schtasks.exe and schtasks.exe.mui ? 4 of each?

[Serndpt]

I have recently noticed a small pop up window appear and was able yesterday to actually see the header on the window. It was "schtasks.exe". This is a new bit of oddity for me so I googled and discovered it could be some type of malware or trojan. I've run a complete scan with Malwarebytes and Avira. Neither detected any issues.

 

Searching my harddrive for the 'schtasks.exe' file I see 4 with that file name and 4 'schtasks.exe.mui', located in various folders on my C: drive, and with various file sizes.

 

This is a Gyazo screen capture of the search results: https://gyazo.com/7f2ac3d20fc2be16036e603cb925e2d7

 

Am I infected? if so, how does one go about cleaning this up?

 

Thanks for any assistance.

[kevinf80]

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may or may not see this message box.
  
          'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish. Follow the instructions above....
  

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
• Close the program > Don't Fix anything!
  

Let me see those logs in your reply....

Thank you,

Kevin...
 

[Serndpt]

I had to google bittorrent-- did not know what it was. To my knowledge, I don't have pirated software on this computer.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/25/2015
Scan Time: 6:53 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.25.04
Rootkit Database: v2015.10.23.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kai

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 501934
Time Elapsed: 34 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

===============

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
Ran by Kai (administrator) on KAI-PC (25-10-2015 19:34:53)
Running from C:\Users\Kai\Contacts\Desktop
Loaded Profiles: Kai &  (Available Profiles: Kai)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://dell13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2855246755-1798518092-654647340-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  ST2000DM001-1CH SCSI Disk Device +++++
--- User ---
[MBR] c16c09748c25b06da7d6f24e7ad8a28e
[bSP] 3814cc8c18e68ed04ac8a7ee9cacf6cc : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 22188 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45522944 | Size: 1885492 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: WD My Book 1130 USB Device +++++
--- User ---
[MBR] 239b5737c9ccec8839686058d9a1eff8
[bSP] fcdf32c80a56a79906373c34b09dd153 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 

 

[kevinf80]

Can you also post the secondary log from FRST "Addition.txt" Logs are saved to this folder: C:\FRST\Logs

[Serndpt]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by Kai (2015-10-25 19:35:23)
Running from C:\Users\Kai\Contacts\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-05-16 15:27:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2855246755-1798518092-654647340-500 - Administrator - Disabled)
Guest (S-1-5-21-2855246755-1798518092-654647340-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2855246755-1798518092-654647340-1003 - Limited - Enabled)
Kai (S-1-5-21-2855246755-1798518092-654647340-1002 - Administrator - Enabled) => C:\Users\Kai

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Alchemy Beta x64 (HKLM\...\AlchemyBeta) (Version: 3.8.1.35916 - Alchemy Viewer Project)
Alchemy Viewer x64 (HKLM\...\AlchemyViewer) (Version: 3.8.2.36473 - Alchemy Viewer Project)
Amazon Kindle (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
AMP Font Viewer (HKLM-x32\...\AMP Font Viewer) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Painter 13 - IPM (Version: 13.0 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.0 - Corel Corporation) Hidden
Corel Painter X3 (HKLM\...\_{EF449371-6B69-49C8-B789-76A0B0E3446B}) (Version: 13.0.0.704 - Corel Corporation)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crazybump (remove only) (HKLM-x32\...\Crazybump) (Version:  - )
CtrlAltStudio-Viewer-Alpha (remove only) (HKLM-x32\...\CtrlAltStudio-Viewer-Alpha) (Version: 1.2.4.43384 - CtrlAltStudio)
CtrlAltStudio-Viewer-Release (remove only) (HKLM-x32\...\CtrlAltStudio-Viewer-Release) (Version: 1.2.1.41169 - CtrlAltStudio)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5425 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell System Detect (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell)
Dell System Detect (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Easy Media Player 1.1.12 (HKLM-x32\...\Easy Media Player) (Version: 1.1.12 - Easy Media Player)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-2630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-2630 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Filter Forge 3.015 (HKLM-x32\...\Filter Forge 3_is1) (Version:  - Filter Forge, Inc.)
Filter Forge 4.014 (HKLM-x32\...\Filter Forge 4_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 1 - Metals 2.013 (HKLM-x32\...\Filter Forge Freepack 1 - Metals_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 2 - Photo Effects 2.013 (HKLM-x32\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 3 - Frames 2.013 (HKLM-x32\...\Filter Forge Freepack 3 - Frames_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 4 - Distortions 2.013 (HKLM-x32\...\Filter Forge Freepack 4 - Distortions_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 5 - Hearts 2.013 (HKLM-x32\...\Filter Forge Freepack 5 - Hearts_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 6 - Patterns 2.013 (HKLM-x32\...\Filter Forge Freepack 6 - Patterns_is1) (Version:  - Filter Forge, Inc.)
Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
Firestorm SecondLife and OpenSim viewer (Version: 4.7.47323 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{87a36c50-4766-41e3-b23b-2354a2ff60bf}) (Version: 4.7.47323 - Phoenix Firestorm Project Inc)
Flame Painter 2.5.0 Personal (64bit) (HKLM\...\Flame Painter 2.5.0 Personal (64bit)_is1) (Version: 2.5.0 - Escape Motions, s.r.o)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KokuaViewer (remove only) (HKLM-x32\...\KokuaViewer) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version:  - xiles)
NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OnLive (HKLM-x32\...\OnLive) (Version:  - OnLive)
onOne Panel for Photoshop CS6 (HKLM-x32\...\{B6556F56-796F-42F1-A761-AA02584F1E06}) (Version:  - )
OpenGL Extensions Viewer 4.1 (HKLM-x32\...\GLVIEW3) (Version: 412 - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenRL Runtime 1.3.1000.14 x64 (HKLM\...\{250C8D22-1757-11E3-818E-1803734DBB4F}) (Version: 1.3.1000.14 - Caustic Graphics, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Painter 13 - Contentx64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.0 - Corel Corporation) Hidden
ParticleShop - Core (Version: 1.1 - Corel Corporation) Hidden
ParticleShop - IPM (Version: 1.1 - Corel Corporation) Hidden
ParticleShop - IPM Content (Version: 1.1 - Corel Corporation) Hidden
ParticleShop (HKLM\...\_{6F224046-E164-4B78-9867-3AE494271D29}) (Version: 1.1.0.549 - Corel Corporation)
ParticleShop (Version: 1.1 - Corel Corporation) Hidden
Perfect Effects 8 (HKLM-x32\...\{C982ACFF-5997-4B7D-B3E1-CF7273A06FB2}) (Version: 8.1.0 - onOne Software)
Portrait Professional 11.3 Trial (HKLM-x32\...\PortraitProfessional11Trial_is1) (Version: 11.3 - Anthropics Technology Ltd.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Radegast 2.16 (HKLM-x32\...\Radegast) (Version: 2.16 - Radegast Development Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
SAM Broadcaster (remove only) (HKLM-x32\...\SAM3) (Version:  - )
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Singularity (64 bit) (remove only) (HKLM-x32\...\Singularity (64 bit)) (Version:  - )
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Smart Photo Editor (HKLM\...\SmartPhotoEditor1_is1) (Version: 1.20 - Anthropics Technology Ltd.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) <==== ATTENTION
Sound Blaster Recon3D PCIe (HKLM-x32\...\{CA0A90CB-F659-4E0B-B2A2-C8CF4B752AEC}) (Version: 1.01.26 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{EC1D58F3-BD94-4CF2-87C2-832985F73E39}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Spotify (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Stellarium 0.13.1 (HKLM\...\Stellarium_is1) (Version: 0.13.1 - Stellarium team)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6w3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Wunderlist (HKLM-x32\...\{05005782-A2CD-4EF9-B838-C3B00FED2412}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2855246755-1798518092-654647340-1002_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-2855246755-1798518092-654647340-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2855246755-1798518092-654647340-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Restore Points =========================

23-10-2015 16:47:22 Installed EPSON Scan OCR Component
23-10-2015 16:48:26 Installed EPSON Scan PDF Extensions
23-10-2015 17:12:21 Installed FAX Utility
23-10-2015 17:14:32 Installed EPSON Scan OCR Component
23-10-2015 17:15:54 Installed EPSON Scan PDF Extensions
23-10-2015 17:45:01 Installed Software Updater
23-10-2015 17:56:09 Installed Epson Event Manager

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {087CE8FE-19D2-40CF-9B70-DCF8E46EA0F7} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {0B65482B-F934-46DE-A518-6F71198A7C2E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.)
Task: {270AB908-EF83-45F7-9C70-8A4E9B9C4764} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {2B961315-8475-4ACE-9BEE-95E63E5BC08A} - System32\Tasks\EPSON WF-2630 Series Update {EF84BE60-9DB9-4823-BB8B-584BAEE577FA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {336F0952-64D2-480D-AD22-08053BCBAE44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3D34C430-9E95-4D20-B9DD-7966C71CCF07} - System32\Tasks\EPSON WF-2630 Series Update {500ED1AA-3CE0-40E5-87FE-F6055980A63A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {5E56C298-B9B8-45A0-82F1-1CC68418ACE5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {61609710-9FBE-4E3D-88D2-0D015F1DD6F8} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {79986268-4566-4CB4-BFD2-042D2EEA5131} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {81300A8E-2CC8-40E0-B838-C3BA402E438F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {894BEF31-A1CE-4F68-865A-384FF7476CB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9314EA16-F47C-4A75-84E3-78E784D5274C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {D5CC51E7-792B-46B3-8BE3-753E59485CBB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.)
Task: {DF52CA2F-825E-442A-A7CF-95F6729BD4A5} - System32\Tasks\{DD749819-BE3A-47A3-858C-ED75FB98F3CF} => pcalua.exe -a C:\Users\Kai\Downloads\Get_There.exe -d C:\Users\Kai\Downloads
Task: {E88A03B9-51C1-4170-9140-27E824C282C6} - System32\Tasks\AdobeAAMUpdater-1.0-Kai-PC-Kai => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {F5BF9310-3F78-4C02-BD0E-16763BB4403E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {FA79D552-0175-4A82-809E-24F0CEEC8503} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON WF-2630 Series Update {500ED1AA-3CE0-40E5-87FE-F6055980A63A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{500ED1AA-3CE0-40E5-87FE-F6055980A63A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-2630 Series Update {EF84BE60-9DB9-4823-BB8B-584BAEE577FA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{EF84BE60-9DB9-4823-BB8B-584BAEE577FA} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-10-22 23:03 - 2015-04-08 16:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 17:00 - 2013-06-06 12:31 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-05-22 13:17 - 2013-05-22 13:17 - 00400704 _____ () C:\Users\Kai\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-07-13 17:46 - 2015-07-21 00:02 - 05887808 _____ () C:\Users\Kai\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-05-10 02:28 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-01-10 15:41 - 2015-03-29 20:24 - 00568392 _____ () C:\Program Files (x86)\puush\puush.exe
2015-07-22 01:02 - 2015-07-22 01:02 - 31535264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-05-10 02:21 - 2012-01-21 06:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-04-21 09:20 - 2015-06-24 06:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-22 15:32 - 2015-07-22 15:32 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-10-25 18:51 - 2015-10-25 18:51 - 00071168 _____ () c:\users\kai\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpza0iyo.dll
2015-06-01 01:13 - 2015-09-23 18:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-06-01 01:13 - 2015-09-23 18:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 18:31 - 2015-09-23 18:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-01 01:13 - 2015-09-23 18:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dell.com -> dell.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2855246755-1798518092-654647340-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DF773D2B-98AE-42D6-BD13-1B2B395B12F8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7688A8C3-D735-4939-81D8-4E1BD244E13C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{DCFA442A-320A-4EA3-BEBD-407C27A4ED10}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{421F8408-2BD6-43DF-B012-EECFF6931973}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E9484F68-4CE0-49AB-938E-FB003C978D9C}] => (Allow) LPort=2869
FirewallRules: [{DF350843-82B9-409D-930F-BFE0AE17F111}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{32BF67FE-409A-4078-8060-617DE1B8B9D5}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{F91743ED-96D8-4A4A-9507-E3A7506DE613}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EDB70108-815D-466E-B7C9-B874DB5CFAB0}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{00C357BC-AAA3-4760-AFAD-BBD0DF71F0D4}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{C8E3B306-29C2-4526-B6E9-6A4D168E0A2D}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{A1EEDD90-9346-46D0-8028-112F786E64BC}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{4CB22A91-E878-4D3D-847F-920032A1D685}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9DE3D66B-E335-45FA-A156-8A959D49AC0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6BCBF2CA-204C-4542-8E21-50AC8CD219FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0A241B17-A5B9-409C-A2DD-4362D4CC09C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{88616D6D-4EA4-4289-97F3-EAB9D75713E9}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{A123A4A5-F803-4CCE-A4B1-6E6C27A8C08B}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{24D69C52-815E-4040-A17A-8B7B52A7F697}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [uDP Query User{F5332E06-7718-4208-B97C-E349F6FC8F44}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{CCAEED73-092E-4787-A6DE-B7AEB6572F36}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6B4A12BD-F1AB-4C84-968E-E1F19DE079B7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{9B9F1B50-F208-4103-A643-27FB2D3494AE}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [uDP Query User{768524E5-D5E5-4FE1-B766-F0654B8B8FC9}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [TCP Query User{4EA83DD6-4BDA-4C11-B26F-C6505659D4C6}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [uDP Query User{C4BF64AC-D3CB-42BD-99D5-B1BE6A35BEF0}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{0DC7BBB6-DF1E-4D33-8635-FD9A39E9C5F8}C:\program files (x86)\black dragon\slvoice.exe] => (Allow) C:\program files (x86)\black dragon\slvoice.exe
FirewallRules: [uDP Query User{A838B295-2B4D-41DB-ABDB-BAC2227762A0}C:\program files (x86)\black dragon\slvoice.exe] => (Allow) C:\program files (x86)\black dragon\slvoice.exe
FirewallRules: [TCP Query User{0439B8E7-09A0-43F9-88B2-7FF59CDFD083}C:\program files (x86)\black dragon\slvoice.exe] => (Allow) C:\program files (x86)\black dragon\slvoice.exe
FirewallRules: [uDP Query User{2727002C-06F6-4D42-B6AD-E98A6635BF05}C:\program files (x86)\black dragon\slvoice.exe] => (Allow) C:\program files (x86)\black dragon\slvoice.exe
FirewallRules: [TCP Query User{404E8A62-C781-4F6D-A1D6-AC256331F5BE}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [uDP Query User{6FDF99FB-1441-419F-A680-EB44DE942726}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [{5CFD3831-B07D-489B-AB08-38AF6C3DE01B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1687535C-7F73-40DB-9490-C94EF0E5D42F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{7147C229-5379-4647-9436-FEBC2639138D}C:\program files (x86)\ctrlaltstudio-viewer-release\slvoice.exe] => (Allow) C:\program files (x86)\ctrlaltstudio-viewer-release\slvoice.exe
FirewallRules: [uDP Query User{5CC6D9B3-724C-42AC-9D38-E99169AE4722}C:\program files (x86)\ctrlaltstudio-viewer-release\slvoice.exe] => (Allow) C:\program files (x86)\ctrlaltstudio-viewer-release\slvoice.exe
FirewallRules: [TCP Query User{82E9EE6F-401F-4C6E-992D-16627193B21B}C:\program files\alchemybeta\slvoice.exe] => (Allow) C:\program files\alchemybeta\slvoice.exe
FirewallRules: [uDP Query User{6648781C-EFF2-4B6C-975C-D8196D3870E0}C:\program files\alchemybeta\slvoice.exe] => (Allow) C:\program files\alchemybeta\slvoice.exe
FirewallRules: [TCP Query User{F4040725-9704-4706-805D-FCA7A42B010B}C:\program files (x86)\kokuaviewer\slvoice.exe] => (Allow) C:\program files (x86)\kokuaviewer\slvoice.exe
FirewallRules: [uDP Query User{4462FCE1-597B-4506-89A2-9499CC8892C3}C:\program files (x86)\kokuaviewer\slvoice.exe] => (Allow) C:\program files (x86)\kokuaviewer\slvoice.exe
FirewallRules: [{172F4063-1CAF-4786-BE55-FC17694199B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{52787C91-2D19-48FB-92F1-FDC1B40D3A5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{53FC6423-DD77-4820-A7FA-9CEE27B92B8C}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{E52A3B5B-035F-42A2-802D-83924E864661}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [TCP Query User{AEAA6E71-BD36-4927-BB2F-190ECBA40AFD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{8C7BFF29-7A58-4B68-8D60-B703C3A212C4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{5A507CCA-2981-4BBA-823E-88716BF2AD62}C:\program files (x86)\exodusviewer\slvoice.exe] => (Allow) C:\program files (x86)\exodusviewer\slvoice.exe
FirewallRules: [uDP Query User{770A1B47-5C84-4DF7-B581-FE1186CBADE2}C:\program files (x86)\exodusviewer\slvoice.exe] => (Allow) C:\program files (x86)\exodusviewer\slvoice.exe
FirewallRules: [TCP Query User{9637CB10-7A31-4BF8-949E-F42D918704E2}C:\program files\onone software\perfect effects free 9\perfect effects free 9.exe] => (Allow) C:\program files\onone software\perfect effects free 9\perfect effects free 9.exe
FirewallRules: [uDP Query User{2B0517FB-0CD8-43A0-A087-6BDA207B55A9}C:\program files\onone software\perfect effects free 9\perfect effects free 9.exe] => (Allow) C:\program files\onone software\perfect effects free 9\perfect effects free 9.exe
FirewallRules: [TCP Query User{F66E6900-F467-4446-A40C-10AB33ED3D7D}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [uDP Query User{46F0838C-11B0-496C-9DF5-1B0A7610EEC3}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [TCP Query User{E38A56A4-CDFB-414D-B372-D223C1A307C8}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [uDP Query User{6128465C-D331-4387-86EA-638D5A8EDEAB}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [{33F59500-3337-43C3-996F-687375620E31}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{5F413D6B-B4DA-453B-A860-481E0EC27A16}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{CA90443E-834A-4B7C-8347-321621C773EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{69542DB2-9A24-4545-9A81-183CA9DEDBF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{96762F0B-A6B9-47EA-9A72-EF8155156DBC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8FA2F06-BEE4-47C5-894F-8F69217C8A39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{8902D993-1C68-4528-B7A6-ED95CA08B062}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [uDP Query User{D47F2AE7-54E2-4E61-864A-65D300A550B6}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [TCP Query User{DBF708F1-67E4-42DC-B294-15AF188EA485}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [uDP Query User{C3F56148-158D-44F6-9586-B0A14D496820}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [{BB98F583-674A-4D47-823E-692A1CC15F26}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{1F98854B-E834-4E70-8DAF-BBB950C9A446}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [uDP Query User{6E533258-7C6A-4CEF-832F-726C6E86EEEC}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{3F067076-813D-41D9-A219-814F842B6608}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{ED5B60D8-126F-4FEF-87EA-4093D7EA59FA}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{96CB62D0-1EE6-4DFC-8D96-4B92A1E9A30A}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{C8B57067-2853-40F1-933B-869BA175048A}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{388BA3C3-C946-46A0-A18C-F70B83FA572F}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{0B416001-50C1-4538-A31A-4829591529E9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{A9DABA57-9E82-4348-A8C8-2E5AE35E455B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{588B4742-CA9A-466A-BCFD-9E5844F4EE2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2015 06:47:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/25/2015 03:20:33 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/24/2015 04:38:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2015 02:12:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/23/2015 06:00:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2015 05:11:23 PM) (Source: MsiInstaller) (EventID: 10005) (User: Kai-PC)
Description: Product: EpsonNet Print -- The same version of EpsonNet Print is already installed. Installation will close.

Error: (10/23/2015 05:07:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2015 02:00:06 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/22/2015 02:11:31 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/21/2015 12:41:06 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (10/25/2015 07:23:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/25/2015 07:22:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/25/2015 07:22:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/25/2015 07:00:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (10/25/2015 06:56:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/25/2015 06:56:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/25/2015 06:56:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/25/2015 06:56:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/25/2015 06:54:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/25/2015 06:54:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


==================== Memory info ===========================

Processor: Intel® Core i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 41%
Total physical RAM: 12248.88 MB
Available physical RAM: 7189.55 MB
Total Virtual: 24495.95 MB
Available Virtual: 19101.23 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1841.3 GB) (Free:1646.89 GB) NTFS
Drive d: (WF-2630) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
Drive i: (USB DISK) (Removable) (Total:7.2 GB) (Free:5.41 GB) FAT32
Drive j: (My Book) (Fixed) (Total:931.48 GB) (Free:369.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 346670F2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1841.3 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00073856)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: BFC06415)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)

==================== End of Addition.txt ============================

[kevinf80]

The logs you`ve posted are clean, no obvious malware or infection. Finding schtasks.exe entries on your system does not necessarily mean there is an infection, although malware/infection writers are known to use that entry for malicious purpose.

The entries in your screen shot look normal, I do not see any reason to believe those are malicious. As a precaution I still recommend that a thorough on line AV scan is run as follows:

 

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.
  

If using Mozilla Firefox or Google Chrome:

• Download esetsmartinstaller_enu.exe that you'll be given link to.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.
  

To perform the scan:

• Make sure that Remove found threats is unchecked.
• Scan archives is checked.
• In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
• Under “Enable Stealth Technology select “Change” select any extra drives in that window.
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When the scan is done, click Finish.
• A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  

Please include this logfile in your next reply.

Don't forget to re-enable protection software!
 

Thank you,

 

Kevin...

[Serndpt]

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3b64101b0851b94e9051c92afd4d4a53
# end=init
# utc_time=2015-10-26 07:08:09
# local_time=2015-10-26 02:08:09 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26420
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3b64101b0851b94e9051c92afd4d4a53
# end=updated
# utc_time=2015-10-26 07:10:09
# local_time=2015-10-26 02:10:09 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3b64101b0851b94e9051c92afd4d4a53
# engine=26420
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-26 11:29:52
# local_time=2015-10-26 06:29:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11682565 68774586 0 0
# scanned=1333223
# found=60
# cleaned=0
# scan_time=15582
sh=28B29A0AA2F451EC3837933CE5B1BD353CF0DF3E ft=1 fh=d9a532cac918a019 vn="MSIL/Adware.StrongVault.A application" ac=I fn="C:\AI_RecycleBin\{B89CD067-823C-47B7-BE9A-653EEDF44297}\3\Strongvault\StrongVaultApp.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=78D39055963B638142A26F6A1CA0858557F1553D ft=1 fh=22097666a78966a3 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=E51D31466DA5738E4D029C788B93EF7D428648A3 ft=1 fh=5cf3f026d273c9eb vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup403.exe"
sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup404.exe"
sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup406.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup410.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup416.exe"
sh=DFDA3BEB6A8E9899118BBDE16E4DE6878E323A90 ft=1 fh=dc19b4d7d4992970 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup419.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup500(1).exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup500.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup501(1).exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup501.exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup502(1).exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup502.exe"
sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup503.exe"
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup504.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup505(1).exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup505.exe"
sh=012CB3E628C9FAC1159A4BA01F79C6C905757FF9 ft=1 fh=2ab5bfb1b985039b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup506.exe"
sh=BCA0BBDC1ECA7D7049B11DFDF06A731B0DEB0330 ft=1 fh=5d043d2b7dcbb6c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup507(1).exe"
sh=BCA0BBDC1ECA7D7049B11DFDF06A731B0DEB0330 ft=1 fh=5d043d2b7dcbb6c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup507.exe"
sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup508(1).exe"
sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup508.exe"
sh=2CF9F87AA2EA689D9B9F5CCED4C51B2595C19027 ft=1 fh=4b16eff5bfe216f3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup510(1).exe"
sh=2CF9F87AA2EA689D9B9F5CCED4C51B2595C19027 ft=1 fh=4b16eff5bfe216f3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup510.exe"
sh=5C15DD22371ADF076E0A4C92CE8505B78735F5E5 ft=1 fh=3dcff3cf0eec3a86 vn="a variant of Win32/UniBlue.F potentially unwanted application" ac=I fn="C:\Users\Kai\Downloads\driverscanner.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSX9429Z\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\AppData\Local\Temp\AskSLib.dll"
sh=023D56C5A1D2E233CF02C667450D48293071AD8C ft=0 fh=0000000000000000 vn="JS/Redirector.NCL trojan" ac=I fn="J:\!Kai\AppData\Roaming\Mozilla\Firefox\Profiles\651ic4rf.default\extensions\{b781ca5c-f9fa-4709-bfb8-6c9427f57f36}.xpi"
sh=57374E3996B9C569588FA3C8775BFD59D90C4C8F ft=1 fh=d244986abfd3fdf4 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\Desktop\Downloads\frostwire-4.18.5.windows.exe"
sh=E540CB01664014FCFD3454C69B5420926E82DB03 ft=1 fh=56d5d86fa88a76f2 vn="Win32/RegistryBooster potentially unwanted application" ac=I fn="J:\!Kai\Desktop\Downloads\registrybooster.exe"
sh=36603EEDEA03EBD207D487261C8D1A0F9A8EA0E7 ft=1 fh=b1182b5f3d104d47 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Desktop\Downloads\videora-ipodclassic-405-setup.exe"
sh=57374E3996B9C569588FA3C8775BFD59D90C4C8F ft=1 fh=d244986abfd3fdf4 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\Desktop Folders from C\Downloads\frostwire-4.18.5.windows.exe"
sh=E540CB01664014FCFD3454C69B5420926E82DB03 ft=1 fh=56d5d86fa88a76f2 vn="Win32/RegistryBooster potentially unwanted application" ac=I fn="J:\!Kai\Desktop Folders from C\Downloads\registrybooster.exe"
sh=36603EEDEA03EBD207D487261C8D1A0F9A8EA0E7 ft=1 fh=b1182b5f3d104d47 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Desktop Folders from C\Downloads\videora-ipodclassic-405-setup.exe"
sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\!Kai\Downloads\avira_free_antivirus_en (1).exe"
sh=321D55C88A529D02A44F97BF6498451F7D4C70CE ft=1 fh=97ec66a52017a80c vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\!Kai\Downloads\avira_free_antivirus_en(1).exe"
sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\!Kai\Downloads\avira_free_antivirus_en.exe"
sh=3F3CA18A0E5DF18184D20F127C364AC5718B8759 ft=1 fh=69dd749ca0e21f7e vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="J:\!Kai\Downloads\ccsetup326pro.exe"
sh=642EAE83A0B04822A1A194F3AA8FFD79AE65C1C2 ft=1 fh=61b6c1e0c1208a47 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\Downloads\cpu-z_1.57-setup-en.exe"
sh=B68F52C80C2FB3D7AA70FF811E349FE1C26D6F11 ft=1 fh=7d620a497d08cf16 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="J:\!Kai\Downloads\Media Player Installer.exe"
sh=7074656A5B0F95878CEE5C66064D212D1B0E9ABF ft=1 fh=0dec4c294183a8b7 vn="Win32/FreeInstaller potentially unwanted application" ac=I fn="J:\!Kai\Downloads\OpenOfficeInstaller.exe"
sh=5BCBA1C25D5BEB2AD67A91FD407CF2D36710901A ft=1 fh=00640f97360e4fc8 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\PhotoScape_V3-6-3.exe"
sh=5BCBA1C25D5BEB2AD67A91FD407CF2D36710901A ft=1 fh=00640f97360e4fc8 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\PhotoScape_V3.6.3.exe"
sh=C4425890E6D2CB946269A2559DC7AD0E03580EF7 ft=1 fh=e5c2928fd3d3f9a2 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="J:\!Kai\Downloads\Shockwave_Installer_Slim.exe"
sh=C778CE6D84EBC30765D03E59354D5A28B7F90CEC ft=1 fh=b86457c69e0ddb72 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\winamp5581_full_emusic-7plus_en-us.exe"
sh=28D708F1ACA2EC3EEF0A994D02D92C061C2E12D8 ft=1 fh=ade3728bbb74c600 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\winamp5601_full_emusic-7plus_en-us.exe"
sh=C50327BB9A73FD5EEE419F280A1CAB3710A87EEE ft=1 fh=979cba7a17c4654d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\winamp5623_full_emusic-7plus_all.exe"
sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\Downloads\avira_free_antivirus_en (1).exe"
sh=321D55C88A529D02A44F97BF6498451F7D4C70CE ft=1 fh=97ec66a52017a80c vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\Downloads\avira_free_antivirus_en(1).exe"
sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\Downloads\avira_free_antivirus_en.exe"
 

[kevinf80]

What is the current status of your system, are there any remaining issues or concerns....

 

The only entries from ESET log are all contained in the Downloads folder, you can delete those if you wish. If you intend to install any make sure to download and install "UnChecky" available here: http://unchecky.com/

Unchecky will monitor free software that come bundled with unwanted extras, those unwanted extras will be blocked...

[Serndpt]

System appears to be operating fine. I'm just a bit paranoid when I see those windows pup up of late and became concerned I'd somehow gotten a virus or something.

 

Is it ok to uninstall the programs we used?

 

Thanks so much for your time and patience. I'm thankful there are people like you in the world willing to help people like me

[kevinf80]

I know what you mean, there many infections and malware that patch system files so can cause utter confusion, system files can also be mimicked but run from different folders......etc etc....

 

A good security system and keep OS, utilities and programs fully updated is a must, we can clean up now and remove tools, if no issues can we close out....

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

• 
     
• Remove disinfection tools
     
• Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
     
• Reset system settings
  

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... 
 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!