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe2014-07-28 13:22 - 2014-07-19 22:42 - 00000000 ____D () C:\Users\Home\Downloads\FRST-OlderVersion2014-07-28 13:21 - 2013-03-30 09:19 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-07-28 13:12 - 2014-07-28 13:03 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe2014-07-28 13:08 - 2014-04-21 21:53 - 00000000 ____D () C:\Users\Home\Documents\Outlook Files2014-07-28 13:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-07-28 12:44 - 2014-07-22 10:29 - 00008994 _____ () C:\WINDOWS\PFRO.log2014-07-28 12:43 - 2014-06-12 10:38 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job2014-07-28 12:42 - 2012-09-18 03:47 - 00000000 ____D () C:\ProgramData\Adobe2014-07-28 12:42 - 2012-09-18 03:47 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-07-28 12:35 - 2012-09-18 03:49 - 00000000 ____D () C:\ProgramData\WinClon2014-07-28 11:46 - 2014-07-21 18:07 - 01017486 _____ () C:\WINDOWS\WindowsUpdate.log2014-07-27 11:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache2014-07-25 15:42 - 2013-07-15 21:09 - 00000000 ____D () C:\Users\Home\Documents\Work2014-07-25 15:41 - 2014-06-21 21:29 - 00000000 ____D () C:\Users\Home\AppData\Local\VirtualStore2014-07-25 15:41 - 2013-11-12 18:53 - 00000000 ____D () C:\Users\Home2014-07-25 11:45 - 2013-08-22 06:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI2014-07-24 22:08 - 2014-07-24 22:05 - 00001814 _____ () C:\Users\Home\Downloads\SystemLook.txt2014-07-24 20:53 - 2014-07-24 20:53 - 00165376 _____ () C:\Users\Home\Downloads\SystemLook_x64.exe2014-07-24 20:43 - 2014-06-12 10:38 - 00002233 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk2014-07-23 14:18 - 2014-07-23 14:10 - 00012895 _____ () C:\Users\Home\Documents\Memberships.xlsx2014-07-23 11:33 - 2014-06-22 22:47 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-07-22 22:05 - 2014-07-22 22:05 - 00015298 _____ () C:\Users\Home\Desktop\JavaRa.log2014-07-22 21:57 - 2014-07-16 09:02 - 00015298 _____ () C:\JavaRa.log2014-07-22 21:44 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-07-22 21:42 - 2014-01-17 12:19 - 00000000 ____D () C:\ProgramData\ProductData2014-07-22 21:11 - 2013-07-15 20:40 - 00000000 ____D () C:\Users\Home\AppData\Local\Packages2014-07-22 17:55 - 2014-07-22 17:54 - 00000000 ____D () C:\Users\Home\Desktop\Remove Java2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setuperr.log2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setupact.log2014-07-22 10:42 - 2014-07-21 21:38 - 00000000 ____D () C:\ProgramData\ABBYY2014-07-22 10:29 - 2014-07-22 10:29 - 00000000 _____ () C:\asc_rdflag2014-07-22 10:29 - 2014-01-28 21:11 - 00376832 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak2014-07-22 10:29 - 2014-01-28 21:11 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak2014-07-22 10:29 - 2014-01-28 21:11 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak2014-07-22 10:29 - 2014-01-28 21:10 - 86781952 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak2014-07-22 10:28 - 2014-06-12 10:38 - 00000254 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Home.job2014-07-21 22:47 - 2013-03-29 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EpsonNet2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EPSON2014-07-21 22:11 - 2013-05-23 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software2014-07-21 22:11 - 2012-09-18 03:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-07-21 22:10 - 2014-07-21 22:10 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\Epson Software2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\epson2014-07-21 22:10 - 2014-07-21 11:05 - 00000079 _____ () C:\WINDOWS\EW7520.ini2014-07-21 22:10 - 2013-03-29 11:56 - 00000000 ____D () C:\ProgramData\EPSON2014-07-21 22:08 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-07-21 22:05 - 2014-07-21 22:02 - 02867200 _____ () C:\Users\Home\Downloads\epson15049 (1).exe2014-07-21 21:39 - 2014-07-21 21:39 - 00000000 ____D () C:\Users\Home\AppData\Local\ABBYY2014-07-21 21:33 - 2014-07-21 21:30 - 19462432 _____ () C:\Users\Home\Downloads\epson15049.exe2014-07-21 21:21 - 2014-07-20 18:52 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps2014-07-21 20:58 - 2014-07-21 20:55 - 18663712 _____ () C:\Users\Home\Downloads\epson15545.exe2014-07-21 19:28 - 2014-06-11 15:35 - 00004962 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-Home Laptop2014-07-21 18:24 - 2013-09-29 21:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-07-21 18:15 - 2013-07-15 20:41 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Epson2014-07-21 17:33 - 2014-07-21 17:33 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software2014-07-21 16:58 - 2014-07-21 16:58 - 01063464 _____ (SEIKO EPSON Corp.) C:\Users\Home\Downloads\standard.exe2014-07-21 16:55 - 2014-07-21 16:53 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (2).exe2014-07-21 15:48 - 2014-07-21 15:46 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (1).exe2014-07-21 13:40 - 2014-07-21 13:38 - 127015200 _____ () C:\Users\Home\Downloads\epson15716.exe2014-07-21 11:17 - 2014-07-21 11:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\InstallShield2014-07-21 10:29 - 2014-05-25 09:06 - 00000000 ____D () C:\ProgramData\eLicenser2014-07-21 10:24 - 2014-07-21 10:23 - 00000000 ____D () C:\Program Files (x86)\eLicenser2014-07-21 10:24 - 2014-05-25 09:07 - 00000049 _____ () C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg2014-07-21 10:24 - 2014-05-25 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser2014-07-21 10:22 - 2014-07-21 10:22 - 00001173 _____ () C:\Users\Home\Desktop\Analog Lab.lnk2014-07-21 10:22 - 2014-07-21 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\VST32014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\Avid2014-07-21 10:20 - 2014-05-25 09:03 - 00000000 ____D () C:\Program Files\VstPlugins2014-07-21 10:14 - 2014-07-21 10:11 - 295057568 _____ (Arturia Musical Instruments ) C:\Users\Home\Downloads\Analog_Lab_1_1.exe2014-07-19 22:52 - 2014-07-19 22:52 - 00001617 _____ () C:\Users\Home\Desktop\MBAM.txt2014-07-19 22:52 - 2014-06-18 20:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-19 22:51 - 2014-07-19 22:51 - 00049656 _____ () C:\Users\Home\Desktop\FRST.txt2014-07-19 22:51 - 2014-07-19 22:51 - 00035924 _____ () C:\Users\Home\Desktop\Addition.txt2014-07-19 22:46 - 2014-07-19 22:45 - 00035924 _____ () C:\Users\Home\Downloads\Addition.txt2014-07-18 15:26 - 2014-07-18 15:26 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-18 15:05 - 2014-07-18 15:05 - 00001273 _____ () C:\Users\Home\Desktop\AdwCleaner[s1].txt2014-07-18 15:00 - 2014-07-15 17:29 - 00000000 ____D () C:\AdwCleaner2014-07-18 14:56 - 2014-07-18 14:56 - 01354223 _____ () C:\Users\Home\Downloads\adwcleaner_3.216.exe2014-07-18 14:55 - 2014-07-18 14:55 - 00000621 _____ () C:\Users\Home\Desktop\JRT.txt2014-07-16 17:14 - 2014-07-16 17:14 - 00030312 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\WINDOWS\ERDNT2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-07-16 16:55 - 2014-07-16 16:55 - 00791393 _____ (Lars Hederer ) C:\Users\Home\Downloads\erunt-setup.exe2014-07-16 09:02 - 2013-03-31 20:24 - 00000000 ____D () C:\Program Files (x86)\java2014-07-16 09:01 - 2014-07-16 09:01 - 00000000 ____D () C:\Users\Home\Downloads\JavaRa-1.16-28-5-132014-07-15 17:29 - 2014-07-15 17:29 - 01348263 _____ () C:\Users\Home\Downloads\adwcleaner_3.215.exe2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-15 17:00 - 2014-07-15 17:00 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Downloads\TFC.exe2014-07-15 16:59 - 2014-07-15 16:59 - 05336664 _____ () C:\Users\Home\Downloads\RogueKillerX64.exe2014-07-15 16:59 - 2014-07-15 16:59 - 00165483 _____ () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13.zip2014-07-15 16:51 - 2014-07-15 16:51 - 00004535 _____ () C:\Users\Home\Downloads\RKreport_SCN_07132014_220711.log2014-07-15 15:09 - 2014-06-23 10:22 - 11185664 _____ (SurfRight B.V.) C:\Users\Home\Downloads\HitmanPro_x64.exe2014-07-15 14:44 - 2014-07-15 14:44 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security2014-07-15 14:35 - 2012-07-26 01:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP2014-07-15 14:10 - 2012-09-18 03:48 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx642014-07-15 14:09 - 2014-07-15 14:09 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration2014-07-15 14:09 - 2014-07-15 14:09 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk2014-07-15 14:09 - 2014-06-16 18:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security2014-07-15 14:08 - 2013-04-05 10:58 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-07-15 14:01 - 2014-07-15 14:01 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2014-07-15 14:01 - 2014-07-15 14:01 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2014-07-15 14:01 - 2014-07-15 14:01 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2014-07-15 14:01 - 2014-07-15 14:01 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe2014-07-15 14:01 - 2014-07-15 14:01 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll2014-07-15 14:01 - 2014-07-15 14:01 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys2014-07-15 14:01 - 2014-07-15 14:01 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys2014-07-15 14:00 - 2014-07-15 14:00 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS2014-07-15 13:59 - 2014-07-15 13:59 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll2014-07-14 10:20 - 2014-07-14 10:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment2014-07-10 15:29 - 2013-07-11 15:08 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-07-10 15:15 - 2013-03-29 14:32 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-07-09 21:16 - 2014-07-22 10:14 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll2014-07-09 21:10 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-07-09 21:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-07-09 21:09 - 2013-08-22 07:44 - 05098592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-07-09 21:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-09 21:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-09 21:03 - 2014-07-22 10:14 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-07-09 20:33 - 2014-07-22 10:14 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-07-08 20:38 - 2013-09-29 20:51 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-08 20:30 - 2014-07-08 20:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe Files to move or delete:====================C:\ProgramData\MakeMarkerFile.exeC:\Users\EasySurvey\EasySurvey.exe Some content of TEMP:====================C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exeC:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_1.exeC:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_2.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 13:29 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014Ran by Home at 2014-07-28 13:36:07Running from C:\Users\Home\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ableton Live 8 (HKLM-x32\...\{3CBF4CD3-9370-44A0-B464-A21E588DD122}) (Version: 8.0.0.0 - Ableton)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) HiddenAdobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.2.1.260 - Adobe Systems Incorporated)Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) HiddenAdobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)Analog Lab 1.1.0 (HKLM-x32\...\analoglab073_is1) (Version: 1.1.0 - Arturia)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.)Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddeneLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2136 - Steinberg Media Technologies GmbH)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WF-7520 Series Printer Uninstall (HKLM\...\EPSON WF-7520 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Evernote v. 4.6.4 (HKLM-x32\...\{DDAFC46A-90E2-11E2-B700-984BE15F174E}) (Version: 4.6.4.8136 - Evernote Corp.)Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGalerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddeniCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)Ignite (HKLM-x32\...\{9A731246-E02E-44DC-940D-0F8110C1789D}) (Version: 1.3.1 - AIR Music Technology)Ignite (x32 Version: 1.3.1 - AIR Music Technology) HiddenIntel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)Intel PROSet Wireless (Version: - ) HiddenIntel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{AD0F3D6D-202A-4BAB-8838-0134531FD3AF}) (Version: 15.5.6.0460 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1657 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenIObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)M-Audio Axiom AIR 1.0.8 (x64) (HKLM\...\{ACD73767-8749-4268-B78D-8CF135BC0C25}) (Version: 1.0.8 - M-Audio)Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMovie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) HiddenMyHarmony (HKCU\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)NVIDIA Control Panel 305.46 (Version: 305.46 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) HiddenNVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) HiddenOffice 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) HiddenPDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) HiddenPhoto Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenPhoto Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenRealtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)Realtime Landscaping Pro 2013 (HKLM-x32\...\{9553CB41-9B98-4FA0-8919-2FE6BE278C7B}) (Version: 8.1.5 - Idea Spectrum)Realtime Landscaping Pro 2013 Trial (HKLM-x32\...\{0B1E5DED-C94D-4C21-96E0-D71BB7897B44}) (Version: 5.1.5 - Idea Spectrum)Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) HiddenSeagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) HiddenSettings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) HiddenSurfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.1 - Synaptics Incorporated)TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)User Guide (HKLM-x32\...\{9914AD8E-C0D6-420D-BEF6-40BF4DEDE3BA}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-07-2014 22:11:47 Windows Update15-07-2014 20:58:10 Windows Modules Installer21-07-2014 18:13:03 Installed Epson Event Manager28-07-2014 19:41:42 Removed Adobe Reader XI (11.0.07). ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0484A257-5507-42E7-8536-D8477039DD69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0A51506B-657B-4096-8D66-C477033F97F3} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {0D15E43D-34A9-4912-AF76-3B260EAFE8D9} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-sandra2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)Task: {1A51B650-896E-49D1-AC22-E3256B14F3E2} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Home2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)Task: {1B198CCE-8A06-46A0-8EF3-63E9EB685ED8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {22CF0F19-46F2-4A5D-AF62-6A1A464A359F} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-16] (Samsung Electronics CO., LTD.)Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {3FFC866D-E100-494D-9D0B-C14726C7B6F2} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {42A6319B-771C-4031-9654-0DB01DC779A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)Task: {46E724FE-CE00-4B68-BC46-2DDFDF95217E} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)Task: {4899564C-BA96-481A-85B5-662C505C1396} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exeTask: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {55029777-A770-4BAE-884F-8FAE3DE69587} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {585D1B9B-2C63-44F1-8A76-8C911E563BE7} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)Task: {5B0CE3CC-0228-4F06-9B49-4268DE295BE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)Task: {640CCA43-F540-495D-86AA-5FA96D7C42BD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation)Task: {67454999-0147-411B-9C68-D71328512DE2} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6CDB0831-F16C-47B8-902D-C703A6055462} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {72E38400-DDB2-4B0D-8D4A-8389F17FF3F0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {7B5BFACE-E767-4CF8-B71B-9089C703724D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {91DF7F87-9D22-4BB7-9FE6-103078224082} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {93AFEA39-BD09-4001-BD77-2B1237856B15} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-Home Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)Task: {9600FE73-6503-4251-B9B1-8D8EDE9CA4C8} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Home => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)Task: {9DB18519-896B-4139-8BB6-B21C0EB9569C} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-16] (SEC)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {B588494B-6E78-40CA-8004-1373A9EA7440} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Laptop => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)Task: {B820D568-B41C-4F36-AF34-D1AB732C5BCA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-21] (Synaptics Incorporated)Task: {C07137EA-E8FE-44B4-856D-C32C8E50879C} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Sandra => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)Task: {C83A53A4-1CF5-4E13-8BBE-3D99C450E5D0} - System32\Tasks\ASC7_SkipUac_Home => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-28] (IObit)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D2938CE5-A2F3-45D4-87F2-A4F62D42039E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {E828094D-8C9B-4D85-A392-3AE6B7545173} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {EA38FA66-E290-4076-8041-CE7D24B7E17D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation)Task: {EF31621A-ABCA-436F-AC05-64237ED617E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)Task: {F18F3196-37E8-495D-AB97-527EE2C22C85} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {F4839C07-61B6-4381-8920-61DBAEA9A2C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Home.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exeTask: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-15 10:07 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2012-09-05 00:50 - 2012-09-05 00:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe2013-10-16 19:02 - 2013-10-16 19:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll2014-07-11 09:21 - 2014-05-20 09:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-06-12 10:37 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2012-09-05 00:50 - 2012-09-05 00:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll2012-09-05 00:50 - 2012-09-05 00:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll2012-09-05 00:50 - 2012-09-05 00:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll2012-09-05 00:50 - 2012-09-05 00:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll2012-09-05 00:50 - 2012-09-05 00:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll2012-09-05 00:50 - 2012-09-05 00:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll2012-09-05 00:50 - 2012-09-05 00:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll2012-09-05 00:50 - 2012-09-05 00:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll2012-09-05 00:50 - 2012-09-05 00:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Home\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-propertiesAlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-thumbnail ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "IgfxTray"HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"HKLM\...\StartupApproved\Run32: => "Adobe ARM"HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"HKLM\...\StartupApproved\Run32: => "Norton Online Backup"HKLM\...\StartupApproved\Run32: => "RemoteControl10"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "APSDaemon"HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"HKLM\...\StartupApproved\Run32: => "FUFAXSTM"HKLM\...\StartupApproved\Run32: => "FUFAXRCV"HKLM\...\StartupApproved\Run32: => "EEventManager"HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"HKLM\...\StartupApproved\Run32: => "MaxMenuMgr"HKLM\...\StartupApproved\Run32: => "SearchProtectAll"HKCU\...\StartupApproved\Run: => "iCloudServices"HKCU\...\StartupApproved\Run: => "SearchProtect"HKCU\...\StartupApproved\Run: => "AppleIEDAV"HKCU\...\StartupApproved\Run: => "Advanced SystemCare 6"HKCU\...\StartupApproved\Run: => "Advanced SystemCare 7"HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:32:32 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program FRST64.exe version 26.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1790 Start Time: 01cfaaa2cf97948a Termination Time: 60000 Application Path: C:\Users\Home\Downloads\FRST64.exe Report Id: 20808150-1696-11e4-bf23-50b7c37dc940 Faulting package full name: Faulting package-relative application ID: Error: (07/28/2014 01:31:41 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program FRST64.exe version 26.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a8 Start Time: 01cfaaa1e475aecf Termination Time: 60000 Application Path: C:\Users\Home\Downloads\FRST64.exe Report Id: 01136587-1696-11e4-bf23-50b7c37dc940 Faulting package full name: Faulting package-relative application ID: Error: (07/28/2014 01:24:57 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program FRST64.exe version 26.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: aac Start Time: 01cfaaa19950b878 Termination Time: 60000 Application Path: C:\Users\Home\Downloads\FRST64.exe Report Id: 101c4bb5-1695-11e4-bf23-50b7c37dc940 Faulting package full name: Faulting package-relative application ID: Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors:=============Error: (07/28/2014 01:33:54 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:33:54 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:33:53 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:33:53 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:24:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:24:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:24:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:10:23 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:10:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (07/28/2014 01:10:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Microsoft Office Sessions:=========================Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:32:32 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: FRST64.exe26.7.2014.0179001cfaaa2cf97948a60000C:\Users\Home\Downloads\FRST64.exe20808150-1696-11e4-bf23-50b7c37dc940 Error: (07/28/2014 01:31:41 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: FRST64.exe26.7.2014.0a801cfaaa1e475aecf60000C:\Users\Home\Downloads\FRST64.exe01136587-1696-11e4-bf23-50b7c37dc940 Error: (07/28/2014 01:24:57 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: FRST64.exe26.7.2014.0aac01cfaaa19950b87860000C:\Users\Home\Downloads\FRST64.exe101c4bb5-1695-11e4-bf23-50b7c37dc940 Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 ==================== Memory info =========================== Percentage of memory in use: 28%Total physical RAM: 3983.59 MBAvailable physical RAM: 2858.72 MBTotal Pagefile: 5519.59 MBAvailable Pagefile: 4428.89 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:673.53 GB) (Free:433.1 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 699 GB) (Disk ID: 3BE520E4) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
spiedrahita Posted July 28, 2014 Author ID:859360 Share Posted July 28, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/28/2014Scan Time: 1:39:55 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.28.06Rootkit Database: v2014.07.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Home Scan Type: Threat ScanResult: CompletedObjects Scanned: 432582Time Elapsed: 16 min, 31 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 1PUP.Optional.Trovi.A, HKU\S-1-5-21-3214703091-3445229301-533389535-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=),Replaced,[18cea1033d3ef93d9c0e119b2bd97b85] Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 29, 2014 Root Admin ID:859575 Share Posted July 29, 2014 Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.Run FRST or FRST64 and press the Fix button just once and wait.If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Link to post Share on other sites More sharing options...
spiedrahita Posted July 29, 2014 Author ID:859849 Share Posted July 29, 2014 Okay, I ran the fix and the log is attached. When I open Internet Explorer Trovi is still there however. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014Ran by Home at 2014-07-29 10:01:53 Run:1Running from C:\Users\Home\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...124775B9C&SSPV=HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://download.eset...lineScanner.cabCHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Sandra\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crxC:\ProgramData\MakeMarkerFile.exeC:\Users\EasySurvey\EasySurvey.exeC:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exeC:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_1.exeC:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_2.exeTask: {0484A257-5507-42E7-8536-D8477039DD69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)Task: {5B0CE3CC-0228-4F06-9B49-4268DE295BE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {91DF7F87-9D22-4BB7-9FE6-103078224082} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeAlternateDataStreams: C:\Users\Home\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-propertiesAlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-thumbnail ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key deleted successfully."HKCR\CLSID\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key deleted successfully."HKCR\CLSID\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully."HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully."HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk" => Key deleted successfully."CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Sandra\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx" => File/Directory not found.C:\ProgramData\MakeMarkerFile.exe => Moved successfully.C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe => Moved successfully.C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_1.exe => Moved successfully.C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_2.exe => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0484A257-5507-42E7-8536-D8477039DD69}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0484A257-5507-42E7-8536-D8477039DD69}" => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B0CE3CC-0228-4F06-9B49-4268DE295BE2}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B0CE3CC-0228-4F06-9B49-4268DE295BE2}" => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CC813C9-712A-41EF-9512-B233444FC669}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CC813C9-712A-41EF-9512-B233444FC669}" => Key deleted successfully.C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91DF7F87-9D22-4BB7-9FE6-103078224082}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91DF7F87-9D22-4BB7-9FE6-103078224082}" => Key deleted successfully.C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => Key deleted successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.C:\Users\Home\SkyDrive => ":ms-properties" ADS removed successfully.C:\Users\Home\Documents\Truck 1.jpg => ":ms-properties" ADS removed successfully.C:\Users\Home\Documents\Truck 1.jpg => ":ms-thumbnail" ADS removed successfully. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 30, 2014 Root Admin ID:860192 Share Posted July 30, 2014 Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeStart by disabling SyncHow To Delete Your Google Chrome Browser Sync DataChrome - Reset browser settingsIf that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.OperaHow to Perform a (really) clean Reinstall of Opera Link to post Share on other sites More sharing options...
spiedrahita Posted July 30, 2014 Author ID:860489 Share Posted July 30, 2014 Okay I've reset the browsers. Unfortunately it doesn't seem to have changed the Trovi start page. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2014 Root Admin ID:860593 Share Posted July 31, 2014 The Trovi start page in which browser? Link to post Share on other sites More sharing options...
spiedrahita Posted July 31, 2014 Author ID:860615 Share Posted July 31, 2014 Sorry, Trovi is only hijacking the start page in Internet Explorer. Chrome seems fine. Link to post Share on other sites More sharing options...
Recommended Posts