Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cannot surf anymore and office Word gives an error [Solved]


  • This topic is locked This topic is locked

#1
HaraMo

HaraMo

    Member

  • Member
  • PipPipPip
  • 329 posts

Hi

 

Packard bell laptop:

 

wifi connected( it says limited) but I was able to update MBAM and norton internet security but could not surf the internet, tried all browsers (google chrome, firefox, internet explorer).

 

let mbam scan the system: at rootkit it says to restart as it could not start the rootkit engine.

 

after restart it did not succeed in starting the engine, so I let it scan further.

 

After MBAM finished, reboot: laptop can surf again en wifi is conncected correctly

 

But Microsoft word doesnt start up, it shows an error, ( an error occured that causes word not to work correctly.  Word has to be closed . Do you want to fix the error?

 

If i click yes, nothing happened

 

tried in control panel fast fix, , after it finished, still the same error

 

I want to be sure the laptop is virusfree.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by atauil (administrator) on ATAUIL-PC on 17-06-2015 08:46:52
Running from C:\Users\atauil\Desktop
Loaded Profiles: atauil (Available Profiles: atauil)
Platform: Windows 8.1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Softonic) C:\Users\atauil\AppData\Local\Softonic\Softonic.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINDE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Run: [Softonic for Windows] => C:\Users\atauil\AppData\Local\Softonic\Softonic.exe [4170224 2014-04-29] (Softonic)
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Run: [OneDrive] => C:\Users\atauil\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-27] (Microsoft Corporation)
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2014-12-12] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File not found
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File not found
Startup: C:\Users\atauil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2013-09-21]
ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> DefaultScope {2BAB1C58-5A58-4EC7-A4F8-2CDA4A5E8113} URL = 
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> {2BAB1C58-5A58-4EC7-A4F8-2CDA4A5E8113} URL = 
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
 
FireFox:
========
FF ProfilePath: C:\Users\atauil\AppData\Roaming\Mozilla\Firefox\Profiles\tg423lhr.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Extension: Belgium eID - C:\Users\atauil\AppData\Roaming\Mozilla\Firefox\Profiles\tg423lhr.default\Extensions\[email protected] [2013-10-08]
FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn [2015-06-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-15]
 
Chrome: 
=======
CHR Profile: C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]
CHR Extension: (YouTube) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Google Search) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (Google Wallet) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Gmail) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]
CHR Profile: C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-17]
CHR Extension: (Google Docs) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-17]
CHR Extension: (Google Drive) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-17]
CHR Extension: (YouTube) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-17]
CHR Extension: (Google Search) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-17]
CHR Extension: (Google Sheets) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-17]
CHR Extension: (Norton Identity Safe) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-17]
CHR Extension: (Google Wallet) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-17]
CHR Extension: (Gmail) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-04-12] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [62976 2014-11-13] (Advanced Card Systems Ltd.)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20150616.001\IDSvia64.sys [684248 2015-05-29] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150616.003\ENG64.SYS [129752 2015-06-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150616.003\EX64.SYS [2137304 2015-06-16] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-12] (Dritek System Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-08] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-17 08:46 - 2015-06-17 08:47 - 00021530 _____ C:\Users\atauil\Desktop\FRST.txt
2015-06-17 08:46 - 2015-06-17 08:46 - 00000000 ____D C:\FRST
2015-06-17 08:46 - 2015-06-17 08:44 - 02109952 _____ (Farbar) C:\Users\atauil\Desktop\FRST64.exe
2015-06-17 08:44 - 2015-06-17 08:44 - 00000000 ____D C:\Users\atauil\Desktop\laptop schoonmaken
2015-06-17 08:40 - 2015-06-17 08:40 - 00002457 _____ C:\Users\atauil\Desktop\Pizzapunt - Chrome.lnk
2015-06-17 08:29 - 2015-06-17 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-16 20:47 - 2015-06-16 21:22 - 00088328 _____ C:\WINDOWS\PFRO.log
2015-06-16 20:21 - 2015-06-16 21:25 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 20:20 - 2015-06-16 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-16 20:20 - 2015-06-16 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-16 20:20 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-16 20:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-15 14:57 - 2015-06-16 21:22 - 00001060 _____ C:\WINDOWS\setupact.log
2015-06-15 14:57 - 2015-06-15 14:57 - 00482520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-15 14:57 - 2015-06-15 14:57 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-11 08:12 - 2015-06-11 08:12 - 00000000 ____D C:\0c9b13170146bd8276882facfb
2015-06-11 08:07 - 2015-06-11 08:07 - 00000000 ____D C:\Users\atauil\AppData\Local\TempTaskUpdateDetection8364AE12-0DE7-4922-BECF-B9E431636115
2015-06-10 18:53 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 18:53 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 18:53 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 18:53 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 18:53 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 18:53 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 18:53 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 18:53 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 18:53 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 18:53 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 18:53 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 18:53 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 18:53 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 18:53 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 18:53 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 18:53 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 18:53 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 18:53 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 18:53 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 18:53 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 18:53 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 18:53 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 18:53 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 18:53 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 18:53 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 18:53 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 18:53 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 18:53 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 18:53 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 18:53 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 18:53 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 18:53 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 18:53 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 18:53 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 18:52 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 18:52 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 18:52 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 18:52 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 18:52 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 18:52 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 18:52 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 18:52 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 18:52 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 18:52 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 18:52 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 18:52 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 18:52 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 18:52 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 18:52 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 18:52 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 18:52 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 18:52 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 18:52 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 18:52 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 18:52 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 18:52 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 18:52 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 18:52 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 18:52 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 18:52 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 18:52 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 18:52 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 18:52 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 18:52 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 18:52 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 18:52 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 18:52 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 18:52 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 18:52 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 18:52 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 18:52 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 18:52 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 18:52 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 18:52 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 18:52 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 18:23 - 2015-06-10 18:23 - 00000000 ____D C:\Program Files\Common Files\AV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-17 08:46 - 2013-11-11 23:28 - 01075130 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-17 08:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-17 08:36 - 2013-11-12 16:44 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{469F346E-0CAE-48CD-82DA-F5CCD1F7E8D1}
2015-06-17 08:36 - 2013-09-19 16:04 - 00005058 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ATAUIL-PC-atauil atauil-pc
2015-06-17 08:35 - 2013-12-29 12:27 - 00000000 ____D C:\Users\atauil\AppData\Roaming\Skype
2015-06-17 08:35 - 2013-07-27 00:35 - 00000000 __RDO C:\Users\atauil\SkyDrive
2015-06-17 08:34 - 2013-07-25 13:14 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3546355510-2652681121-3179285037-1001
2015-06-17 08:32 - 2013-07-26 21:36 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 08:26 - 2013-07-25 13:16 - 00000000 ____D C:\Users\atauil\AppData\Local\CrashDumps
2015-06-17 08:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-17 08:25 - 2013-07-26 21:36 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-16 21:46 - 2014-11-29 18:13 - 00000000 __SHD C:\Users\atauil\AppData\Local\EmieBrowserModeList
2015-06-16 21:46 - 2014-04-30 22:05 - 00000000 __SHD C:\Users\atauil\AppData\Local\EmieUserList
2015-06-16 21:46 - 2014-04-30 22:05 - 00000000 __SHD C:\Users\atauil\AppData\Local\EmieSiteList
2015-06-16 21:22 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-16 21:21 - 2013-10-08 13:07 - 00000000 ____D C:\ProgramData\APN
2015-06-16 20:47 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-16 20:44 - 2014-12-15 13:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-16 20:44 - 2014-07-10 16:58 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-16 20:44 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-16 20:20 - 2013-09-20 18:10 - 00001130 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-16 20:20 - 2013-09-20 18:10 - 00000000 ____D C:\Users\atauil\AppData\Roaming\Malwarebytes
2015-06-16 20:20 - 2013-09-20 18:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-16 20:20 - 2013-09-20 18:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-06-15 15:52 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-15 15:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-15 08:13 - 2013-07-25 13:05 - 00000000 ____D C:\Users\atauil\AppData\Local\Packages
2015-06-15 08:11 - 2013-09-07 20:13 - 00211968 ___SH C:\Users\atauil\Downloads\Thumbs.db
2015-06-15 08:07 - 2013-08-11 15:01 - 00541696 ___SH C:\Users\atauil\Desktop\Thumbs.db
2015-06-15 08:02 - 2013-10-08 17:15 - 00000000 ____D C:\Users\atauil\Tracing
2015-06-14 23:25 - 2015-04-05 14:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-14 23:25 - 2015-04-05 14:40 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-14 23:08 - 2013-11-11 23:03 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-13 11:16 - 2013-11-11 23:09 - 00000000 ____D C:\Users\atauil
2015-06-13 11:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-11 08:12 - 2013-08-11 23:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 08:12 - 2013-07-26 15:29 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 18:35 - 2013-07-26 21:36 - 00002235 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 18:26 - 2013-09-30 06:15 - 01823174 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-10 18:26 - 2013-09-30 05:59 - 00806704 _____ C:\WINDOWS\system32\perfh013.dat
2015-06-10 18:26 - 2013-09-30 05:59 - 00162170 _____ C:\WINDOWS\system32\perfc013.dat
2015-06-10 18:23 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-09 16:37 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-06-03 18:18 - 2015-04-22 20:57 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2015-04-22 20:57 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 22:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-05-27 21:27 - 2014-02-19 23:36 - 00003100 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3546355510-2652681121-3179285037-1001
2015-05-19 09:01 - 2014-03-05 19:02 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-18 07:42 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-18 07:42 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
 
==================== Files in the root of some directories =======
 
2013-09-21 22:38 - 2013-09-21 22:38 - 0000017 _____ () C:\Users\atauil\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-15 15:09
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by atauil at 2015-06-17 08:48:21
Running from C:\Users\atauil\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3546355510-2652681121-3179285037-500 - Administrator - Disabled)
atauil (S-1-5-21-3546355510-2652681121-3179285037-1001 - Administrator - Enabled) => C:\Users\atauil
Gast (S-1-5-21-3546355510-2652681121-3179285037-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3546355510-2652681121-3179285037-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ask Shopping Toolbar (HKLM-x32\...\{4F524A2D-5637-2D53-4154-A758B70C1C01}) (Version: 12.28.1.168 - APN, LLC) <==== ATTENTION
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C1D00}) (Version: 12.29.0.226 - APN, LLC) <==== ATTENTION
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belgium e-ID middleware 4.0.5 (build 7382) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207382}) (Version: 4.0.7382 - Belgian Government)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DefaultTab Chrome (HKLM-x32\...\DefaultTab Chrome) (Version: 1.1.25 - )
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
EBP (HKLM-x32\...\EBP Boekhouding 2014_is1) (Version: EBP 2014 - EBP)
EBP Bouw 2015 16.0 (HKLM-x32\...\EBP Bouw 2015 16.0) (Version: 16.0.0 - EBP)
EBP Bouw 2015 16.0 (x32 Version: 16.0.0 - EBP) Hidden
EBP Offerte en Facturatie BE 2014 11.0 (HKLM-x32\...\EBP Offerte en Facturatie BE 2014 11.0) (Version: 11.0.0 - EBP)
EBP Offerte en Facturatie BE 2014 11.0 (x32 Version: 11.0.0 - EBP) Hidden
EBP Offerte en Facturatie BE 2015 12.0 (HKLM-x32\...\EBP Offerte en Facturatie BE 2015 12.0) (Version: 12.0.0 - EBP)
EBP Offerte en Facturatie BE 2015 12.0 (x32 Version: 12.0.0 - EBP) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-422 423 425 Series Printer Uninstall (HKLM\...\EPSON XP-422 423 425 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-handleidingen (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{98D772A5-CDB0-48E7-9DBA-794EA0F68B5C}) (Version: 3.1.0.0 - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
Gebruikershandleiding EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Useg) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hardwipe 2.1.0 (HKLM-x32\...\{A7D63D6F-B6DC-40B8-BBE9-E46D6C637777}) (Version: 2.1.0 - Big Angry Dog)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell)
IKEA Home Planner (HKLM-x32\...\{B3276CB1-20B6-4AF9-AAEC-E72C83816495}) (Version: 2.0.3 - IKEA IT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KashExpert 2013.1.0 (HKLM-x32\...\KashExpert_is1) (Version: 2013.1.0 - DekiLogic)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Packard Bell)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware versie 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 2013 voor Thuisgebruik en Studenten - nl-nl (HKLM\...\HomeStudentRetail - nl-nl) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 24.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 nl)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Netwerkhandleiding EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Netg) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Packard Bell)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Softonic for Windows (HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Softonic for Windows) (Version: 1.5.11 - Softonic International S.L.) <==== ATTENTION
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (07/01/2013 4.0.0.8) (HKLM\...\D101DCAD83850799D453082F40CDF9958468129F) (Version: 07/01/2013 4.0.0.8 - Fedict)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Update tool EBP-software 1.1.3 (HKLM-x32\...\Update tool EBP-software 1.1.3) (Version: 1.1.3 - EBP)
Utilitaire de mise à jour des logiciels EBP 1.1.3 (Version: 1.1.3 - EBP) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\CLSID\{BDA99C43-A768-455D-9E0E-DC42485189FA}\InprocServer32 -> C:\Program Files (x86)\Hardwipe\hwshell64.dll ()
CustomCLSID: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\CLSID\{C73663ED-B7DD-4B6D-A7B7-D00ABF81281A}\InprocServer32 -> C:\Program Files (x86)\Hardwipe\hwshell64.dll ()
CustomCLSID: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\atauil\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0ACF7CBE-749E-4C40-A739-B8611DB7EB6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: {2EC337F2-B954-43E7-A0DD-ACA3E359EBC4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: {3216FDC6-61CD-42D2-8BC7-DCB36F438247} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {35D35458-98E5-4AC6-80FA-7443A5FF6339} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3546355510-2652681121-3179285037-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {3D1D134E-3EE0-4B07-B384-7E1193E35217} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {4B9CE9B0-9F9F-451E-85B7-F2AEE906C7F6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {4EF2A637-646A-4BAD-B7D9-7D958A59035F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: {51827A6B-3AFE-42A6-91CB-C78FA5D50CC6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {523B6AE8-5E40-445C-87EF-2591FD23324F} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-11-06] ()
Task: {67DBEE1A-0E78-4464-8904-C4B1BB776349} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {7B27E7D4-58C3-4643-8919-7F9F1A6725D0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ATAUIL-PC-atauil atauil-pc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {8E9B4FD4-4008-41FD-937F-38051F34BED9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {A2D0FFBD-F4A9-4C42-97E0-E793CF16649E} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {B86A7FF8-ED37-4DB1-AB55-AF616B2DD38C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D772173C-23BF-4275-A143-76FE4C43AC95} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E7005E9F-E951-4CDB-A851-95BA109AD69B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {EF8B9136-6B4D-48D7-8C6C-C002E5F80D6A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-06-02] (Symantec Corporation)
Task: {F614342D-4DC8-469E-A418-9BF93AB23181} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-05 19:02 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-10-27 16:48 - 2012-10-27 16:48 - 00579504 _____ () C:\Program Files (x86)\Hardwipe\hwshell64.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-12 05:30 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2011-03-09 18:59 - 2011-03-09 18:59 - 02238464 _____ () C:\Users\atauil\AppData\Local\Softonic\QtCore4.dll
2011-03-09 18:59 - 2011-03-09 18:59 - 08011264 _____ () C:\Users\atauil\AppData\Local\Softonic\QtGui4.dll
2012-06-28 12:09 - 2012-06-28 12:09 - 00076800 _____ () C:\Users\atauil\AppData\Local\Softonic\CrashRpt1300.dll
2013-10-22 11:28 - 2013-10-22 11:28 - 26052096 _____ () C:\Users\atauil\AppData\Local\Softonic\libcef.dll
2011-03-18 13:01 - 2011-03-18 13:01 - 00026624 _____ () C:\Users\atauil\AppData\Local\Softonic\imageformats\qgif4.dll
2013-10-22 11:28 - 2013-10-22 11:28 - 00739840 _____ () C:\Users\atauil\AppData\Local\Softonic\libglesv2.dll
2013-10-22 11:28 - 2013-10-22 11:28 - 00130048 _____ () C:\Users\atauil\AppData\Local\Softonic\libegl.dll
2014-11-15 10:28 - 2014-11-15 10:28 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-15 10:28 - 2014-11-15 10:28 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-06-10 18:32 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 18:32 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\atauil\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\sharepoint.com -> hxxps://renoworkx.sharepoint.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\atauil\AppData\Roaming\Microsoft\Windows Photo Viewer\Achtergrond van Windows Photo Viewer.jpg
DNS Servers: 172.20.10.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\StartupApproved\Run: => "iLivid"
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\StartupApproved\Run: => "AppsHat"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{D7EA8224-F27C-4A7D-B051-D88BCE0EFA78}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{1E209526-5880-41DD-963F-402D900D6D6A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{1361C265-FF52-40FB-92BB-B04FE6FBF233}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{EADE9BEA-AAC5-462C-BA7E-51F4D64D83EA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{F52E580D-BB74-4B3E-B2EA-9E66AB35F823}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{CEE68E85-8ABA-4052-9030-70FA98AE18FF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [UDP Query User{C2B15CF5-632D-4AEA-8362-338709797AFB}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{9DBEA583-A3CB-4D3F-AD75-2A8459B886B9}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{D4732B37-680B-4435-A017-199D9122B384}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{10A53F17-64EA-400D-BC0F-17319610A7D9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{D15E2287-8AAC-480A-8877-52BFEB596B46}] => (Allow) C:\Users\atauil\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5DC42B2D-BEA8-4D09-A017-2A39E8C5F76A}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{516D1C36-211B-4216-962A-9E99C16DC1B0}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{2FCA26E6-6022-45F6-906B-458CBB06EB26}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{C722D1E2-C2D5-4B64-A137-38DE2B35F9E1}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{41E1A9F3-9FF8-4A1D-BB49-364C4E2CD5A4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C303E789-BC3E-42D0-BB8A-0F7CE67D8650}] => (Allow) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{3F33AB6B-10BB-4D4A-BFB5-6BA1115193EF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6F0D3063-221E-44EF-84A4-D261F6B0D7A9}] => (Allow) LPort=2869
FirewallRules: [{5FFB97FA-A0BE-4496-9B59-D0FCCB904C0F}] => (Allow) LPort=1900
FirewallRules: [{22B529CC-9EBF-405B-A005-9C71D89BE5F4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FDA85210-B3E4-43E4-855A-8FFA33D7F32F}] => (Allow) C:\Users\atauil\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{C26800CE-0848-4C81-B79E-07F7A519BC37}] => (Allow) C:\Users\atauil\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{3B5213D0-3433-4DF1-B642-4E66BBDD2CF5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2015 08:26:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Naam van module met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000006b8f
Id van proces met fout: 0xe04
Starttijd van toepassing met fout: 0xePowerTray.exe0
Pad naar toepassing met fout: ePowerTray.exe1
Pad naar module met fout: ePowerTray.exe2
Rapport-id: ePowerTray.exe3
Volledige pakketnaam met fout: ePowerTray.exe4
Relatieve toepassings-id van pakket met fout: ePowerTray.exe5
 
Error: (06/17/2015 08:26:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Naam van module met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000000000000a510
Id van proces met fout: 0x1154
Starttijd van toepassing met fout: 0xePowerSvc.exe0
Pad naar toepassing met fout: ePowerSvc.exe1
Pad naar module met fout: ePowerSvc.exe2
Rapport-id: ePowerSvc.exe3
Volledige pakketnaam met fout: ePowerSvc.exe4
Relatieve toepassings-id van pakket met fout: ePowerSvc.exe5
 
Error: (06/16/2015 09:24:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Naam van module met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000006b8f
Id van proces met fout: 0xc5c
Starttijd van toepassing met fout: 0xePowerTray.exe0
Pad naar toepassing met fout: ePowerTray.exe1
Pad naar module met fout: ePowerTray.exe2
Rapport-id: ePowerTray.exe3
Volledige pakketnaam met fout: ePowerTray.exe4
Relatieve toepassings-id van pakket met fout: ePowerTray.exe5
 
Error: (06/16/2015 09:24:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Naam van module met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000000000000a510
Id van proces met fout: 0x460
Starttijd van toepassing met fout: 0xePowerSvc.exe0
Pad naar toepassing met fout: ePowerSvc.exe1
Pad naar module met fout: ePowerSvc.exe2
Rapport-id: ePowerSvc.exe3
Volledige pakketnaam met fout: ePowerSvc.exe4
Relatieve toepassings-id van pakket met fout: ePowerSvc.exe5
 
Error: (06/16/2015 08:49:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Naam van module met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000006b8f
Id van proces met fout: 0xe00
Starttijd van toepassing met fout: 0xePowerTray.exe0
Pad naar toepassing met fout: ePowerTray.exe1
Pad naar module met fout: ePowerTray.exe2
Rapport-id: ePowerTray.exe3
Volledige pakketnaam met fout: ePowerTray.exe4
Relatieve toepassings-id van pakket met fout: ePowerTray.exe5
 
Error: (06/16/2015 08:49:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Naam van module met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000000000000a510
Id van proces met fout: 0xe14
Starttijd van toepassing met fout: 0xePowerSvc.exe0
Pad naar toepassing met fout: ePowerSvc.exe1
Pad naar module met fout: ePowerSvc.exe2
Rapport-id: ePowerSvc.exe3
Volledige pakketnaam met fout: ePowerSvc.exe4
Relatieve toepassings-id van pakket met fout: ePowerSvc.exe5
 
Error: (06/16/2015 08:27:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma IEXPLORE.EXE, versie 11.0.9600.17840 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 16c4
 
Starttijd: 01d0a861f0011b39
 
Eindtijd: 60000
 
Toepassingspad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Rapport-id: 3b604fbc-1455-11e5-beca-7c0507534ea0
 
Volledige pakketnaam met fout: 
 
Relatieve toepassings-id van pakket met fout:
 
Error: (06/16/2015 08:26:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: IEXPLORE.EXE, versie: 11.0.9600.17840, tijdstempel: 0x555fe1bb
Naam van module met fout: iertutil.dll, versie: 11.0.9600.17840, tijdstempel: 0x555fefa8
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0014e12f
Id van proces met fout: 0x114c
Starttijd van toepassing met fout: 0xIEXPLORE.EXE0
Pad naar toepassing met fout: IEXPLORE.EXE1
Pad naar module met fout: IEXPLORE.EXE2
Rapport-id: IEXPLORE.EXE3
Volledige pakketnaam met fout: IEXPLORE.EXE4
Relatieve toepassings-id van pakket met fout: IEXPLORE.EXE5
 
Error: (06/16/2015 08:26:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/16/2015 08:18:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma LiveComm.exe, versie 17.5.9600.20856 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 1554
 
Starttijd: 01d0a78c19dbd2a0
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapport-id: b37fa42c-1453-11e5-beca-7c0507534ea0
 
Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
 
Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (06/17/2015 08:26:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 2 keer gebeurd.
 
Error: (06/16/2015 09:25:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (06/16/2015 08:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (06/15/2015 03:42:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (06/15/2015 03:00:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (06/15/2015 03:00:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: De service Windows Search is gestopt met de volgende specifieke servicefout: 
%%2147749126
 
Error: (06/15/2015 02:57:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 14:35:30 op ‎15-‎6-‎2015 is onverwacht gebeurd.
 
Error: (06/15/2015 08:16:42 AM) (Source: DCOM) (EventID: 10010) (User: ATAUIL-PC)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
 
Error: (06/14/2015 11:00:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 3 keer gebeurd.
 
Error: (06/13/2015 11:19:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 2 keer gebeurd.
 
 
Microsoft Office:
=========================
Error: (06/17/2015 08:26:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe7.0.3011.0508602ddePowerTray.exe7.0.3011.0508602ddc00000050000000000006b8fe0401d0a8c6757fd28aC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.execf590dfb-14b9-11e5-becc-7c0507534ea0
 
Error: (06/17/2015 08:26:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerSvc.exe7.0.3011.0508602ccePowerSvc.exe7.0.3011.0508602ccc0000005000000000000a510115401d0a8c6908390abC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.execeb54440-14b9-11e5-becc-7c0507534ea0
 
Error: (06/16/2015 09:24:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe7.0.3011.0508602ddePowerTray.exe7.0.3011.0508602ddc00000050000000000006b8fc5c01d0a869e93afb4fC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe478041ba-145d-11e5-becc-7c0507534ea0
 
Error: (06/16/2015 09:24:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerSvc.exe7.0.3011.0508602ccePowerSvc.exe7.0.3011.0508602ccc0000005000000000000a51046001d0a86a08cfd7e1C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe47044664-145d-11e5-becc-7c0507534ea0
 
Error: (06/16/2015 08:49:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe7.0.3011.0508602ddePowerTray.exe7.0.3011.0508602ddc00000050000000000006b8fe0001d0a8651e2b81f0C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe5df085ff-1458-11e5-becb-7c0507534ea0
 
Error: (06/16/2015 08:49:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerSvc.exe7.0.3011.0508602ccePowerSvc.exe7.0.3011.0508602ccc0000005000000000000a510e1401d0a8651f19f18cC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe5d237a93-1458-11e5-becb-7c0507534ea0
 
Error: (06/16/2015 08:27:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1784016c401d0a861f0011b3960000C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE3b604fbc-1455-11e5-beca-7c0507534ea0
 
Error: (06/16/2015 08:26:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbiertutil.dll11.0.9600.17840555fefa8c00000050014e12f114c01d0a861e057b8ffC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\iertutil.dll3bd05f8c-1455-11e5-beca-7c0507534ea0
 
Error: (06/16/2015 08:26:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/16/2015 08:18:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856155401d0a78c19dbd2a04294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exeb37fa42c-1453-11e5-beca-7c0507534ea0microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 57%
Total physical RAM: 3912.27 MB
Available physical RAM: 1660.78 MB
Total Pagefile: 4616.27 MB
Available Pagefile: 2385.87 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Packard Bell) (Fixed) (Total:443.61 GB) (Free:397.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2BEA3C22)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello HaraMo,

Firstly please uninstall the following foistware items unless you specifically installed them:

Ask Shopping Toolbar
Ask Toolbar
Softonic for Windows


Next

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKLM-x32\...\Run: [LManager] => [X]
ppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File not found
C:\PROGRA~2\MOVIES~1
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File not found
C:\PROGRA~2\OPTIMI~1
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> DefaultScope {2BAB1C58-5A58-4EC7-A4F8-2CDA4A5E8113} URL =
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> {2BAB1C58-5A58-4EC7-A4F8-2CDA4A5E8113} URL =
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
AlternateDataStreams: C:\ProgramData\Temp:373E1720
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Finally in this post



  • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type or copy and paste the following into the search box:

              iLivid;AppsHat

 

  • Now press the Search Registry button
  • When the search is complete, search.txt will also be written to your USB
  • Type exit and reboot the computer normally
  • Please copy and paste both logs in your reply.(FRST.txt and Search Registry.txt)

So when you return please post

  • Fixlog.txt
  • Search Registry.txt

 


  • 0

#3
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by atauil at 2015-06-26 07:29:58 Run:1
Running from C:\Users\atauil\Desktop
Loaded Profiles: atauil (Available Profiles: atauil)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [LManager] => [X]
ppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File not found
C:\PROGRA~2\MOVIES~1
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File not found
C:\PROGRA~2\OPTIMI~1
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> DefaultScope {2BAB1C58-5A58-4EC7-A4F8-2CDA4A5E8113} URL =
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> {2BAB1C58-5A58-4EC7-A4F8-2CDA4A5E8113} URL =
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
AlternateDataStreams: C:\ProgramData\Temp:373E1720
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
ppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File not found => Error: No automatic fix found for this entry.
"C:\PROGRA~2\MOVIES~1" => File/Folder not found.
" C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => value data removed successfully.
"C:\PROGRA~2\OPTIMI~1" => File/Folder not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2BAB1C58-5A58-4EC7-A4F8-2CDA4A5E8113}" => key removed successfully
HKCR\CLSID\{2BAB1C58-5A58-4EC7-A4F8-2CDA4A5E8113} => key not found. 
"HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found. 
"HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 270.1 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 07:30:17 ====

  • 0

#4
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

 

 


Finally in this post



  • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type or copy and paste the following into the search box:

              iLivid;AppsHat

 

  • Now press the Search Registry button
  • When the search is complete, search.txt will also be written to your USB
  • Type exit and reboot the computer normally
  • Please copy and paste both logs in your reply.(FRST.txt and Search Registry.txt)

So when you return please post

  • Fixlog.txt
  • Search Registry.txt

 

I only have a search.txt on desktop. did not had to reboot. cannot type exit in the frst utility. and there is no frst.txt on desktop except the first one I already posted the first time.

 

 

search.txt

 

Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by atauil at 2015-06-26 07:42:30
Running from C:\Users\atauil\Desktop
Boot Mode: Normal
 
================== Search Registry: "iLivid;AppsHat" ===========
 
 
===================== Search result for "iLivid" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r287-n-bc.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\DefaultIcon]
""="C:\Users\atauil\AppData\Local\iLivid\iLivid.exe,0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\shell\open\command]
""="C:\Users\atauil\AppData\Local\iLivid\iLivid.exe "%1""
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\iLivid\iLivid]
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"iLivid"="0x0300000061154AAA34B6CE01"
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\atauil\Downloads\iLividSetup-r343-n-bc.exe"="0x534143500100000000000000070000002800000000C8180000000000010000000000000000000106000100002EF6C8A3A56ACD010000000000000000"
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\atauil\Downloads\iLividSetup-r287-n-bc.exe"="0x534143500100000000000000070000002800000000D8180080F41800010000000000000000000106000100002EF6C8A3A56ACD010000000000000000"
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\atauil\AppData\Local\iLivid]
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\.torrent]
""="iLivid.torrent"
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\iLivid.torrent]
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\iLivid.torrent\DefaultIcon]
""="C:\Users\atauil\AppData\Local\iLivid\iLivid.exe,0"
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\iLivid.torrent\shell\open\command]
""="C:\Users\atauil\AppData\Local\iLivid\iLivid.exe "%1""
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\Magnet\DefaultIcon]
""=""C:\Users\atauil\AppData\Local\iLivid\iLivid.exe",0"
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\.torrent]
""="iLivid.torrent"
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\iLivid.torrent]
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\iLivid.torrent\DefaultIcon]
""="C:\Users\atauil\AppData\Local\iLivid\iLivid.exe,0"
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\iLivid.torrent\shell\open\command]
""="C:\Users\atauil\AppData\Local\iLivid\iLivid.exe "%1""
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\Magnet\DefaultIcon]
""=""C:\Users\atauil\AppData\Local\iLivid\iLivid.exe",0"
 
 
===================== Search result for "AppsHat" ==========
 
[HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"AppsHat"="0x030000000A4728AE34B6CE01"
 
====== End of Search ======

  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

I only have a search.txt on desktop. did not had to reboot. cannot type exit in the frst utility. and there is no frst.txt on desktop except the first one I already posted the first time.


That is fine. :)

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File not found

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next



  • Download OTL to your desktop.
  • Double click on the icon to run it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the contents of the code box:

    :Reg
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r287-n-bc.exe]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\DefaultIcon]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\shell\open\command]
    
    [-HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\iLivid\iLivid]
    
    [HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
    
    "iLivid"=-
    
    [HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
    
    bc.exe"=-
    
    [-HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\atauil\AppData\Local\iLivid]
    
    [HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\.torrent]
    
    ""=-
    
    [-HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\iLivid.torrent]
    
    [-HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\iLivid.torrent\DefaultIcon]
    
    [-HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\iLivid.torrent\shell\open\command]
    
    [HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\Magnet\DefaultIcon]
    
    ""=-
    
    [HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\.torrent]
    
    ""=-
    
    [HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
    
    "AppsHat"=-
    
    
    
    :Files
    
    C:\Users\atauil\Downloads\iLividSetup-r343-n-
    
    C:\Users\atauil\AppData\Local\iLivid
    
    
    
    :Commands
    
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

 

Finally in this post

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

So when you return please post

  • Fixlog.txt
  • OTL log
  • FRST.txt
  • Addition.txt

  • 0

#6
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by atauil at 2015-06-26 11:26:23 Run:2
Running from C:\Users\atauil\Desktop
Loaded Profiles: atauil (Available Profiles: atauil)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File not found
 
 
*****************
 
" C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => value data not found.
 
==== End of Fixlog 11:26:23 ====
 
 
 
 
I went to c drive, and folder _OTL , there I found the log.
 
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r287-n-bc.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\DefaultIcon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\shell\open\command\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\iLivid\iLivid\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\iLivid deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\bc.exe" not found.
Registry key HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\atauil\AppData\Local\iLivid\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\.torrent\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\iLivid.torrent\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\iLivid.torrent\DefaultIcon\ not found.
Registry key HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\iLivid.torrent\shell\open\command\ not found.
Registry value HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Classes\Magnet\DefaultIcon\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\.torrent\\ not found.
Registry value HKEY_USERS\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AppsHat deleted successfully.
========== FILES ==========
File\Folder C:\Users\atauil\Downloads\iLividSetup-r343-n- not found.
File\Folder C:\Users\atauil\AppData\Local\iLivid not found.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 06262015_112941
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by atauil (administrator) on ATAUIL-PC on 26-06-2015 11:44:24
Running from C:\Users\atauil\Desktop
Loaded Profiles: atauil (Available Profiles: atauil)
Platform: Windows 8.1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINDE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Run: [OneDrive] => C:\Users\atauil\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-27] (Microsoft Corporation)
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2014-12-12] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File not found
Startup: C:\Users\atauil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2013-09-21]
ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-17] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-12] (Symantec Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-17] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-12] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-12] (Symantec Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-12] (Symantec Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\atauil\AppData\Roaming\Mozilla\Firefox\Profiles\tg423lhr.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Extension: Belgium eID - C:\Users\atauil\AppData\Roaming\Mozilla\Firefox\Profiles\tg423lhr.default\Extensions\[email protected] [2013-10-08]
FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn [2015-06-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-15]
 
Chrome: 
=======
CHR Profile: C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]
CHR Extension: (YouTube) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Google Search) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (Google Wallet) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Gmail) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]
CHR Profile: C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-17]
CHR Extension: (Google Docs) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-17]
CHR Extension: (Google Drive) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-17]
CHR Extension: (YouTube) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-17]
CHR Extension: (Google Search) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-17]
CHR Extension: (Google Sheets) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-17]
CHR Extension: (Norton Identity Safe) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-17]
CHR Extension: (Google Wallet) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-17]
CHR Extension: (Gmail) - C:\Users\atauil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-04-12] (Dritek System INC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [62976 2014-11-13] (Advanced Card Systems Ltd.)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20150625.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20150625.001\IDSvia64.sys [692984 2015-06-26] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150625.019\ENG64.SYS [138488 2015-06-26] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150625.019\EX64.SYS [2146040 2015-06-26] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-12] (Dritek System Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-08] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-26 11:29 - 2015-06-26 11:29 - 00000000 ____D C:\_OTL
2015-06-26 11:27 - 2015-06-26 11:27 - 00602112 _____ (OldTimer Tools) C:\Users\atauil\Desktop\OTL.exe
2015-06-26 07:42 - 2015-06-26 07:42 - 00003377 _____ C:\Users\atauil\Desktop\Search.txt
2015-06-26 07:29 - 2015-06-26 07:29 - 00000000 ____D C:\Users\atauil\Desktop\FRST-OlderVersion
2015-06-26 07:04 - 2015-06-26 07:04 - 00000995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-26 07:04 - 2015-06-26 07:04 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-26 07:04 - 2015-06-26 07:04 - 00000000 ____D C:\Users\atauil\AppData\Local\TeamViewer
2015-06-17 11:50 - 2015-06-17 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-17 11:49 - 2015-06-17 11:49 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-17 08:48 - 2015-06-17 08:48 - 00037702 _____ C:\Users\atauil\Desktop\Addition.txt
2015-06-17 08:46 - 2015-06-26 11:44 - 00019379 _____ C:\Users\atauil\Desktop\FRST.txt
2015-06-17 08:46 - 2015-06-26 11:44 - 00000000 ____D C:\FRST
2015-06-17 08:46 - 2015-06-26 07:29 - 02112512 _____ (Farbar) C:\Users\atauil\Desktop\FRST64.exe
2015-06-17 08:44 - 2015-06-26 11:43 - 00000000 ____D C:\Users\atauil\Desktop\laptop schoonmaken
2015-06-17 08:40 - 2015-06-17 08:40 - 00002457 _____ C:\Users\atauil\Desktop\Pizzapunt - Chrome.lnk
2015-06-16 20:47 - 2015-06-26 07:31 - 00093838 _____ C:\WINDOWS\PFRO.log
2015-06-16 20:21 - 2015-06-16 21:25 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 20:20 - 2015-06-16 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-16 20:20 - 2015-06-16 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-16 20:20 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-16 20:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-15 14:57 - 2015-06-26 11:30 - 00001368 _____ C:\WINDOWS\setupact.log
2015-06-15 14:57 - 2015-06-26 07:31 - 00482520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-15 14:57 - 2015-06-15 14:57 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-11 08:12 - 2015-06-11 08:12 - 00000000 ____D C:\0c9b13170146bd8276882facfb
2015-06-11 08:07 - 2015-06-11 08:07 - 00000000 ____D C:\Users\atauil\AppData\Local\TempTaskUpdateDetection8364AE12-0DE7-4922-BECF-B9E431636115
2015-06-11 04:02 - 2015-06-11 04:02 - 00829264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2015-06-11 04:02 - 2015-06-11 04:02 - 00608080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2015-06-11 02:57 - 2015-06-11 02:57 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100.dll
2015-06-11 02:57 - 2015-06-11 02:57 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp100.dll
2015-06-10 18:53 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 18:53 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 18:53 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 18:53 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 18:53 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 18:53 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 18:53 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 18:53 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 18:53 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 18:53 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 18:53 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 18:53 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 18:53 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 18:53 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 18:53 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 18:53 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 18:53 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 18:53 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 18:53 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 18:53 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 18:53 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 18:53 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 18:53 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 18:53 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 18:53 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 18:53 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 18:53 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 18:53 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 18:53 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 18:53 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 18:53 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 18:53 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 18:53 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 18:53 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 18:53 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 18:52 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 18:52 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 18:52 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 18:52 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 18:52 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 18:52 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 18:52 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 18:52 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 18:52 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 18:52 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 18:52 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 18:52 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 18:52 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 18:52 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 18:52 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 18:52 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 18:52 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 18:52 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 18:52 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 18:52 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 18:52 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 18:52 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 18:52 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 18:52 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 18:52 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 18:52 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 18:52 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 18:52 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 18:52 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 18:52 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 18:52 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 18:52 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 18:52 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 18:52 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 18:52 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 18:52 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 18:52 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 18:52 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 18:52 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 18:52 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 18:52 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 18:23 - 2015-06-10 18:23 - 00000000 ____D C:\Program Files\Common Files\AV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-26 11:42 - 2013-09-19 16:04 - 00005058 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ATAUIL-PC-atauil atauil-pc
2015-06-26 11:32 - 2013-07-27 00:35 - 00000000 __RDO C:\Users\atauil\SkyDrive
2015-06-26 11:32 - 2013-07-26 21:36 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-26 11:32 - 2013-07-25 13:16 - 00000000 ____D C:\Users\atauil\AppData\Local\CrashDumps
2015-06-26 11:31 - 2013-07-26 21:36 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-26 11:30 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-26 11:30 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-26 11:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-26 08:50 - 2013-11-11 23:28 - 01565408 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-26 08:03 - 2013-07-25 13:14 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3546355510-2652681121-3179285037-1001
2015-06-26 07:51 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-26 07:39 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-06-26 07:34 - 2013-07-26 21:36 - 00002235 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-26 07:32 - 2013-08-11 15:01 - 00541696 ___SH C:\Users\atauil\Desktop\Thumbs.db
2015-06-26 07:28 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-26 07:23 - 2013-09-20 17:18 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-26 07:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-26 07:03 - 2013-11-12 16:44 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{469F346E-0CAE-48CD-82DA-F5CCD1F7E8D1}
2015-06-23 08:38 - 2013-12-29 12:27 - 00000000 ____D C:\Users\atauil\AppData\Roaming\Skype
2015-06-20 05:02 - 2015-04-22 20:57 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2015-04-22 20:57 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-16 21:46 - 2014-11-29 18:13 - 00000000 __SHD C:\Users\atauil\AppData\Local\EmieBrowserModeList
2015-06-16 21:46 - 2014-04-30 22:05 - 00000000 __SHD C:\Users\atauil\AppData\Local\EmieUserList
2015-06-16 21:46 - 2014-04-30 22:05 - 00000000 __SHD C:\Users\atauil\AppData\Local\EmieSiteList
2015-06-16 21:21 - 2013-10-08 13:07 - 00000000 ____D C:\ProgramData\APN
2015-06-16 20:44 - 2014-12-15 13:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-16 20:44 - 2014-07-10 16:58 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-16 20:44 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-16 20:20 - 2013-09-20 18:10 - 00001130 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-16 20:20 - 2013-09-20 18:10 - 00000000 ____D C:\Users\atauil\AppData\Roaming\Malwarebytes
2015-06-16 20:20 - 2013-09-20 18:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-16 20:20 - 2013-09-20 18:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-06-15 15:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-15 08:13 - 2013-07-25 13:05 - 00000000 ____D C:\Users\atauil\AppData\Local\Packages
2015-06-15 08:11 - 2013-09-07 20:13 - 00211968 ___SH C:\Users\atauil\Downloads\Thumbs.db
2015-06-15 08:02 - 2013-10-08 17:15 - 00000000 ____D C:\Users\atauil\Tracing
2015-06-14 23:25 - 2015-04-05 14:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-14 23:25 - 2015-04-05 14:40 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-14 23:08 - 2013-11-11 23:03 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-13 11:16 - 2013-11-11 23:09 - 00000000 ____D C:\Users\atauil
2015-06-13 11:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-11 08:12 - 2013-08-11 23:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 08:12 - 2013-07-26 15:29 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 18:26 - 2013-09-30 06:15 - 01823174 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-10 18:26 - 2013-09-30 05:59 - 00806704 _____ C:\WINDOWS\system32\perfh013.dat
2015-06-10 18:26 - 2013-09-30 05:59 - 00162170 _____ C:\WINDOWS\system32\perfc013.dat
2015-06-01 22:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-05-27 21:27 - 2014-02-19 23:36 - 00003100 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3546355510-2652681121-3179285037-1001
 
==================== Files in the root of some directories =======
 
2013-09-21 22:38 - 2013-09-21 22:38 - 0000017 _____ () C:\Users\atauil\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-26 08:08
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by atauil at 2015-06-26 11:45:37
Running from C:\Users\atauil\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3546355510-2652681121-3179285037-500 - Administrator - Disabled)
atauil (S-1-5-21-3546355510-2652681121-3179285037-1001 - Administrator - Enabled) => C:\Users\atauil
Gast (S-1-5-21-3546355510-2652681121-3179285037-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3546355510-2652681121-3179285037-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belgium e-ID middleware 4.0.5 (build 7382) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207382}) (Version: 4.0.7382 - Belgian Government)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DefaultTab Chrome (HKLM-x32\...\DefaultTab Chrome) (Version: 1.1.25 - )
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
EBP (HKLM-x32\...\EBP Boekhouding 2014_is1) (Version: EBP 2014 - EBP)
EBP Bouw 2015 16.0 (HKLM-x32\...\EBP Bouw 2015 16.0) (Version: 16.0.0 - EBP)
EBP Bouw 2015 16.0 (x32 Version: 16.0.0 - EBP) Hidden
EBP Offerte en Facturatie BE 2014 11.0 (HKLM-x32\...\EBP Offerte en Facturatie BE 2014 11.0) (Version: 11.0.0 - EBP)
EBP Offerte en Facturatie BE 2014 11.0 (x32 Version: 11.0.0 - EBP) Hidden
EBP Offerte en Facturatie BE 2015 12.0 (HKLM-x32\...\EBP Offerte en Facturatie BE 2015 12.0) (Version: 12.0.0 - EBP)
EBP Offerte en Facturatie BE 2015 12.0 (x32 Version: 12.0.0 - EBP) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-422 423 425 Series Printer Uninstall (HKLM\...\EPSON XP-422 423 425 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-handleidingen (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{98D772A5-CDB0-48E7-9DBA-794EA0F68B5C}) (Version: 3.1.0.0 - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
Gebruikershandleiding EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Useg) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hardwipe 2.1.0 (HKLM-x32\...\{A7D63D6F-B6DC-40B8-BBE9-E46D6C637777}) (Version: 2.1.0 - Big Angry Dog)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell)
IKEA Home Planner (HKLM-x32\...\{B3276CB1-20B6-4AF9-AAEC-E72C83816495}) (Version: 2.0.3 - IKEA IT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KashExpert 2013.1.0 (HKLM-x32\...\KashExpert_is1) (Version: 2013.1.0 - DekiLogic)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Packard Bell)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware versie 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 2013 voor Thuisgebruik en Studenten - nl-nl (HKLM\...\HomeStudentRetail - nl-nl) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 24.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 nl)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Netwerkhandleiding EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Netg) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Packard Bell)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (07/01/2013 4.0.0.8) (HKLM\...\D101DCAD83850799D453082F40CDF9958468129F) (Version: 07/01/2013 4.0.0.8 - Fedict)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Update tool EBP-software 1.1.3 (HKLM-x32\...\Update tool EBP-software 1.1.3) (Version: 1.1.3 - EBP)
Utilitaire de mise à jour des logiciels EBP 1.1.3 (Version: 1.1.3 - EBP) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\CLSID\{BDA99C43-A768-455D-9E0E-DC42485189FA}\InprocServer32 -> C:\Program Files (x86)\Hardwipe\hwshell64.dll ()
CustomCLSID: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\CLSID\{C73663ED-B7DD-4B6D-A7B7-D00ABF81281A}\InprocServer32 -> C:\Program Files (x86)\Hardwipe\hwshell64.dll ()
CustomCLSID: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\atauil\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0ACF7CBE-749E-4C40-A739-B8611DB7EB6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: {2EC337F2-B954-43E7-A0DD-ACA3E359EBC4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: {35D35458-98E5-4AC6-80FA-7443A5FF6339} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3546355510-2652681121-3179285037-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {3BA4981F-50E4-4E6B-8D8F-7B875598F232} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {3D1D134E-3EE0-4B07-B384-7E1193E35217} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {41A0FCFC-4FDF-45D5-90BE-D2C2F148EB2C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {4EF2A637-646A-4BAD-B7D9-7D958A59035F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: {51827A6B-3AFE-42A6-91CB-C78FA5D50CC6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {523B6AE8-5E40-445C-87EF-2591FD23324F} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-11-06] ()
Task: {71C9A279-F39A-4005-86D1-C18E1AFB08CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {7B27E7D4-58C3-4643-8919-7F9F1A6725D0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ATAUIL-PC-atauil atauil-pc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-17] (Microsoft Corporation)
Task: {A2D0FFBD-F4A9-4C42-97E0-E793CF16649E} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {D772173C-23BF-4275-A143-76FE4C43AC95} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EF8B9136-6B4D-48D7-8C6C-C002E5F80D6A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-06-16] (Symantec Corporation)
Task: {F614342D-4DC8-469E-A418-9BF93AB23181} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-17 11:49 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-10-27 16:48 - 2012-10-27 16:48 - 00579504 _____ () C:\Program Files (x86)\Hardwipe\hwshell64.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-17 11:49 - 2015-06-17 11:49 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-06-17 11:50 - 2015-06-17 11:51 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-04-12 05:30 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\atauil\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\...\sharepoint.com -> hxxps://renoworkx.sharepoint.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3546355510-2652681121-3179285037-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{D7EA8224-F27C-4A7D-B051-D88BCE0EFA78}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{1E209526-5880-41DD-963F-402D900D6D6A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{1361C265-FF52-40FB-92BB-B04FE6FBF233}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{EADE9BEA-AAC5-462C-BA7E-51F4D64D83EA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{F52E580D-BB74-4B3E-B2EA-9E66AB35F823}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{CEE68E85-8ABA-4052-9030-70FA98AE18FF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [UDP Query User{C2B15CF5-632D-4AEA-8362-338709797AFB}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{9DBEA583-A3CB-4D3F-AD75-2A8459B886B9}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{D4732B37-680B-4435-A017-199D9122B384}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{10A53F17-64EA-400D-BC0F-17319610A7D9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{D15E2287-8AAC-480A-8877-52BFEB596B46}] => (Allow) C:\Users\atauil\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5DC42B2D-BEA8-4D09-A017-2A39E8C5F76A}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{516D1C36-211B-4216-962A-9E99C16DC1B0}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{2FCA26E6-6022-45F6-906B-458CBB06EB26}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{C722D1E2-C2D5-4B64-A137-38DE2B35F9E1}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{41E1A9F3-9FF8-4A1D-BB49-364C4E2CD5A4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C303E789-BC3E-42D0-BB8A-0F7CE67D8650}] => (Allow) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{3F33AB6B-10BB-4D4A-BFB5-6BA1115193EF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6F0D3063-221E-44EF-84A4-D261F6B0D7A9}] => (Allow) LPort=2869
FirewallRules: [{5FFB97FA-A0BE-4496-9B59-D0FCCB904C0F}] => (Allow) LPort=1900
FirewallRules: [{22B529CC-9EBF-405B-A005-9C71D89BE5F4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FDA85210-B3E4-43E4-855A-8FFA33D7F32F}] => (Allow) C:\Users\atauil\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{C26800CE-0848-4C81-B79E-07F7A519BC37}] => (Allow) C:\Users\atauil\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{555E4E71-D944-4FEA-940B-E28F8A9BC89E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5CA663E5-3C98-4363-926C-53EC2079DA66}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DC854601-D06B-4503-B804-65F8953F3461}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FA458033-9111-4F8B-9D09-251ABF245966}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{733BF7B4-4C7C-49AC-AA1F-3F0E4F72B9C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2015 11:32:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Naam van module met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000006b8f
Id van proces met fout: 0x1134
Starttijd van toepassing met fout: 0xePowerTray.exe0
Pad naar toepassing met fout: ePowerTray.exe1
Pad naar module met fout: ePowerTray.exe2
Rapport-id: ePowerTray.exe3
Volledige pakketnaam met fout: ePowerTray.exe4
Relatieve toepassings-id van pakket met fout: ePowerTray.exe5
 
Error: (06/26/2015 11:32:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Naam van module met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000000000000a510
Id van proces met fout: 0x10e8
Starttijd van toepassing met fout: 0xePowerSvc.exe0
Pad naar toepassing met fout: ePowerSvc.exe1
Pad naar module met fout: ePowerSvc.exe2
Rapport-id: ePowerSvc.exe3
Volledige pakketnaam met fout: ePowerSvc.exe4
Relatieve toepassings-id van pakket met fout: ePowerSvc.exe5
 
Error: (06/26/2015 07:55:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Naam van module met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000006b8f
Id van proces met fout: 0xff4
Starttijd van toepassing met fout: 0xePowerTray.exe0
Pad naar toepassing met fout: ePowerTray.exe1
Pad naar module met fout: ePowerTray.exe2
Rapport-id: ePowerTray.exe3
Volledige pakketnaam met fout: ePowerTray.exe4
Relatieve toepassings-id van pakket met fout: ePowerTray.exe5
 
Error: (06/26/2015 07:55:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Naam van module met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000000000000a510
Id van proces met fout: 0xb98
Starttijd van toepassing met fout: 0xePowerSvc.exe0
Pad naar toepassing met fout: ePowerSvc.exe1
Pad naar module met fout: ePowerSvc.exe2
Rapport-id: ePowerSvc.exe3
Volledige pakketnaam met fout: ePowerSvc.exe4
Relatieve toepassings-id van pakket met fout: ePowerSvc.exe5
 
Error: (06/26/2015 07:40:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma LiveComm.exe, versie 17.5.9600.20856 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: c90
 
Starttijd: 01d0afd17a77f7d2
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapport-id: c7d5c919-1bc5-11e5-bece-7c0507534ea0
 
Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
 
Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/26/2015 07:33:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Naam van module met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000006b8f
Id van proces met fout: 0x1254
Starttijd van toepassing met fout: 0xePowerTray.exe0
Pad naar toepassing met fout: ePowerTray.exe1
Pad naar module met fout: ePowerTray.exe2
Rapport-id: ePowerTray.exe3
Volledige pakketnaam met fout: ePowerTray.exe4
Relatieve toepassings-id van pakket met fout: ePowerTray.exe5
 
Error: (06/26/2015 07:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Naam van module met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000000000000a510
Id van proces met fout: 0x808
Starttijd van toepassing met fout: 0xePowerSvc.exe0
Pad naar toepassing met fout: ePowerSvc.exe1
Pad naar module met fout: ePowerSvc.exe2
Rapport-id: ePowerSvc.exe3
Volledige pakketnaam met fout: ePowerSvc.exe4
Relatieve toepassings-id van pakket met fout: ePowerSvc.exe5
 
Error: (06/26/2015 07:18:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma LiveComm.exe, versie 17.5.9600.20856 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 14e0
 
Starttijd: 01d0afcecc78aca2
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapport-id: c242390c-1bc2-11e5-becd-7c0507534ea0
 
Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
 
Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/26/2015 07:02:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Naam van module met fout: ePowerTray.exe, versie: 7.0.3011.0, tijdstempel: 0x508602dd
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000006b8f
Id van proces met fout: 0xa54
Starttijd van toepassing met fout: 0xePowerTray.exe0
Pad naar toepassing met fout: ePowerTray.exe1
Pad naar module met fout: ePowerTray.exe2
Rapport-id: ePowerTray.exe3
Volledige pakketnaam met fout: ePowerTray.exe4
Relatieve toepassings-id van pakket met fout: ePowerTray.exe5
 
Error: (06/26/2015 07:02:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Naam van module met fout: ePowerSvc.exe, versie: 7.0.3011.0, tijdstempel: 0x508602cc
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000000000000a510
Id van proces met fout: 0x1370
Starttijd van toepassing met fout: 0xePowerSvc.exe0
Pad naar toepassing met fout: ePowerSvc.exe1
Pad naar module met fout: ePowerSvc.exe2
Rapport-id: ePowerSvc.exe3
Volledige pakketnaam met fout: ePowerSvc.exe4
Relatieve toepassings-id van pakket met fout: ePowerSvc.exe5
 
 
System errors:
=============
Error: (06/26/2015 11:33:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (06/26/2015 11:29:53 AM) (Source: DCOM) (EventID: 10010) (User: ATAUIL-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (06/26/2015 11:29:52 AM) (Source: DCOM) (EventID: 10010) (User: ATAUIL-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (06/26/2015 11:29:52 AM) (Source: DCOM) (EventID: 10010) (User: ATAUIL-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (06/26/2015 07:56:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (06/26/2015 07:33:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (06/26/2015 07:02:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 2 keer gebeurd.
 
Error: (06/23/2015 08:36:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (06/17/2015 00:12:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Superfetch-service is gestopt met de volgende foutcode: 
%%1062.
 
Error: (06/17/2015 11:46:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ePower Service-service is onverwacht beëindigd. Dit is nu 3 keer gebeurd.
 
 
Microsoft Office:
=========================
Error: (06/26/2015 11:32:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe7.0.3011.0508602ddePowerTray.exe7.0.3011.0508602ddc00000050000000000006b8f113401d0aff2fc535e22C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe4788dd45-1be6-11e5-bed0-7c0507534ea0
 
Error: (06/26/2015 11:32:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerSvc.exe7.0.3011.0508602ccePowerSvc.exe7.0.3011.0508602ccc0000005000000000000a51010e801d0aff308dd8d54C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe46d7d5cc-1be6-11e5-bed0-7c0507534ea0
 
Error: (06/26/2015 07:55:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe7.0.3011.0508602ddePowerTray.exe7.0.3011.0508602ddc00000050000000000006b8fff401d0afd4a7e9e3e7C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe0267d02e-1bc8-11e5-becf-7c0507534ea0
 
Error: (06/26/2015 07:55:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerSvc.exe7.0.3011.0508602ccePowerSvc.exe7.0.3011.0508602ccc0000005000000000000a510b9801d0afd4c043ab1cC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exeff511765-1bc7-11e5-becf-7c0507534ea0
 
Error: (06/26/2015 07:40:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856c9001d0afd17a77f7d24294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exec7d5c919-1bc5-11e5-bece-7c0507534ea0microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/26/2015 07:33:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe7.0.3011.0508602ddePowerTray.exe7.0.3011.0508602ddc00000050000000000006b8f125401d0afd18aefc079C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exed590a8da-1bc4-11e5-bece-7c0507534ea0
 
Error: (06/26/2015 07:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerSvc.exe7.0.3011.0508602ccePowerSvc.exe7.0.3011.0508602ccc0000005000000000000a51080801d0afd196580e6cC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exed4d1e554-1bc4-11e5-bece-7c0507534ea0
 
Error: (06/26/2015 07:18:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085614e001d0afcecc78aca24294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exec242390c-1bc2-11e5-becd-7c0507534ea0microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/26/2015 07:02:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe7.0.3011.0508602ddePowerTray.exe7.0.3011.0508602ddc00000050000000000006b8fa5401d0afcd1ff471e7C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe893aaed9-1bc0-11e5-becd-7c0507534ea0
 
Error: (06/26/2015 07:02:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerSvc.exe7.0.3011.0508602ccePowerSvc.exe7.0.3011.0508602ccc0000005000000000000a510137001d0afcd4a03b3c9C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe87e4b3e8-1bc0-11e5-becd-7c0507534ea0
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 3912.27 MB
Available physical RAM: 2439.79 MB
Total Pagefile: 4616.27 MB
Available Pagefile: 3199.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (Packard Bell) (Fixed) (Total:443.61 GB) (Free:398.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2BEA3C22)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 

  • 0

#7
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

Also I forgot maybe to say this: google chrome does not respond. From the moment I run chrome, it gives me a white window, first I could see the message at the top (does not respond), now just a white window.


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello again HaraMo,

 

 

Also I forgot maybe to say this: google chrome does not respond.

 

Yes Chrome was tampered with. We may have to revisit that if removing the rest of the adware doesn't solve the problem. :)

 

Now

 

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File not found
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Junkware Removal Tool to your desktop.



  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

AdwCleaner.jpg

Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

When you return please post

  • Fixlog.txt
  • JRT.txt
  • AdwCleaner log

 


  • 0

#9
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by atauil at 2015-06-27 03:31:42 Run:3
Running from C:\Users\atauil\Desktop
Loaded Profiles: atauil (Available Profiles: atauil)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File not found
EmptyTemp:
*****************
 
"C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll" => value data removed successfully.
EmptyTemp: => 32.7 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 03:31:56 ====
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.7 (06.26.2015:3)
OS: Windows 8.1 x64
Ran by atauil on 27/06/2015 at  3:39:08.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422152254}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422182268}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466156654}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466186668}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422152254}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422182268}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466156654}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466186668}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466156654}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466186668}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466156654}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466186668}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\ProgramData\babylon
Successfully deleted: [Folder] C:\ProgramData\bitguard
Successfully deleted: [Folder] C:\ProgramData\browser manager
Successfully deleted: [Folder] C:\Users\atauil\appdata\local\bundled software uninstaller
Successfully deleted: [Folder] C:\Users\atauil\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\atauil\appdata\local\packageaware
Successfully deleted: [Folder] C:\Users\atauil\appdata\local\torch
Successfully deleted: [Folder] C:\Users\atauil\appdata\locallow\minibar
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
[C:\Users\atauil\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\atauil\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\atauil\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\atauil\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/06/2015 at  3:42:46.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
# AdwCleaner v4.207 - Logbestand aangemaakt 27/06/2015 op 03:48:56
# Laatste update 21/06/2015 door Xplode
# Database : 2015-06-23.1 [Server]
# Besturingssysteem : Windows 8.1  (x64)
# Gebruikersnaam : atauil - ATAUIL-PC
# Gestart vanuit : C:\Users\atauil\Desktop\AdwCleaner.exe
# Optie : Verwijderen
 
***** [ Services ] *****
 
 
***** [ Bestanden / Mappen ] *****
 
Map Verwijderd : C:\Program Files (x86)\iRobinHood
Map Verwijderd : C:\Users\atauil\AppData\LocalLow\iRobinHood
Map Verwijderd : C:\Users\atauil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
 
***** [ Geplande taken ] *****
 
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Register ] *****
 
Sleutel Verwijderd : HKCU\Software\Classes\Applications\lollipop.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iLivid.torrent
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\SDP
Sleutel Verwijderd : HKCU\Software\58ed78fe039e915
Sleutel Verwijderd : HKLM\SOFTWARE\58ed78fe039e915
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A0207057-3461-4F7F-B689-D016B7A03964}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A75ACCCD-3CC9-4865-8BE3-F523FDA2164F}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{A0207057-3461-4F7F-B689-D016B7A03964}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{A75ACCCD-3CC9-4865-8BE3-F523FDA2164F}
Sleutel Verwijderd : HKCU\Software\BABSOLUTION
Sleutel Verwijderd : HKCU\Software\ilivid
Sleutel Verwijderd : HKCU\Software\InstalledBrowserExtensions
Sleutel Verwijderd : HKCU\Software\InstalledThirdPartyPrograms
Sleutel Verwijderd : HKCU\Software\lollipop
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\torch
Sleutel Verwijderd : HKLM\SOFTWARE\SoftwareUpdater
Sleutel Verwijderd : HKLM\SOFTWARE\systweak
Sleutel Verwijderd : HKLM\SOFTWARE\Vittalia
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
 
***** [ Webbrowsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v24.0 (nl)
 
 
-\\ Google Chrome v43.0.2357.130
 
 
*************************
 
AdwCleaner[R0].txt - [3088 bytes] - [27/06/2015 03:47:16]
AdwCleaner[S0].txt - [2673 bytes] - [27/06/2015 03:48:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2732  bytes] ##########
 

  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello HaraMo,

 

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services

  • Press Scan
  • A log (FSS.txt) will be created in the same directory the tool is run.
  • Copy and paste the log back here.


  • 0

Advertisements


#11
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Farbar Service Scanner Version: 17-01-2015
Ran by atauil (administrator) on 27-06-2015 at 04:47:46
Running from "C:\Users\atauil\Desktop"
Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Looks okay.

 

Moving on

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Windows 8 & 8.1 users may face another warning from the Windows SmartScreen Protection - please click More information and Run.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

 

 


  • 0

#13
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

I don't need to select anything extra (scan archis  , software, ...) in advanced settings?


  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

No just make sure "Enable detection of potentially unwanted applications" is checked. :)


  • 0

#15
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

no threads found


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP