Jump to content

Trovi Malware


Recommended Posts

I noticed that Trovi had taken over my home page last week. I've attempted running RKill followed by ADW Cleaner, Malwarebytes, Junkware Removal Tool and Hitman Pro (in safe mode) as advised in several articles I found online. The cleaners appear to find the malware and remove it however when I start up Internet Explorer Trovi is still there (note Trovi is now only appearing on IE, not Chrome). I've also tried editing the registry to delete Trovi.com as the Start Page at Computer\HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main

I've also cleared the Cache, temp files and reset Internet Explorer and Chrome and checked for any suspicious add-ons or search engines in the browser settings.

 

I've attached the log files from Malwarebytes, AdwCleaner, JRT, Rkill and the Text and Extras files from OTL

 

I'm not sure what else to try so any advice would be greatly appreciated.

mbam-log-2014-06-23 (10-47-13).xml

AdwCleanerS0.txt

Extras.Txt

JRT.txt

OTL.Txt

Rkill.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

I'm going to be out till late tonight but please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Great, thank you! Please find the MBAM and Rogue Killer Logs to follow:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/16/2014
Scan Time: 4:59:35 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.16.09
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Home
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419673
Time Elapsed: 12 min, 25 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Home [Admin rights]
Mode : Scan -- Date : 07/16/2014  17:23:08
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC67F90F-5B10-49B5-8C05-D0AE70F1B5BC} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC67F90F-5B10-49B5-8C05-D0AE70F1B5BC} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] f41926123983d1e2dea8ac4720eb50ee
[bSP] 618a35838522b70c2808716c4ec7c884 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_07152014_171814.log - RKreport_SCN_07162014_122914.log
Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 
 

Link to post
Share on other sites

Thanks Ron, I had removed Java prior to your assistance but I've rerun JavaRa and the log is as follows. I also reset all my browsers however Trovi is still coming up as my Internet Explorer Start page. Is it possible that the problem has something to do with my User Profile?

 

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
 
 
 
JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Tue Jul 22 21:57:07 2014
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
Link to post
Share on other sites

  • Root Admin

Please download the correct version of SystemLook for your computer and save it to your desktop.
You can check here if you're not sure if your computer is 32-bit or 64-bit

SystemLook 32-bit x86 | or | SystemLook 64-bit x64

  • If using Windows XP just double click on SystemLook.exe to run it.
  • For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it
  • Copy the contents of the following code box into the main text field - including the colon characters.
    :filefind*Trovi*:folderfind*Trovi*:regfindTrovi
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop named SystemLook.txt


 

Link to post
Share on other sites

Ok, please find the SystemLook log attached

 

SystemLook 30.07.11 by jpshortstuff

Log created at 22:05 on 24/07/2014 by Home

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*Trovi*"

No files found.

 

========== folderfind ==========

 

Searching for "*Trovi*"

No folders found.

 

========== regfind ==========

 

Searching for "Trovi"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Internet Explorer\Main]


 

-= EOF =-

Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 
 

Link to post
Share on other sites

  • Root Admin

Run the IE reset again. Then open Regedit and browse to each key and see if the entry was removed or not. If not then delete the entry.

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-21-3214703091-3445229301-533389535-1011\Software\Microsoft\Internet Explorer\Main]
Link to post
Share on other sites


Okay, please find new FRST, Additions and MBAM logs to follow:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by Home (administrator) on LAPTOP on 28-07-2014 13:34:42

Running from C:\Users\Home\Downloads

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(M-Audio) C:\Program Files (x86)\M-Audio\Axiom AIR\AudioDevMon.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe

() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-06] (Realtek Semiconductor)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp 

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-21] (Synaptics Incorporated)

HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkFor (the data entry has 8 more characters).

HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)

HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-3214703091-3445229301-533389535-1011\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHDA.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)

AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found

Startup: C:\Users\Sandra.bak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 


HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 

SearchScopes: HKLM - DefaultScope {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

SearchScopes: HKCU - DefaultScope {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

SearchScopes: HKCU - {60D22135-E374-47EF-B1D6-55C2184B5CB7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-06-23]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-16]

 

Chrome: 

=======

CHR HomePage: 

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]

CHR Extension: (Norton Identity Protection) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-23]

CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-10]

CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Sandra\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2014-07-10]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)

R2 AxiomAIRAudioDevMon; C:\Program Files (x86)\M-Audio\Axiom AIR\AudioDevMon.exe [540368 2013-11-01] (M-Audio)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)

R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)

S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()

S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-26] (Symantec Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AXIOM; C:\Windows\system32\DRIVERS\MAudioAxiomAIR.sys [477392 2013-11-01] (M-Audio)

S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)

S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-16] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-16] (Symantec Corporation)

S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation)

S3 MADFUAXIOM; C:\Windows\System32\drivers\MAudioAxiomAIR_DFU.sys [29904 2013-11-01] (M-Audio)

S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140728.003\ENG64.SYS [126040 2014-06-22] (Symantec Corporation)

S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140728.003\EX64.SYS [2099288 2014-06-22] (Symantec Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)

R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)

S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-15] (Windows ® 2003 DDK 3790 provider)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)

S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-29] (Symantec Corporation)

S3 SymDS; C:\Windows\system32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)

S3 SymEFA; C:\Windows\system32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NISx64\1504000.00D\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)

S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-10] (Symantec Corporation)

S3 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-29] (Symantec Corporation)

S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-28 13:34 - 2014-07-28 13:34 - 00018801 _____ () C:\Users\Home\Downloads\FRST.txt

2014-07-28 13:21 - 2014-07-28 13:22 - 02093568 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe

2014-07-28 13:03 - 2014-07-28 13:12 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe

2014-07-24 22:05 - 2014-07-24 22:08 - 00001814 _____ () C:\Users\Home\Downloads\SystemLook.txt

2014-07-24 20:53 - 2014-07-24 20:53 - 00165376 _____ () C:\Users\Home\Downloads\SystemLook_x64.exe

2014-07-23 14:10 - 2014-07-23 14:18 - 00012895 _____ () C:\Users\Home\Documents\Memberships.xlsx

2014-07-22 22:05 - 2014-07-22 22:05 - 00015298 _____ () C:\Users\Home\Desktop\JavaRa.log

2014-07-22 17:54 - 2014-07-22 17:55 - 00000000 ____D () C:\Users\Home\Desktop\Remove Java

2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setuperr.log

2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setupact.log

2014-07-22 10:29 - 2014-07-28 12:44 - 00008994 _____ () C:\WINDOWS\PFRO.log

2014-07-22 10:29 - 2014-07-22 10:29 - 00000000 _____ () C:\asc_rdflag

2014-07-22 10:14 - 2014-07-09 21:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-07-22 10:14 - 2014-07-09 21:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-07-22 10:14 - 2014-07-09 20:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EpsonNet

2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EPSON

2014-07-21 22:11 - 2011-08-30 13:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll

2014-07-21 22:11 - 2011-08-30 13:40 - 00535040 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll

2014-07-21 22:11 - 2011-08-30 13:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll

2014-07-21 22:11 - 2011-08-30 13:38 - 00558080 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll

2014-07-21 22:11 - 2011-08-01 18:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll

2014-07-21 22:11 - 2011-08-01 18:24 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll

2014-07-21 22:10 - 2014-07-21 22:10 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\Epson Software

2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\epson

2014-07-21 22:10 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll

2014-07-21 22:10 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BHDA.DLL

2014-07-21 22:10 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe

2014-07-21 22:10 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll

2014-07-21 22:02 - 2014-07-21 22:05 - 02867200 _____ () C:\Users\Home\Downloads\epson15049 (1).exe

2014-07-21 21:39 - 2014-07-21 21:39 - 00000000 ____D () C:\Users\Home\AppData\Local\ABBYY

2014-07-21 21:38 - 2014-07-22 10:42 - 00000000 ____D () C:\ProgramData\ABBYY

2014-07-21 21:30 - 2014-07-21 21:33 - 19462432 _____ () C:\Users\Home\Downloads\epson15049.exe

2014-07-21 20:55 - 2014-07-21 20:58 - 18663712 _____ () C:\Users\Home\Downloads\epson15545.exe

2014-07-21 18:07 - 2014-07-28 11:46 - 01017486 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-21 17:33 - 2014-07-21 17:33 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software

2014-07-21 16:58 - 2014-07-21 16:58 - 01063464 _____ (SEIKO EPSON Corp.) C:\Users\Home\Downloads\standard.exe

2014-07-21 16:53 - 2014-07-21 16:55 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (2).exe

2014-07-21 15:46 - 2014-07-21 15:48 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (1).exe

2014-07-21 13:38 - 2014-07-21 13:40 - 127015200 _____ () C:\Users\Home\Downloads\epson15716.exe

2014-07-21 11:17 - 2014-07-21 11:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\InstallShield

2014-07-21 11:12 - 2011-04-19 21:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMHDA.DLL

2014-07-21 11:05 - 2014-07-21 22:10 - 00000079 _____ () C:\WINDOWS\EW7520.ini

2014-07-21 10:24 - 2011-12-14 12:21 - 00086016 _____ () C:\WINDOWS\SysWOW64\SYNSOPOS.exe

2014-07-21 10:23 - 2014-07-21 10:24 - 00000000 ____D () C:\Program Files (x86)\eLicenser

2014-07-21 10:23 - 2012-12-07 08:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\SYNSOACC.dll

2014-07-21 10:22 - 2014-07-21 10:22 - 00001173 _____ () C:\Users\Home\Desktop\Analog Lab.lnk

2014-07-21 10:22 - 2014-07-21 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia

2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\VST3

2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\Avid

2014-07-21 10:11 - 2014-07-21 10:14 - 295057568 _____ (Arturia Musical Instruments ) C:\Users\Home\Downloads\Analog_Lab_1_1.exe

2014-07-20 18:52 - 2014-07-21 21:21 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps

2014-07-19 22:52 - 2014-07-19 22:52 - 00001617 _____ () C:\Users\Home\Desktop\MBAM.txt

2014-07-19 22:51 - 2014-07-19 22:51 - 00049656 _____ () C:\Users\Home\Desktop\FRST.txt

2014-07-19 22:51 - 2014-07-19 22:51 - 00035924 _____ () C:\Users\Home\Desktop\Addition.txt

2014-07-19 22:45 - 2014-07-19 22:46 - 00035924 _____ () C:\Users\Home\Downloads\Addition.txt

2014-07-19 22:42 - 2014-07-28 13:22 - 00000000 ____D () C:\Users\Home\Downloads\FRST-OlderVersion

2014-07-18 15:26 - 2014-07-18 15:26 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-18 15:05 - 2014-07-18 15:05 - 00001273 _____ () C:\Users\Home\Desktop\AdwCleaner[s1].txt

2014-07-18 14:56 - 2014-07-18 14:56 - 01354223 _____ () C:\Users\Home\Downloads\adwcleaner_3.216.exe

2014-07-18 14:55 - 2014-07-18 14:55 - 00000621 _____ () C:\Users\Home\Desktop\JRT.txt

2014-07-16 17:14 - 2014-07-16 17:14 - 00030312 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\WINDOWS\ERDNT

2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-07-16 16:55 - 2014-07-16 16:55 - 00791393 _____ (Lars Hederer ) C:\Users\Home\Downloads\erunt-setup.exe

2014-07-16 09:02 - 2014-07-22 21:57 - 00015298 _____ () C:\JavaRa.log

2014-07-16 09:01 - 2014-07-16 09:01 - 00000000 ____D () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13

2014-07-16 08:01 - 2014-07-28 13:34 - 00000000 ____D () C:\FRST

2014-07-15 17:29 - 2014-07-18 15:00 - 00000000 ____D () C:\AdwCleaner

2014-07-15 17:29 - 2014-07-15 17:29 - 01348263 _____ () C:\Users\Home\Downloads\adwcleaner_3.215.exe

2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-15 17:00 - 2014-07-15 17:00 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Downloads\TFC.exe

2014-07-15 16:59 - 2014-07-15 16:59 - 05336664 _____ () C:\Users\Home\Downloads\RogueKillerX64.exe

2014-07-15 16:59 - 2014-07-15 16:59 - 00165483 _____ () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13.zip

2014-07-15 16:51 - 2014-07-15 16:51 - 00004535 _____ () C:\Users\Home\Downloads\RKreport_SCN_07132014_220711.log

2014-07-15 14:44 - 2014-07-15 14:44 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security

2014-07-15 14:09 - 2014-07-15 14:09 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration

2014-07-15 14:09 - 2014-07-15 14:09 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk

2014-07-15 14:01 - 2014-07-15 14:01 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2014-07-15 14:01 - 2014-07-15 14:01 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe

2014-07-15 14:01 - 2014-07-15 14:01 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys

2014-07-15 14:00 - 2014-07-15 14:00 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-07-15 13:59 - 2014-07-15 13:59 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll

2014-07-14 10:20 - 2014-07-14 10:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment

2014-07-08 20:40 - 2014-06-26 13:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-07-08 20:40 - 2014-06-26 13:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-08 20:37 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-07-08 20:37 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-07-08 20:37 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-07-08 20:37 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-07-08 20:37 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-07-08 20:37 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-07-08 20:37 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-07-08 20:37 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-07-08 20:37 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-07-08 20:37 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-07-08 20:37 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-07-08 20:37 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-07-08 20:37 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-07-08 20:37 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-07-08 20:37 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-07-08 20:37 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-07-08 20:37 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-07-08 20:37 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-07-08 20:37 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe

2014-07-08 20:37 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe

2014-07-08 20:37 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-07-08 20:37 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll

2014-07-08 20:37 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll

2014-07-08 20:37 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2014-07-08 20:37 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2014-07-08 20:37 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll

2014-07-08 20:37 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll

2014-07-08 20:37 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2014-07-08 20:37 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2014-07-08 20:37 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-07-08 20:36 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-07-08 20:35 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-07-08 20:34 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-07-08 20:34 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-07-08 20:34 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-07-08 20:34 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-07-08 20:34 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-07-08 20:34 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-07-08 20:34 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-07-08 20:31 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-07-08 20:31 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2014-07-08 20:31 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-07-08 20:31 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-07-08 20:31 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-08 20:31 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-07-08 20:31 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-07-08 20:31 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-08 20:31 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-07-08 20:31 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-07-08 20:31 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-07-08 20:31 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2014-07-08 20:31 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-07-08 20:31 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2014-07-08 20:31 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-07-08 20:30 - 2014-07-08 20:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-28 13:34 - 2014-07-28 13:34 - 00018801 _____ () C:\Users\Home\Downloads\FRST.txt

2014-07-28 13:34 - 2014-07-16 08:01 - 00000000 ____D () C:\FRST

2014-07-28 13:34 - 2014-01-23 12:26 - 00000000 __RDO () C:\Users\Home\SkyDrive

2014-07-28 13:33 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-28 13:33 - 2013-03-30 09:18 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-28 13:28 - 2013-07-15 20:47 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3214703091-3445229301-533389535-1011

2014-07-28 13:22 - 2014-07-28 13:21 - 02093568 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe

2014-07-28 13:22 - 2014-07-19 22:42 - 00000000 ____D () C:\Users\Home\Downloads\FRST-OlderVersion

2014-07-28 13:21 - 2013-03-30 09:19 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-28 13:12 - 2014-07-28 13:03 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe

2014-07-28 13:08 - 2014-04-21 21:53 - 00000000 ____D () C:\Users\Home\Documents\Outlook Files

2014-07-28 13:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-07-28 12:44 - 2014-07-22 10:29 - 00008994 _____ () C:\WINDOWS\PFRO.log

2014-07-28 12:43 - 2014-06-12 10:38 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job

2014-07-28 12:42 - 2012-09-18 03:47 - 00000000 ____D () C:\ProgramData\Adobe

2014-07-28 12:42 - 2012-09-18 03:47 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-07-28 12:35 - 2012-09-18 03:49 - 00000000 ____D () C:\ProgramData\WinClon

2014-07-28 11:46 - 2014-07-21 18:07 - 01017486 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-27 11:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-07-25 15:42 - 2013-07-15 21:09 - 00000000 ____D () C:\Users\Home\Documents\Work

2014-07-25 15:41 - 2014-06-21 21:29 - 00000000 ____D () C:\Users\Home\AppData\Local\VirtualStore

2014-07-25 15:41 - 2013-11-12 18:53 - 00000000 ____D () C:\Users\Home

2014-07-25 11:45 - 2013-08-22 06:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI

2014-07-24 22:08 - 2014-07-24 22:05 - 00001814 _____ () C:\Users\Home\Downloads\SystemLook.txt

2014-07-24 20:53 - 2014-07-24 20:53 - 00165376 _____ () C:\Users\Home\Downloads\SystemLook_x64.exe

2014-07-24 20:43 - 2014-06-12 10:38 - 00002233 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk

2014-07-23 14:18 - 2014-07-23 14:10 - 00012895 _____ () C:\Users\Home\Documents\Memberships.xlsx

2014-07-23 11:33 - 2014-06-22 22:47 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-07-22 22:05 - 2014-07-22 22:05 - 00015298 _____ () C:\Users\Home\Desktop\JavaRa.log

2014-07-22 21:57 - 2014-07-16 09:02 - 00015298 _____ () C:\JavaRa.log

2014-07-22 21:44 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2014-07-22 21:42 - 2014-01-17 12:19 - 00000000 ____D () C:\ProgramData\ProductData

2014-07-22 21:11 - 2013-07-15 20:40 - 00000000 ____D () C:\Users\Home\AppData\Local\Packages

2014-07-22 17:55 - 2014-07-22 17:54 - 00000000 ____D () C:\Users\Home\Desktop\Remove Java

2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setuperr.log

2014-07-22 11:01 - 2014-07-22 11:01 - 00000000 _____ () C:\WINDOWS\setupact.log

2014-07-22 10:42 - 2014-07-21 21:38 - 00000000 ____D () C:\ProgramData\ABBYY

2014-07-22 10:29 - 2014-07-22 10:29 - 00000000 _____ () C:\asc_rdflag

2014-07-22 10:29 - 2014-01-28 21:11 - 00376832 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak

2014-07-22 10:29 - 2014-01-28 21:11 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak

2014-07-22 10:29 - 2014-01-28 21:11 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak

2014-07-22 10:29 - 2014-01-28 21:10 - 86781952 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak

2014-07-22 10:28 - 2014-06-12 10:38 - 00000254 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Home.job

2014-07-21 22:47 - 2013-03-29 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EpsonNet

2014-07-21 22:11 - 2014-07-21 22:11 - 00000000 ____D () C:\Program Files\EPSON

2014-07-21 22:11 - 2013-05-23 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software

2014-07-21 22:11 - 2012-09-18 03:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-21 22:10 - 2014-07-21 22:10 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\Epson Software

2014-07-21 22:10 - 2014-07-21 22:10 - 00000000 ____D () C:\Program Files (x86)\epson

2014-07-21 22:10 - 2014-07-21 11:05 - 00000079 _____ () C:\WINDOWS\EW7520.ini

2014-07-21 22:10 - 2013-03-29 11:56 - 00000000 ____D () C:\ProgramData\EPSON

2014-07-21 22:08 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2014-07-21 22:05 - 2014-07-21 22:02 - 02867200 _____ () C:\Users\Home\Downloads\epson15049 (1).exe

2014-07-21 21:39 - 2014-07-21 21:39 - 00000000 ____D () C:\Users\Home\AppData\Local\ABBYY

2014-07-21 21:33 - 2014-07-21 21:30 - 19462432 _____ () C:\Users\Home\Downloads\epson15049.exe

2014-07-21 21:21 - 2014-07-20 18:52 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps

2014-07-21 20:58 - 2014-07-21 20:55 - 18663712 _____ () C:\Users\Home\Downloads\epson15545.exe

2014-07-21 19:28 - 2014-06-11 15:35 - 00004962 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-Home Laptop

2014-07-21 18:24 - 2013-09-29 21:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-07-21 18:15 - 2013-07-15 20:41 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Epson

2014-07-21 17:33 - 2014-07-21 17:33 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software

2014-07-21 16:58 - 2014-07-21 16:58 - 01063464 _____ (SEIKO EPSON Corp.) C:\Users\Home\Downloads\standard.exe

2014-07-21 16:55 - 2014-07-21 16:53 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (2).exe

2014-07-21 15:48 - 2014-07-21 15:46 - 127015200 _____ () C:\Users\Home\Downloads\epson15716 (1).exe

2014-07-21 13:40 - 2014-07-21 13:38 - 127015200 _____ () C:\Users\Home\Downloads\epson15716.exe

2014-07-21 11:17 - 2014-07-21 11:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\InstallShield

2014-07-21 10:29 - 2014-05-25 09:06 - 00000000 ____D () C:\ProgramData\eLicenser

2014-07-21 10:24 - 2014-07-21 10:23 - 00000000 ____D () C:\Program Files (x86)\eLicenser

2014-07-21 10:24 - 2014-05-25 09:07 - 00000049 _____ () C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg

2014-07-21 10:24 - 2014-05-25 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser

2014-07-21 10:22 - 2014-07-21 10:22 - 00001173 _____ () C:\Users\Home\Desktop\Analog Lab.lnk

2014-07-21 10:22 - 2014-07-21 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia

2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\VST3

2014-07-21 10:20 - 2014-07-21 10:20 - 00000000 ____D () C:\Program Files\Common Files\Avid

2014-07-21 10:20 - 2014-05-25 09:03 - 00000000 ____D () C:\Program Files\VstPlugins

2014-07-21 10:14 - 2014-07-21 10:11 - 295057568 _____ (Arturia Musical Instruments ) C:\Users\Home\Downloads\Analog_Lab_1_1.exe

2014-07-19 22:52 - 2014-07-19 22:52 - 00001617 _____ () C:\Users\Home\Desktop\MBAM.txt

2014-07-19 22:52 - 2014-06-18 20:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-19 22:51 - 2014-07-19 22:51 - 00049656 _____ () C:\Users\Home\Desktop\FRST.txt

2014-07-19 22:51 - 2014-07-19 22:51 - 00035924 _____ () C:\Users\Home\Desktop\Addition.txt

2014-07-19 22:46 - 2014-07-19 22:45 - 00035924 _____ () C:\Users\Home\Downloads\Addition.txt

2014-07-18 15:26 - 2014-07-18 15:26 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-18 15:05 - 2014-07-18 15:05 - 00001273 _____ () C:\Users\Home\Desktop\AdwCleaner[s1].txt

2014-07-18 15:00 - 2014-07-15 17:29 - 00000000 ____D () C:\AdwCleaner

2014-07-18 14:56 - 2014-07-18 14:56 - 01354223 _____ () C:\Users\Home\Downloads\adwcleaner_3.216.exe

2014-07-18 14:55 - 2014-07-18 14:55 - 00000621 _____ () C:\Users\Home\Desktop\JRT.txt

2014-07-16 17:14 - 2014-07-16 17:14 - 00030312 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\WINDOWS\ERDNT

2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-07-16 16:56 - 2014-07-16 16:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-07-16 16:55 - 2014-07-16 16:55 - 00791393 _____ (Lars Hederer ) C:\Users\Home\Downloads\erunt-setup.exe

2014-07-16 09:02 - 2013-03-31 20:24 - 00000000 ____D () C:\Program Files (x86)\java

2014-07-16 09:01 - 2014-07-16 09:01 - 00000000 ____D () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13

2014-07-15 17:29 - 2014-07-15 17:29 - 01348263 _____ () C:\Users\Home\Downloads\adwcleaner_3.215.exe

2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-15 17:00 - 2014-07-15 17:00 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Downloads\TFC.exe

2014-07-15 16:59 - 2014-07-15 16:59 - 05336664 _____ () C:\Users\Home\Downloads\RogueKillerX64.exe

2014-07-15 16:59 - 2014-07-15 16:59 - 00165483 _____ () C:\Users\Home\Downloads\JavaRa-1.16-28-5-13.zip

2014-07-15 16:51 - 2014-07-15 16:51 - 00004535 _____ () C:\Users\Home\Downloads\RKreport_SCN_07132014_220711.log

2014-07-15 15:09 - 2014-06-23 10:22 - 11185664 _____ (SurfRight B.V.) C:\Users\Home\Downloads\HitmanPro_x64.exe

2014-07-15 14:44 - 2014-07-15 14:44 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security

2014-07-15 14:35 - 2012-07-26 01:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP

2014-07-15 14:10 - 2012-09-18 03:48 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64

2014-07-15 14:09 - 2014-07-15 14:09 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration

2014-07-15 14:09 - 2014-07-15 14:09 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk

2014-07-15 14:09 - 2014-06-16 18:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2014-07-15 14:08 - 2013-04-05 10:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-07-15 14:01 - 2014-07-15 14:01 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2014-07-15 14:01 - 2014-07-15 14:01 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe

2014-07-15 14:01 - 2014-07-15 14:01 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll

2014-07-15 14:01 - 2014-07-15 14:01 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys

2014-07-15 14:01 - 2014-07-15 14:01 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys

2014-07-15 14:00 - 2014-07-15 14:00 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-07-15 13:59 - 2014-07-15 13:59 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll

2014-07-14 10:20 - 2014-07-14 10:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment

2014-07-10 15:29 - 2013-07-11 15:08 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-07-10 15:15 - 2013-03-29 14:32 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-07-09 21:16 - 2014-07-22 10:14 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-07-09 21:10 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-07-09 21:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-07-09 21:09 - 2013-08-22 07:44 - 05098592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-07-09 21:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-09 21:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-09 21:03 - 2014-07-22 10:14 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-07-09 20:33 - 2014-07-22 10:14 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-07-08 20:38 - 2013-09-29 20:51 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-08 20:30 - 2014-07-08 20:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

 

Files to move or delete:

====================

C:\ProgramData\MakeMarkerFile.exe

C:\Users\EasySurvey\EasySurvey.exe

 

 

Some content of TEMP:

====================

C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe

C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_1.exe

C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_2.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-28 13:29

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014

Ran by Home at 2014-07-28 13:36:07

Running from C:\Users\Home\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Ableton Live 8 (HKLM-x32\...\{3CBF4CD3-9370-44A0-B464-A21E588DD122}) (Version: 8.0.0.0 - Ableton)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.2.1.260 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden

Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)

Analog Lab 1.1.0 (HKLM-x32\...\analoglab073_is1) (Version: 1.1.0 - Arturia)

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)

Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)

Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.)

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)

Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)

Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)

Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)

Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2136 - Steinberg Media Technologies GmbH)

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON WF-7520 Series Printer Uninstall (HKLM\...\EPSON WF-7520 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Evernote v. 4.6.4 (HKLM-x32\...\{DDAFC46A-90E2-11E2-B700-984BE15F174E}) (Version: 4.6.4.8136 - Evernote Corp.)

Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

Ignite (HKLM-x32\...\{9A731246-E02E-44DC-940D-0F8110C1789D}) (Version: 1.3.1 - AIR Music Technology)

Ignite (x32 Version: 1.3.1 - AIR Music Technology) Hidden

Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)

Intel PROSet Wireless (Version:  - ) Hidden

Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{AD0F3D6D-202A-4BAB-8838-0134531FD3AF}) (Version: 15.5.6.0460 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1657 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

M-Audio Axiom AIR 1.0.8 (x64) (HKLM\...\{ACD73767-8749-4268-B78D-8CF135BC0C25}) (Version: 1.0.8 - M-Audio)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden

MyHarmony (HKCU\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)

NVIDIA Control Panel 305.46 (Version: 305.46 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)

Realtime Landscaping Pro 2013 (HKLM-x32\...\{9553CB41-9B98-4FA0-8919-2FE6BE278C7B}) (Version: 8.1.5 - Idea Spectrum)

Realtime Landscaping Pro 2013 Trial (HKLM-x32\...\{0B1E5DED-C94D-4C21-96E0-D71BB7897B44}) (Version: 5.1.5 - Idea Spectrum)

Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)

S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden

Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)

Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden

Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)

Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)

Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden

Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.1 - Synaptics Incorporated)

TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)

User Guide (HKLM-x32\...\{9914AD8E-C0D6-420D-BEF6-40BF4DEDE3BA}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)

Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)

Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

10-07-2014 22:11:47 Windows Update

15-07-2014 20:58:10 Windows Modules Installer

21-07-2014 18:13:03 Installed Epson Event Manager

28-07-2014 19:41:42 Removed Adobe Reader XI (11.0.07).

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0484A257-5507-42E7-8536-D8477039DD69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0A51506B-657B-4096-8D66-C477033F97F3} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {0D15E43D-34A9-4912-AF76-3B260EAFE8D9} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-sandra2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {1A51B650-896E-49D1-AC22-E3256B14F3E2} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Home2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {1B198CCE-8A06-46A0-8EF3-63E9EB685ED8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {22CF0F19-46F2-4A5D-AF62-6A1A464A359F} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-16] (Samsung Electronics CO., LTD.)

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {3FFC866D-E100-494D-9D0B-C14726C7B6F2} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {42A6319B-771C-4031-9654-0DB01DC779A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)

Task: {46E724FE-CE00-4B68-BC46-2DDFDF95217E} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {4899564C-BA96-481A-85B5-662C505C1396} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {55029777-A770-4BAE-884F-8FAE3DE69587} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {585D1B9B-2C63-44F1-8A76-8C911E563BE7} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)

Task: {5B0CE3CC-0228-4F06-9B49-4268DE295BE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)

Task: {640CCA43-F540-495D-86AA-5FA96D7C42BD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation)

Task: {67454999-0147-411B-9C68-D71328512DE2} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6CDB0831-F16C-47B8-902D-C703A6055462} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {72E38400-DDB2-4B0D-8D4A-8389F17FF3F0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {7B5BFACE-E767-4CF8-B71B-9089C703724D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {91DF7F87-9D22-4BB7-9FE6-103078224082} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {93AFEA39-BD09-4001-BD77-2B1237856B15} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-Home Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)

Task: {9600FE73-6503-4251-B9B1-8D8EDE9CA4C8} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Home => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {9DB18519-896B-4139-8BB6-B21C0EB9569C} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-16] (SEC)

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {B588494B-6E78-40CA-8004-1373A9EA7440} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Laptop => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {B820D568-B41C-4F36-AF34-D1AB732C5BCA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-21] (Synaptics Incorporated)

Task: {C07137EA-E8FE-44B4-856D-C32C8E50879C} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-Sandra => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {C83A53A4-1CF5-4E13-8BBE-3D99C450E5D0} - System32\Tasks\ASC7_SkipUac_Home => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-28] (IObit)

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D2938CE5-A2F3-45D4-87F2-A4F62D42039E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {E828094D-8C9B-4D85-A392-3AE6B7545173} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {EA38FA66-E290-4076-8041-CE7D24B7E17D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation)

Task: {EF31621A-ABCA-436F-AC05-64237ED617E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)

Task: {F18F3196-37E8-495D-AB97-527EE2C22C85} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {F4839C07-61B6-4381-8920-61DBAEA9A2C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)

Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Home.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-07-15 10:07 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

2013-10-16 19:02 - 2013-10-16 19:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2014-07-11 09:21 - 2014-05-20 09:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-06-12 10:37 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll

2012-09-05 00:50 - 2012-09-05 00:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-properties

AlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-thumbnail

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run: => "IgfxTray"

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"

HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"

HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"

HKLM\...\StartupApproved\Run32: => "Norton Online Backup"

HKLM\...\StartupApproved\Run32: => "RemoteControl10"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

HKLM\...\StartupApproved\Run32: => "FUFAXSTM"

HKLM\...\StartupApproved\Run32: => "FUFAXRCV"

HKLM\...\StartupApproved\Run32: => "EEventManager"

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

HKLM\...\StartupApproved\Run32: => "MaxMenuMgr"

HKLM\...\StartupApproved\Run32: => "SearchProtectAll"

HKCU\...\StartupApproved\Run: => "iCloudServices"

HKCU\...\StartupApproved\Run: => "SearchProtect"

HKCU\...\StartupApproved\Run: => "AppleIEDAV"

HKCU\...\StartupApproved\Run: => "Advanced SystemCare 6"

HKCU\...\StartupApproved\Run: => "Advanced SystemCare 7"

HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (07/28/2014 01:32:32 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program FRST64.exe version 26.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1790

 

Start Time: 01cfaaa2cf97948a

 

Termination Time: 60000

 

Application Path: C:\Users\Home\Downloads\FRST64.exe

 

Report Id: 20808150-1696-11e4-bf23-50b7c37dc940

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (07/28/2014 01:31:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program FRST64.exe version 26.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: a8

 

Start Time: 01cfaaa1e475aecf

 

Termination Time: 60000

 

Application Path: C:\Users\Home\Downloads\FRST64.exe

 

Report Id: 01136587-1696-11e4-bf23-50b7c37dc940

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (07/28/2014 01:24:57 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program FRST64.exe version 26.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: aac

 

Start Time: 01cfaaa19950b878

 

Termination Time: 60000

 

Application Path: C:\Users\Home\Downloads\FRST64.exe

 

Report Id: 101c4bb5-1695-11e4-bf23-50b7c37dc940

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

System errors:

=============

Error: (07/28/2014 01:33:54 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

Error: (07/28/2014 01:33:54 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

Error: (07/28/2014 01:33:53 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

Error: (07/28/2014 01:33:53 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

Error: (07/28/2014 01:24:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

Error: (07/28/2014 01:24:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

Error: (07/28/2014 01:24:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

Error: (07/28/2014 01:10:23 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

Error: (07/28/2014 01:10:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

Error: (07/28/2014 01:10:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)

Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

 

 

Microsoft Office Sessions:

=========================

Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

 

Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

 

Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

 

Error: (07/28/2014 01:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

 

Error: (07/28/2014 01:32:32 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: FRST64.exe26.7.2014.0179001cfaaa2cf97948a60000C:\Users\Home\Downloads\FRST64.exe20808150-1696-11e4-bf23-50b7c37dc940

 

Error: (07/28/2014 01:31:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: FRST64.exe26.7.2014.0a801cfaaa1e475aecf60000C:\Users\Home\Downloads\FRST64.exe01136587-1696-11e4-bf23-50b7c37dc940

 

Error: (07/28/2014 01:24:57 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: FRST64.exe26.7.2014.0aac01cfaaa19950b87860000C:\Users\Home\Downloads\FRST64.exe101c4bb5-1695-11e4-bf23-50b7c37dc940

 

Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

 

Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

 

Error: (07/28/2014 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 28%

Total physical RAM: 3983.59 MB

Available physical RAM: 2858.72 MB

Total Pagefile: 5519.59 MB

Available Pagefile: 4428.89 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:673.53 GB) (Free:433.1 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 699 GB) (Disk ID: 3BE520E4)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================


Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/28/2014

Scan Time: 1:39:55 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.28.06

Rootkit Database: v2014.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Home

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 432582

Time Elapsed: 16 min, 31 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 1

PUP.Optional.Trovi.A, HKU\S-1-5-21-3214703091-3445229301-533389535-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MCA34FCC8-35E3-4566-924A-8CFE46A6B1DE&SearchSource=55&CUI=&UM=5&UP=SP41EC47CF-2331-482A-AB0B-24B124775B9C&SSPV=),Replaced,[18cea1033d3ef93d9c0e119b2bd97b85]

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

fixlist.txt

Link to post
Share on other sites

Okay, I ran the fix and the log is attached. When I open Internet Explorer Trovi is still there however. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014

Ran by Home at 2014-07-29 10:01:53 Run:1

Running from C:\Users\Home\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...124775B9C&SSPV=

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://download.eset...lineScanner.cab

CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Sandra\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx

C:\ProgramData\MakeMarkerFile.exe

C:\Users\EasySurvey\EasySurvey.exe

C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe

C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_1.exe

C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_2.exe

Task: {0484A257-5507-42E7-8536-D8477039DD69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)

Task: {5B0CE3CC-0228-4F06-9B49-4268DE295BE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {91DF7F87-9D22-4BB7-9FE6-103078224082} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-properties

AlternateDataStreams: C:\Users\Home\Documents\Truck 1.jpg:ms-thumbnail

 

*****************

 

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key deleted successfully.

"HKCR\CLSID\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key deleted successfully.

"HKCR\CLSID\{60D22135-E374-47EF-B1D6-55C2184B5CB7}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.

"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk" => Key deleted successfully.

"CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Sandra\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx" => File/Directory not found.

C:\ProgramData\MakeMarkerFile.exe => Moved successfully.

C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.

C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe => Moved successfully.

C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_1.exe => Moved successfully.

C:\Users\Home\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih_2.exe => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0484A257-5507-42E7-8536-D8477039DD69}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0484A257-5507-42E7-8536-D8477039DD69}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B0CE3CC-0228-4F06-9B49-4268DE295BE2}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B0CE3CC-0228-4F06-9B49-4268DE295BE2}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CC813C9-712A-41EF-9512-B233444FC669}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CC813C9-712A-41EF-9512-B233444FC669}" => Key deleted successfully.

C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91DF7F87-9D22-4BB7-9FE6-103078224082}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91DF7F87-9D22-4BB7-9FE6-103078224082}" => Key deleted successfully.

C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => Key deleted successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

C:\Users\Home\SkyDrive => ":ms-properties" ADS removed successfully.

C:\Users\Home\Documents\Truck 1.jpg => ":ms-properties" ADS removed successfully.

C:\Users\Home\Documents\Truck 1.jpg => ":ms-thumbnail" ADS removed successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.


Opera
How to Perform a (really) clean Reinstall of Opera
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.