Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infection = system32\twinapi.appcore.dll - werfault.exe [Solved]

werfault.exe

  • This topic is locked This topic is locked

#1
Pogs Logs

Pogs Logs

    New Member

  • Member
  • Pip
  • 9 posts

Hello..

 

I'm a novice at this so please bare with me.. :-)

 

I keep getting the following message:

 

WerFault.exe - Bad Image

 

C:\Windows\SYSTEM32\twinapi.appcore.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contat your system administrator or the software vendor for support. Error status 0xc0000005.

 

 

 

I can't play anything in Windows Media Player and a lot of links won't work like "Open containing folder" from downloads..

 

I've downloaded FRST and run the scan with the following results:

 

***************************************************************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Peter (administrator) on POGS-LAPTOP on 13-05-2015 09:16:29
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available profiles: Peter & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Headlight Software, Inc.) C:\Program Files (x86)\GetRight\GetRight.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-11-01] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\Run: [Facebook Update] => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-12] (Facebook Inc.)
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-27] (SteelSeries ApS)
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\Run: [OneDrive] => C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-16] (Microsoft Corporation)
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GetRight.lnk [2014-04-26]
ShortcutTarget: GetRight.lnk -> C:\Program Files (x86)\GetRight\GetRight.exe (Headlight Software, Inc.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-04-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/14
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/14
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...A6ECAD41B&SSPV=
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/14
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3126012638-4027856566-3125218738-1001 -> URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3126012638-4027856566-3125218738-1001 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-3126012638-4027856566-3125218738-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: GetRight IE Helper -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files (x86)\GetRight\xx2gr.dll [2009-10-19] (Headlight Software, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.101.1

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335
FF SelectedSearchEngine: Google
FF Homepage: hxxp://techemail.mail.everyone.net/email/scripts/loginuser.pl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3126012638-4027856566-3125218738-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Block site - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-04-25]
FF Extension: Facebook Ads Block - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\[email protected] [2014-05-22]
FF Extension: FlashGot - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-26]
FF Extension: Video DownloadHelper - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-23] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-28] (SteelSeries Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-28] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-04] (Hewlett-Packard Development Company, L.P.)
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-13 09:16 - 2015-05-13 09:16 - 00017967 _____ () C:\Users\Peter\Desktop\FRST.txt
2015-05-13 09:15 - 2015-05-13 09:15 - 02102784 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2015-05-13 09:14 - 2015-05-13 09:15 - 02102784 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2015-05-13 08:33 - 2015-05-13 08:34 - 00039119 _____ () C:\Users\Peter\Downloads\Addition.txt
2015-05-13 08:32 - 2015-05-13 08:34 - 00034778 _____ () C:\Users\Peter\Downloads\FRST.txt
2015-05-13 08:30 - 2015-05-13 09:16 - 00000000 ____D () C:\FRST
2015-05-13 08:26 - 2015-05-13 08:26 - 01141248 _____ (Farbar) C:\Users\Peter\Downloads\FRST.exe
2015-05-03 19:34 - 2015-05-03 19:34 - 00003138 _____ () C:\WINDOWS\System32\Tasks\{9AAE9973-A531-4D16-8AA9-D6B3435B4153}
2015-05-03 19:05 - 2015-05-03 19:06 - 21582816 _____ (CHENGDU YIWO Tech Development Co., Ltd. ) C:\Users\Peter\Downloads\emsa_free.exe
2015-05-03 18:17 - 2015-05-03 18:17 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-03 18:17 - 2015-05-03 18:17 - 00000000 ____D () C:\Program Files\DIFX
2015-05-03 18:11 - 2015-05-03 18:11 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-05-03 18:10 - 2015-05-03 18:10 - 00001568 _____ () C:\WINDOWS\certutil.log
2015-05-03 17:52 - 2015-05-03 18:59 - 00000000 ____D () C:\Program Files (x86)\Samsung Data Recovery
2015-05-03 17:44 - 2015-05-03 17:45 - 25246464 _____ () C:\Users\Peter\Downloads\tenorshare-samsung-data-recovery-trial.exe
2015-05-03 17:24 - 2015-05-03 17:24 - 00000000 ____D () C:\Users\Peter\AppData\Local\Wondershare
2015-05-03 17:24 - 2015-05-03 17:24 - 00000000 ____D () C:\ProgramData\Wondershare
2015-05-03 17:23 - 2015-05-03 19:35 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2015-05-03 17:23 - 2015-05-03 19:35 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Wondershare
2015-05-03 17:23 - 2015-05-03 19:35 - 00000000 ____D () C:\Users\Peter\.android
2015-05-03 17:23 - 2015-05-03 19:35 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-05-03 17:19 - 2015-05-03 17:19 - 01062984 _____ (Wondershare) C:\Users\Peter\Downloads\drfone-for-android_setup_full1531.exe
2015-04-30 09:45 - 2015-04-30 09:45 - 00000145 _____ () C:\Users\Peter\Downloads\video.html
2015-04-26 08:39 - 2015-04-26 08:40 - 34359936 _____ (Any-Video-Converter.com ) C:\Users\Peter\Downloads\avc-free(5).exe
2015-04-26 08:38 - 2015-04-26 08:38 - 00232216 _____ () C:\Users\Peter\Downloads\avc-free-36709409.exe
2015-04-22 13:32 - 2015-03-14 15:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-22 13:32 - 2015-03-14 15:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-21 09:31 - 2015-04-21 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 09:53 - 2015-04-20 09:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-19 14:06 - 2015-05-13 01:08 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc
2015-04-19 14:06 - 2015-04-19 14:06 - 00001088 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-19 14:06 - 2015-04-19 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-19 14:06 - 2015-04-19 14:06 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-04-19 14:04 - 2015-04-19 14:05 - 28849904 _____ () C:\Users\Peter\Downloads\vlc-2.2.1-win32.exe
2015-04-17 09:00 - 2015-04-17 09:01 - 113398072 _____ (AVG Technologies) C:\Users\Peter\Downloads\avg_tuh_stf_all_2015_403_24c34.exe
2015-04-15 14:33 - 2015-03-13 11:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 14:33 - 2015-03-13 11:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 14:33 - 2015-03-13 11:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 14:33 - 2015-03-13 10:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 14:33 - 2015-03-13 10:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 14:33 - 2015-03-13 10:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 14:33 - 2015-03-13 10:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 14:33 - 2015-03-13 10:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 14:33 - 2015-03-13 10:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 14:33 - 2015-03-13 10:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 14:33 - 2015-03-13 10:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 14:33 - 2015-03-13 10:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 14:33 - 2015-03-13 10:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 14:33 - 2015-03-13 10:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 14:33 - 2015-03-13 09:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 14:33 - 2015-03-13 09:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 14:33 - 2015-03-13 09:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 14:33 - 2015-03-13 09:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 14:33 - 2015-03-13 09:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 14:33 - 2015-03-13 09:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 14:33 - 2015-03-13 09:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 14:33 - 2015-03-13 09:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 14:33 - 2015-03-13 09:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 14:33 - 2015-03-13 09:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 14:32 - 2015-03-24 04:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 14:32 - 2015-03-24 04:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 14:32 - 2015-03-24 04:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 14:32 - 2015-03-24 04:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 14:32 - 2015-03-24 04:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 14:32 - 2015-03-20 11:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 14:32 - 2015-03-20 11:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 14:32 - 2015-03-20 11:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 14:32 - 2015-03-20 10:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 14:32 - 2015-03-20 09:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 14:32 - 2015-03-20 09:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 14:32 - 2015-03-20 09:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 14:32 - 2015-03-13 09:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 14:32 - 2015-03-13 09:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 14:32 - 2015-02-21 06:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 14:28 - 2015-02-24 15:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 14:26 - 2015-03-14 15:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 14:26 - 2015-03-14 08:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 14:26 - 2015-03-14 08:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 14:26 - 2015-03-14 08:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 14:26 - 2015-03-14 08:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 14:26 - 2015-03-14 08:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 14:26 - 2015-03-14 07:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 14:26 - 2015-03-14 07:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 14:26 - 2015-03-14 07:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 14:26 - 2015-03-14 07:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 14:26 - 2015-03-14 07:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 14:26 - 2015-03-14 07:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 14:26 - 2015-03-14 07:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 14:26 - 2015-03-14 07:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 14:26 - 2015-03-14 07:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 14:26 - 2015-03-14 07:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 14:26 - 2015-03-14 06:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 14:26 - 2015-03-14 06:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 14:26 - 2015-03-04 17:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 14:26 - 2015-03-04 10:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 14:26 - 2015-03-04 09:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-13 09:10 - 2013-11-30 10:15 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-13 09:10 - 2013-04-28 12:14 - 04602880 ___SH () C:\Users\Peter\Downloads\Thumbs.db
2015-05-13 09:00 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-13 08:45 - 2014-04-15 09:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-13 08:27 - 2014-03-22 22:09 - 02038143 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-13 07:48 - 2013-12-11 16:36 - 00004984 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for POGS-LAPTOP-Peter Pogs-Laptop
2015-05-13 07:29 - 2014-04-26 02:13 - 00000000 ____D () C:\ProgramData\GetRight
2015-05-13 07:28 - 2014-03-06 11:57 - 00000000 ___DO () C:\Users\Peter\OneDrive
2015-05-13 01:05 - 2014-06-12 22:00 - 00000952 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001UA.job
2015-05-13 01:01 - 2014-04-20 12:07 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC119C78-6880-4CDA-B176-70D2D1EC74AA}
2015-05-12 09:08 - 2013-07-05 13:47 - 00000000 ____D () C:\Users\Peter\dwhelper
2015-05-12 08:14 - 2013-11-30 08:56 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3126012638-4027856566-3125218738-1001
2015-05-12 08:06 - 2014-09-03 19:57 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-12 08:05 - 2013-08-22 20:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-11 16:03 - 2015-04-12 09:49 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForPeter.job
2015-05-11 16:03 - 2013-11-14 14:20 - 00027918 _____ () C:\WINDOWS\PFRO.log
2015-05-11 16:03 - 2013-08-22 21:46 - 00360527 _____ () C:\WINDOWS\setupact.log
2015-05-11 16:03 - 2013-08-22 21:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-11 16:02 - 2013-08-22 20:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-11 12:54 - 2014-03-21 16:54 - 00022016 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-11 08:19 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-10 10:01 - 2015-04-12 09:49 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForPeter
2015-05-10 10:00 - 2014-03-09 09:55 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-05 06:48 - 2013-11-30 11:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-03 18:23 - 2013-04-21 12:44 - 00000000 ____D () C:\Films
2015-05-03 18:17 - 2013-01-07 19:35 - 00075390 _____ () C:\WINDOWS\DPINST.LOG
2015-05-03 17:23 - 2014-03-22 21:51 - 00000000 ____D () C:\Users\Peter
2015-05-03 17:23 - 2013-05-25 03:46 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-04-29 09:52 - 2013-11-30 12:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-29 09:46 - 2013-11-30 12:11 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-26 08:41 - 2014-01-04 17:09 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\AnvSoft
2015-04-25 16:31 - 2013-11-30 09:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-25 13:45 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-22 14:42 - 2012-07-26 14:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-20 17:30 - 2014-05-09 07:51 - 00000000 ____D () C:\Users\Peter\Doncaster Data
2015-04-17 09:47 - 2013-11-30 08:46 - 00000000 ____D () C:\Users\Peter\AppData\Local\Packages
2015-04-17 09:28 - 2013-12-20 13:34 - 00000000 ____D () C:\Users\Peter\AppData\Local\Microsoft Help
2015-04-17 09:28 - 2013-11-30 13:12 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\hpqlog
2015-04-17 09:28 - 2013-08-22 20:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-17 09:28 - 2013-05-11 16:18 - 00000000 ____D () C:\Users\Peter\.thumbnails
2015-04-17 09:28 - 2013-04-20 15:06 - 00000000 ____D () C:\Users\Peter\Documents\Youcam
2015-04-17 09:28 - 2012-09-13 06:44 - 00000000 ____D () C:\ProgramData\Temp
2015-04-17 09:07 - 2013-12-22 07:43 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\AVG
2015-04-17 09:06 - 2013-11-30 12:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-17 09:04 - 2014-03-30 08:30 - 00000000 ____D () C:\Users\Peter\AppData\Local\AVG
2015-04-17 09:03 - 2013-12-22 07:41 - 00000000 ____D () C:\ProgramData\AVG
2015-04-15 09:45 - 2014-04-15 09:43 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 13:20 - 2014-08-06 17:45 - 00000000 ____D () C:\Users\Peter\Apartment Stuff
2015-04-14 06:24 - 2013-08-22 22:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 06:24 - 2013-08-22 22:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-11-30 08:47 - 2013-12-16 08:53 - 0011022 _____ () C:\Users\Peter\AppData\Roaming\AbsoluteReminder.xml
2014-03-21 16:54 - 2015-05-11 12:54 - 0022016 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Peter\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Peter\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Peter\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-11 08:19

==================== End Of Log ============================

 

***************************************************************************************************

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Peter at 2015-05-13 09:17:09
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3126012638-4027856566-3125218738-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3126012638-4027856566-3125218738-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3126012638-4027856566-3125218738-1005 - Limited - Enabled)
Peter (S-1-5-21-3126012638-4027856566-3125218738-1001 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Any Video Converter 5.7.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\BitTorrent) (Version: 7.9.1.31228 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Ralink Bluetooth Stack (HKLM\...\{C079427A-BB28-5168-3DB1-DC6608D226D4}) (Version: 11.0.748.2 - Mediatek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27029 - Realtek Semiconductor Corp.)
Sony Pictures Download Manager (HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\1409023880.ultraviolet.sonypictures.com) (Version:  - ultraviolet.sonypictures.com)
SPIF225 USB to SATA Bridge 98 Driver Installer (HKLM-x32\...\{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}) (Version: 2.0.0.0 - Sunplus Technology Co., Ltd.)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/10/2014 2.11.8.0) (HKLM\...\9134EDE55D2832A6C5C79340B00AB7994D858C86) (Version: 03/10/2014 2.11.8.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadmdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\7F88F2DFE1ABA293DADBE5DA286367B63BC6803B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\95CB371FE417AB927308B5EA16B0FFD8902579FC) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaemdm) Modem  (02/05/2010 5.14.0.0) (HKLM\...\14AE004B19BD3BB393FF6268715C15E1F14216E8) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaend5) Net  (02/05/2010 5.14.0.0) (HKLM\...\75005F34035E512FEEBCAE8E47C427F0D5B95E92) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaeunic) USB  (02/05/2010 5.14.0.0) (HKLM\...\0B1DCCBA5BC4F4EEFC1C4D6AC8B27D2393A38E9B) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\48D2E7EFFD4BAB26BC0C02AD45ACAAE9F6DCE93B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdmdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\27E187FA129B3851CA36E7EFD57A4B410C363A74) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\0538728B8C08F691CFD167E4B7C479EF672BDBCB) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscebus) USB  (11/30/2012 5.30.14.0) (HKLM\...\DBB8AAF635B8C4AFC784BE729331BD04DBE1002D) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscemdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\86E162131DFD10D5894F0B148F3FB8E8562D602B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssceserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\774F03A40D4344CD199548B37D6686E7A3B91FDF) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0) (HKLM\...\79BE6E72F3FB459964ECB14CA5E9499EB84CED24) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/10/2014 2.11.8.0) (HKLM\...\9D887488E874F6E1E554D05711CE970A71288082) (Version: 03/10/2014 2.11.8.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0) (HKLM\...\3889AC3DC15E870F7212E360BD6BD1FA71261AAC) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0) (HKLM\...\139FA893FBE6105A30D47E0FAB2B465546E1605D) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0) (HKLM\...\A8ACA907A00D578D644681DCA06EC0E1608C03A2) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (05/13/2011 5.28.2.1) (HKLM\...\CC16886829EBCBDE3BFDAE395E74FACD43F1386F) (Version: 05/13/2011 5.28.2.1 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  WPD  (01/02/2014 2.11.7.0) (HKLM\...\09A67B8CC5436D17AFCEA20406A9341A5E46FA9B) (Version: 01/02/2014 2.11.7.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ss_conn_usb_driver) USB  (03/10/2014 2.11.8.0) (HKLM\...\C3D7E8BFE65E2B80D351B529CD5B8818BC68B459) (Version: 03/10/2014 2.11.8.0 - SAMSUNG Electronics Co., Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3126012638-4027856566-3125218738-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

24-04-2015 12:29:14 Windows Update
29-04-2015 09:45:24 Windows Update
11-05-2015 08:26:03 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09A208A0-AF2C-4A7E-85AA-933A3D7F8FDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-29] (Microsoft Corporation)
Task: {0D554F82-AA7A-4477-993C-435796829E27} - System32\Tasks\{9AAE9973-A531-4D16-8AA9-D6B3435B4153} => pcalua.exe -a "C:\Program Files (x86)\Wondershare\Dr.Fone for Android\unins000.exe"
Task: {102E3D39-D95B-4A61-A899-D6709F7963F9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001Core => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12] (Facebook Inc.)
Task: {12096C3E-5F45-4D1E-9B4A-A39C9F356BEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {12B97180-85EB-4C31-B178-FA43D97B5CBF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1DC8F7E5-DD34-4376-A7EF-F0D58FD2322E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1EECE91F-9EA3-4688-897F-B6888368D16D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {22C7A03B-18E5-483B-9DD3-28826378216B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {24CE15BA-6060-4822-A0F5-5E43C1600E17} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {2791D8A6-1A0E-4B00-A9F6-F70289C3DF62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4B82BFA3-4697-455E-B162-66B45DFB1405} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-28] (Synaptics Incorporated)
Task: {54AD391C-4D13-42A4-B8AD-F2DDF7DC8E56} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5F0D8A9C-9C80-4BA9-B47F-52F7A1756FC8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6DCAA6E9-9484-4555-98FA-BECF645D9587} - System32\Tasks\{94E89783-4929-40BD-B54F-412F943FBDD4} => pcalua.exe -a C:\Users\Peter\Downloads\ResetDRM.exe -d C:\Users\Peter\Downloads
Task: {7DD0ADC9-EFD7-4032-AC69-36D5319C8B9D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {85D1BED7-9837-4521-BFD1-01C5D903CC5E} - System32\Tasks\HPCeeScheduleForPeter => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {881A761B-48ED-490A-96F5-236C71D63E97} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {8CC8BF6D-AADC-467C-B710-BACBD8D57CA2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A36E3278-5965-459D-860D-6BD575FA77DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A60BF6FC-85DF-4950-9F2E-EC2EE2F68820} - System32\Tasks\{0246D464-54A4-4256-A293-3A2A8795DE28} => pcalua.exe -a "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" -c "/appName=SoftwareWatcher bundle" "/linkurl=http://lp.sweetim.co...leUninstaller/""/searchProviderApp=SoftwareWatcher" "/searchProvider=a different"
Task: {A8625599-FB8F-42E1-8AAC-40CABB8C9CA0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001UA => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12] (Facebook Inc.)
Task: {B56E68B7-4775-4BBC-A924-0EAEFA678378} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3126012638-4027856566-3125218738-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {B9EF93BC-6DC2-425C-8F3C-421C7B42C8DD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-28] (CyberLink)
Task: {CB9ACE8B-1A60-4325-9311-A97551ED7C37} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {DAEA3B09-069B-467F-AD2D-EF8A91B11DD8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E39F0921-39E7-48EC-A7AA-DF6899C740CC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {E6A1E075-651B-450F-A1C4-2BB380D8B441} - System32\Tasks\Microsoft Office 15 Sync Maintenance for POGS-LAPTOP-Peter Pogs-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {FC1C3F75-0A48-4AEA-8626-2A5C6A8B139D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001Core.job => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001UA.job => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPeter.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-28 17:16 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-19 09:53 - 2015-01-27 22:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-24 22:22 - 2014-01-24 22:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 22:57 - 2014-05-16 22:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 22:57 - 2014-05-16 22:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2013-01-07 19:34 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-11-15 12:07 - 2014-11-15 12:07 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-15 12:05 - 2014-11-15 12:05 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 20:39 - 2012-09-12 20:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-11-01 11:48 - 2013-11-01 11:48 - 00029432 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-11-01 11:48 - 2013-11-01 11:48 - 00080120 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2013-11-01 11:48 - 2013-11-01 11:48 - 00371448 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2014-05-24 07:26 - 2014-05-24 07:26 - 00196264 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Peter\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Peter\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.101.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "RevHDD"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9B24A147-9DD0-4002-959E-293A603ABBA5}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{065E712C-8932-4341-913D-3121B6D1B894}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D9DFC4C5-5CB5-4379-B35A-988A2DA4F932}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C88A9FB9-66EC-42A4-AAAA-594E9728FF65}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E0E45B86-BAC7-4C37-9AF9-701E33B472DA}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{3F1CE1A0-FDFB-4419-8C37-01DCF77C654B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{EAA8840D-538B-4227-BD6C-BEFBF0233DA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DDBB12A-6DF3-4CF0-9AC8-77F44A566418}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FD080C1F-2CFE-4875-8329-3E5BCF0566F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C8DD5ED0-F07C-4DE4-BFE5-7D0095F09ACA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6904EC2-4286-4B8D-8AC5-92B6C95447A6}] => (Allow) LPort=1900
FirewallRules: [{4E77ECA7-8D58-4D86-8C05-6A6E5E3A577B}] => (Allow) LPort=2869
FirewallRules: [{BEFD2D3E-9082-423B-A9A1-2843ACC3BE6B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{96C915B1-F8AE-48E1-8E46-3D38EF29FA16}] => (Allow) C:\Users\Peter\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F18117F7-1AA3-48E2-AF95-20404F5C98BD}] => (Allow) C:\Users\Peter\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{62443A8A-AA7B-46BD-BEF3-A21BEAE616EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{311A377C-E130-4D2B-9D69-30970A8A06F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{160DA493-2F08-4D9A-B6B6-BD76B679D274}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{7A0AC6C1-DF1C-429D-B44F-06938480122C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{E3A75376-A7C9-47D3-AEA7-30C3220E3937}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{5EA0A5B7-010F-49EA-8F5A-FA3C82DF5B44}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{D3616E16-535E-456C-9BFF-BC970B7210EB}] => (Allow) C:\Users\Peter\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{D8E1F483-B403-49F1-AAAF-E8B7034B7BB4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{7A31F357-EF99-491C-A4B2-20AFFAB0C977}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{6B6E352F-0610-4437-B0B7-5B3A5F6B367C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{D2B80FFB-FBA9-47A8-945A-F49C4AE73797}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{09B52A18-E506-464E-8992-BF0B81400B73}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{4EC8BEE2-B4EF-4303-A619-8EC6C1A3315E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{05CB59FB-37F6-4C0F-8DF5-FC3BFC7DD2A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{969C2EBA-F4BE-45D4-A819-8976E22740B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D22D782-364A-4400-9F99-83BBF5AA8041}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsy1582.tmp\CnetInstaller-75786654.exe
FirewallRules: [{CBB86116-B674-437A-ADC7-7A0C83A2D376}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsy1582.tmp\CnetInstaller-75786654.exe
FirewallRules: [{95363556-9B4E-49F3-A189-31956F361DA8}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsn2B2B.tmp\CnetInstaller-75786654.exe
FirewallRules: [{420D6DBD-75FD-4ECD-B9DB-C76B55CC8EA0}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsn2B2B.tmp\CnetInstaller-75786654.exe
FirewallRules: [{A04A63B6-44E5-4022-9B2E-CFE4F9F70CEB}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsc1D0A.tmp\CnetInstaller-10661456.exe
FirewallRules: [{77E941F3-F8A0-4450-8F67-D382935C9E8F}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsc1D0A.tmp\CnetInstaller-10661456.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2015 09:08:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/13/2015 09:08:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0xd64
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (05/13/2015 08:54:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/13/2015 08:53:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x1efc
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (05/13/2015 08:38:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/13/2015 08:38:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x14f8
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (05/13/2015 08:23:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/13/2015 08:08:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/13/2015 08:08:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x50
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (05/13/2015 07:53:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (05/13/2015 09:08:42 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/13/2015 08:54:02 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/13/2015 08:38:47 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/13/2015 08:23:37 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/13/2015 08:08:46 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/13/2015 07:53:51 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/13/2015 07:51:46 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/13/2015 07:38:44 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/13/2015 01:08:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/12/2015 09:15:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (05/13/2015 09:08:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/13/2015 09:08:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade0000000400014598d6401d08d21b9633bb9C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllf867f84c-f914-11e4-beb2-a4173144ef34Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (05/13/2015 08:54:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/13/2015 08:53:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade00000004000145981efc01d08d1fa0effd65C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlle0eb0bdd-f912-11e4-beb2-a4173144ef34Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (05/13/2015 08:38:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/13/2015 08:38:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade000000040001459814f801d08d1d888053e0C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllcad7599e-f910-11e4-beb2-a4173144ef34Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (05/13/2015 08:23:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/13/2015 08:08:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/13/2015 08:08:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade00000004000145985001d08d19579f0561C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll993562e5-f90c-11e4-beb2-a4173144ef34Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (05/13/2015 07:53:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141


==================== Memory info ===========================

Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 58%
Total physical RAM: 3992.28 MB
Available physical RAM: 1663.85 MB
Total Pagefile: 4696.28 MB
Available Pagefile: 2136.62 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:271.8 GB) (Free:56.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.73 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4371273C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 527B22D2)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

I do hope you can help me and thank you.. :-)

Wishing you all the best,

Peter (Pog)..


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue. Sorry for the delay. Although I don't think this is malware related, we'll take a look.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): BitTorrent

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   817bytes   82 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

 

Items for your next post

1. FRST Fix Log

2. AdwCleaner log

 

 


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

User Returned.


  • 0

#5
Pogs Logs

Pogs Logs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello Brian,

 

Thank you for re-opening the topic and sorry for not being on to things better last time..

 

As I'm sure things have changed since last time I've run FRST64 again as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Peter (administrator) on POGS-LAPTOP on 07-07-2015 14:16:09
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter & Administrator (Available Profiles: Peter & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Headlight Software, Inc.) C:\Program Files (x86)\GetRight\GetRight.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5213136 2015-06-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-11-01] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\Run: [Facebook Update] => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-12] (Facebook Inc.)
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-27] (SteelSeries ApS)
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\Run: [OneDrive] => C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3126012638-4027856566-3125218738-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GetRight.lnk [2014-04-26]
ShortcutTarget: GetRight.lnk -> C:\Program Files (x86)\GetRight\GetRight.exe (Headlight Software, Inc.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-04-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/14
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/14
HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/14
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3126012638-4027856566-3125218738-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: GetRight IE Helper -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files (x86)\GetRight\xx2gr.dll [2009-10-19] (Headlight Software, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{B9B3B2B9-1173-44EC-BEA8-4A9B37CA3448}: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14
Tcpip\..\Interfaces\{F659EDD6-CB22-46BC-BEBC-EC3FC26BC005}: [DhcpNameServer] 192.168.101.1

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335
FF SelectedSearchEngine: Google
FF Homepage: hxxp://techemail.mail.everyone.net/email/scripts/loginuser.pl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3126012638-4027856566-3125218738-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Block site - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-30]
FF Extension: Facebook Ads Block - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\[email protected] [2014-05-22]
FF Extension: FlashGot - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-26]
FF Extension: Video DownloadHelper - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1441648 2015-06-12] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3257808 2015-06-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [300408 2015-06-12] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-23] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [287208 2015-05-27] (AVG Technologies CZ, s.r.o.)
S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-28] (SteelSeries Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-28] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-04] (Hewlett-Packard Development Company, L.P.)
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 14:16 - 2015-07-07 14:16 - 00017357 _____ C:\Users\Peter\Desktop\FRST.txt
2015-06-29 13:57 - 2015-06-29 15:11 - 00113199 ____T C:\Users\Peter\Pai Town Centre 03.oxps
2015-06-29 13:55 - 2015-06-29 16:00 - 00042605 _____ C:\Users\Peter\Pai town centre 03.pptx
2015-06-29 13:42 - 2015-06-29 13:42 - 00012810 ____T C:\Users\Peter\Pai Town Centre 02.oxps
2015-06-29 13:41 - 2015-06-29 16:00 - 00012800 ___SH C:\Users\Peter\Thumbs.db
2015-06-29 13:13 - 2015-06-29 13:13 - 00013405 ____T C:\Users\Peter\Pai Town Centre.oxps
2015-06-29 13:12 - 2015-06-29 13:22 - 00034495 _____ C:\Users\Peter\Pai town centre.pptx
2015-06-26 10:58 - 2015-06-26 10:58 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-18 14:00 - 2015-06-18 14:00 - 00000817 _____ C:\Users\Peter\Downloads\fixlist.txt
2015-06-12 08:48 - 2015-05-27 21:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-12 08:48 - 2015-05-23 10:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-12 08:48 - 2015-05-23 10:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-12 08:48 - 2015-05-23 10:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-12 08:48 - 2015-05-23 10:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-12 08:48 - 2015-05-23 10:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-12 08:48 - 2015-05-23 09:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-12 08:48 - 2015-05-23 09:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-12 08:48 - 2015-05-23 09:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-12 08:48 - 2015-05-23 09:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-12 08:48 - 2015-05-23 09:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-12 08:48 - 2015-05-23 09:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-12 08:48 - 2015-05-23 09:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-12 08:48 - 2015-05-23 09:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-12 08:48 - 2015-05-23 09:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-12 08:48 - 2015-05-23 09:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-12 08:48 - 2015-05-23 09:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-12 08:48 - 2015-05-23 09:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-12 08:48 - 2015-05-23 09:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-12 08:47 - 2015-05-27 21:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-12 08:47 - 2015-05-23 02:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-12 08:47 - 2015-05-23 02:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-12 08:47 - 2015-05-23 02:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-12 08:47 - 2015-05-23 01:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-12 08:47 - 2015-05-23 01:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-12 08:47 - 2015-05-23 01:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-12 08:47 - 2015-05-23 01:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-12 08:47 - 2015-05-23 01:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-12 08:47 - 2015-05-23 01:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-12 08:47 - 2015-05-23 01:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-12 08:47 - 2015-05-23 01:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-12 08:47 - 2015-05-23 01:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-12 08:47 - 2015-05-23 01:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-12 08:47 - 2015-05-23 01:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-12 08:47 - 2015-05-23 01:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-12 08:47 - 2015-05-23 00:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-12 08:47 - 2015-05-23 00:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-12 08:47 - 2015-05-23 00:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-12 08:47 - 2015-05-23 00:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-12 08:47 - 2015-05-23 00:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-12 08:44 - 2015-04-25 09:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-12 08:44 - 2015-04-25 09:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-12 08:41 - 2015-05-21 23:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 14:16 - 2015-05-13 08:30 - 00000000 ____D C:\FRST
2015-07-07 14:15 - 2015-06-02 09:25 - 00000000 ____D C:\Users\Peter\Desktop\FRST-OlderVersion
2015-07-07 14:15 - 2015-05-13 09:15 - 02112512 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2015-07-07 14:12 - 2014-03-22 22:09 - 01902722 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-07 14:06 - 2015-04-12 09:49 - 00003170 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPeter
2015-07-07 14:06 - 2015-04-12 09:49 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPeter.job
2015-07-07 14:04 - 2014-04-26 02:13 - 00000000 ____D C:\ProgramData\GetRight
2015-07-07 14:02 - 2014-03-06 11:57 - 00000000 __RDO C:\Users\Peter\OneDrive
2015-07-07 14:02 - 2013-12-11 16:36 - 00004984 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for POGS-LAPTOP-Peter Pogs-Laptop
2015-07-07 14:02 - 2013-11-30 10:15 - 00000000 ____D C:\ProgramData\MFAData
2015-07-07 14:00 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-07 11:12 - 2015-05-24 14:50 - 00000000 ____D C:\Users\Peter\dwhelper
2015-07-07 11:11 - 2013-10-29 10:48 - 00000000 __RDO C:\Users\Peter\SkyDrive
2015-07-07 10:55 - 2014-01-04 17:09 - 00000000 ____D C:\Users\Peter\AppData\Roaming\AnvSoft
2015-07-07 10:51 - 2014-03-21 16:54 - 00025600 _____ C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-07 10:45 - 2014-04-15 09:43 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-07 10:42 - 2015-04-19 14:06 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2015-07-07 10:05 - 2014-06-12 22:00 - 00000952 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001UA.job
2015-07-07 06:58 - 2014-04-20 12:07 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC119C78-6880-4CDA-B176-70D2D1EC74AA}
2015-07-06 06:29 - 2012-07-26 14:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-06 05:41 - 2014-09-03 19:57 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-05 09:56 - 2014-03-09 09:55 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-07-04 16:53 - 2014-03-22 21:51 - 00000000 ____D C:\Users\Peter
2015-07-04 11:16 - 2013-11-30 08:56 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3126012638-4027856566-3125218738-1001
2015-07-04 08:37 - 2013-08-22 20:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-03 10:02 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-03 07:59 - 2015-02-13 11:10 - 00000000 __SHD C:\Users\Peter\AppData\Local\EmieBrowserModeList
2015-07-03 07:59 - 2014-05-01 17:02 - 00000000 __SHD C:\Users\Peter\AppData\Local\EmieUserList
2015-07-03 07:59 - 2014-05-01 17:02 - 00000000 __SHD C:\Users\Peter\AppData\Local\EmieSiteList
2015-07-02 07:09 - 2013-04-28 12:14 - 04737536 ___SH C:\Users\Peter\Downloads\Thumbs.db
2015-06-28 13:10 - 2013-12-03 09:45 - 00000000 ____D C:\Users\Peter\AppData\Roaming\GetRight
2015-06-28 13:02 - 2013-08-22 21:46 - 00362170 _____ C:\WINDOWS\setupact.log
2015-06-28 13:02 - 2013-08-22 21:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-28 13:02 - 2013-08-22 20:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-28 13:01 - 2014-04-03 12:06 - 00000000 ____D C:\AdwCleaner
2015-06-26 10:58 - 2013-11-30 12:10 - 00000983 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2015-06-26 10:52 - 2014-12-26 13:38 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 11:45 - 2014-04-15 09:43 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-24 11:25 - 2013-11-14 14:20 - 00031482 _____ C:\WINDOWS\PFRO.log
2015-06-24 08:42 - 2013-11-30 11:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-20 10:02 - 2013-08-22 22:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 10:02 - 2013-08-22 22:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 16:47 - 2014-01-04 17:09 - 00001221 _____ C:\Users\Peter\Desktop\Any Video Converter.lnk
2015-06-18 16:13 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-14 08:44 - 2015-06-03 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-14 08:44 - 2013-11-30 09:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-14 08:44 - 2013-08-22 21:44 - 00381224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 13:06 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-12 08:29 - 2013-11-30 09:23 - 00000000 ____D C:\Users\Peter\AppData\Local\Adobe

==================== Files in the root of some directories =======

2013-11-30 08:47 - 2013-12-16 08:53 - 0011022 _____ () C:\Users\Peter\AppData\Roaming\AbsoluteReminder.xml
2014-03-21 16:54 - 2015-07-07 10:51 - 0025600 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-01 11:30

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Peter at 2015-07-07 14:16:58
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3126012638-4027856566-3125218738-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3126012638-4027856566-3125218738-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3126012638-4027856566-3125218738-1005 - Limited - Enabled)
Peter (S-1-5-21-3126012638-4027856566-3125218738-1001 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2014 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2014 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Any Video Converter 5.7.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Any Video Converter 5.8.1 (HKLM-x32\...\Any Video Converter) (Version: 5.8.1 - Anvsoft)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4813 - AVG Technologies)
AVG 2014 (Version: 14.0.4365 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4813 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Ralink Bluetooth Stack (HKLM\...\{C079427A-BB28-5168-3DB1-DC6608D226D4}) (Version: 11.0.748.2 - Mediatek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27029 - Realtek Semiconductor Corp.)
Sony Pictures Download Manager (HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\...\1409023880.ultraviolet.sonypictures.com) (Version:  - ultraviolet.sonypictures.com)
SPIF225 USB to SATA Bridge 98 Driver Installer (HKLM-x32\...\{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}) (Version: 2.0.0.0 - Sunplus Technology Co., Ltd.)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/10/2014 2.11.8.0) (HKLM\...\9134EDE55D2832A6C5C79340B00AB7994D858C86) (Version: 03/10/2014 2.11.8.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadmdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\7F88F2DFE1ABA293DADBE5DA286367B63BC6803B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\95CB371FE417AB927308B5EA16B0FFD8902579FC) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaemdm) Modem  (02/05/2010 5.14.0.0) (HKLM\...\14AE004B19BD3BB393FF6268715C15E1F14216E8) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaend5) Net  (02/05/2010 5.14.0.0) (HKLM\...\75005F34035E512FEEBCAE8E47C427F0D5B95E92) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaeunic) USB  (02/05/2010 5.14.0.0) (HKLM\...\0B1DCCBA5BC4F4EEFC1C4D6AC8B27D2393A38E9B) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\48D2E7EFFD4BAB26BC0C02AD45ACAAE9F6DCE93B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdmdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\27E187FA129B3851CA36E7EFD57A4B410C363A74) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\0538728B8C08F691CFD167E4B7C479EF672BDBCB) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscebus) USB  (11/30/2012 5.30.14.0) (HKLM\...\DBB8AAF635B8C4AFC784BE729331BD04DBE1002D) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscemdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\86E162131DFD10D5894F0B148F3FB8E8562D602B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssceserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\774F03A40D4344CD199548B37D6686E7A3B91FDF) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0) (HKLM\...\79BE6E72F3FB459964ECB14CA5E9499EB84CED24) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/10/2014 2.11.8.0) (HKLM\...\9D887488E874F6E1E554D05711CE970A71288082) (Version: 03/10/2014 2.11.8.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0) (HKLM\...\3889AC3DC15E870F7212E360BD6BD1FA71261AAC) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0) (HKLM\...\139FA893FBE6105A30D47E0FAB2B465546E1605D) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0) (HKLM\...\A8ACA907A00D578D644681DCA06EC0E1608C03A2) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (05/13/2011 5.28.2.1) (HKLM\...\CC16886829EBCBDE3BFDAE395E74FACD43F1386F) (Version: 05/13/2011 5.28.2.1 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  WPD  (01/02/2014 2.11.7.0) (HKLM\...\09A67B8CC5436D17AFCEA20406A9341A5E46FA9B) (Version: 01/02/2014 2.11.7.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ss_conn_usb_driver) USB  (03/10/2014 2.11.8.0) (HKLM\...\C3D7E8BFE65E2B80D351B529CD5B8818BC68B459) (Version: 03/10/2014 2.11.8.0 - SAMSUNG Electronics Co., Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3126012638-4027856566-3125218738-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

24-06-2015 11:23:28 Windows Update
03-07-2015 10:07:14 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D554F82-AA7A-4477-993C-435796829E27} - System32\Tasks\{9AAE9973-A531-4D16-8AA9-D6B3435B4153} => pcalua.exe -a "C:\Program Files (x86)\Wondershare\Dr.Fone for Android\unins000.exe"
Task: {102E3D39-D95B-4A61-A899-D6709F7963F9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001Core => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12] (Facebook Inc.)
Task: {12096C3E-5F45-4D1E-9B4A-A39C9F356BEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {13E69B0E-7B26-4616-BF1A-B4904EE720D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {14738097-AC2E-4EC0-968D-5AF552C5F249} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {1DC8F7E5-DD34-4376-A7EF-F0D58FD2322E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1EECE91F-9EA3-4688-897F-B6888368D16D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {22C7A03B-18E5-483B-9DD3-28826378216B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2791D8A6-1A0E-4B00-A9F6-F70289C3DF62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4A7A7851-2BF8-44C3-B02B-3992C369430C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3126012638-4027856566-3125218738-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {4B82BFA3-4697-455E-B162-66B45DFB1405} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-28] (Synaptics Incorporated)
Task: {6DCAA6E9-9484-4555-98FA-BECF645D9587} - System32\Tasks\{94E89783-4929-40BD-B54F-412F943FBDD4} => pcalua.exe -a C:\Users\Peter\Downloads\ResetDRM.exe -d C:\Users\Peter\Downloads
Task: {7DD0ADC9-EFD7-4032-AC69-36D5319C8B9D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8091BB9F-8145-4E38-9DF3-F0D0D70B705F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {8CC8BF6D-AADC-467C-B710-BACBD8D57CA2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {91A66800-32B7-44B8-948D-F600FA25C7A0} - System32\Tasks\HPCeeScheduleForPeter => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A36E3278-5965-459D-860D-6BD575FA77DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A8625599-FB8F-42E1-8AAC-40CABB8C9CA0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001UA => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12] (Facebook Inc.)
Task: {B9EF93BC-6DC2-425C-8F3C-421C7B42C8DD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-28] (CyberLink)
Task: {DAEA3B09-069B-467F-AD2D-EF8A91B11DD8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E6A1E075-651B-450F-A1C4-2BB380D8B441} - System32\Tasks\Microsoft Office 15 Sync Maintenance for POGS-LAPTOP-Peter Pogs-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation)
Task: {FC1C3F75-0A48-4AEA-8626-2A5C6A8B139D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001Core.job => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3126012638-4027856566-3125218738-1001UA.job => C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPeter.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 17:16 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-19 09:53 - 2015-01-27 22:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-24 22:22 - 2014-01-24 22:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 22:57 - 2014-05-16 22:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 22:57 - 2014-05-16 22:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-27 01:39 - 2014-06-27 01:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2015-07-03 09:33 - 2015-07-03 09:34 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-01-07 19:34 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-11-15 12:05 - 2014-11-15 12:05 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 20:38 - 2012-09-12 20:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 20:39 - 2012-09-12 20:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-11-01 11:48 - 2013-11-01 11:48 - 00029432 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-11-01 11:48 - 2013-11-01 11:48 - 00080120 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2013-11-01 11:48 - 2013-11-01 11:48 - 00371448 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Peter\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Peter\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3126012638-4027856566-3125218738-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3126012638-4027856566-3125218738-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.101.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "RevHDD"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9B24A147-9DD0-4002-959E-293A603ABBA5}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{065E712C-8932-4341-913D-3121B6D1B894}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D9DFC4C5-5CB5-4379-B35A-988A2DA4F932}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C88A9FB9-66EC-42A4-AAAA-594E9728FF65}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E0E45B86-BAC7-4C37-9AF9-701E33B472DA}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{3F1CE1A0-FDFB-4419-8C37-01DCF77C654B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{EAA8840D-538B-4227-BD6C-BEFBF0233DA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DDBB12A-6DF3-4CF0-9AC8-77F44A566418}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FD080C1F-2CFE-4875-8329-3E5BCF0566F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C8DD5ED0-F07C-4DE4-BFE5-7D0095F09ACA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6904EC2-4286-4B8D-8AC5-92B6C95447A6}] => (Allow) LPort=1900
FirewallRules: [{4E77ECA7-8D58-4D86-8C05-6A6E5E3A577B}] => (Allow) LPort=2869
FirewallRules: [{BEFD2D3E-9082-423B-A9A1-2843ACC3BE6B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D3616E16-535E-456C-9BFF-BC970B7210EB}] => (Allow) C:\Users\Peter\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{D8E1F483-B403-49F1-AAAF-E8B7034B7BB4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{7A31F357-EF99-491C-A4B2-20AFFAB0C977}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{6B6E352F-0610-4437-B0B7-5B3A5F6B367C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{D2B80FFB-FBA9-47A8-945A-F49C4AE73797}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{09B52A18-E506-464E-8992-BF0B81400B73}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{4EC8BEE2-B4EF-4303-A619-8EC6C1A3315E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{05CB59FB-37F6-4C0F-8DF5-FC3BFC7DD2A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{969C2EBA-F4BE-45D4-A819-8976E22740B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D22D782-364A-4400-9F99-83BBF5AA8041}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsy1582.tmp\CnetInstaller-75786654.exe
FirewallRules: [{CBB86116-B674-437A-ADC7-7A0C83A2D376}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsy1582.tmp\CnetInstaller-75786654.exe
FirewallRules: [{95363556-9B4E-49F3-A189-31956F361DA8}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsn2B2B.tmp\CnetInstaller-75786654.exe
FirewallRules: [{420D6DBD-75FD-4ECD-B9DB-C76B55CC8EA0}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsn2B2B.tmp\CnetInstaller-75786654.exe
FirewallRules: [{A04A63B6-44E5-4022-9B2E-CFE4F9F70CEB}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsc1D0A.tmp\CnetInstaller-10661456.exe
FirewallRules: [{77E941F3-F8A0-4450-8F67-D382935C9E8F}] => (Allow) C:\Users\Peter\AppData\Local\Temp\nsc1D0A.tmp\CnetInstaller-10661456.exe
FirewallRules: [{62443A8A-AA7B-46BD-BEF3-A21BEAE616EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{311A377C-E130-4D2B-9D69-30970A8A06F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{160DA493-2F08-4D9A-B6B6-BD76B679D274}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{7A0AC6C1-DF1C-429D-B44F-06938480122C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{E3A75376-A7C9-47D3-AEA7-30C3220E3937}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{5EA0A5B7-010F-49EA-8F5A-FA3C82DF5B44}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2015 02:15:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/07/2015 02:15:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x10c0
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (07/07/2015 02:02:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app SymantecCorporation.NortonStudio_v68kp9n051hdp!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/07/2015 11:07:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/07/2015 11:07:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x1b7c
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (07/07/2015 10:52:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/07/2015 10:52:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x2638
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (07/07/2015 10:38:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/07/2015 10:37:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x1990
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (07/07/2015 10:19:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (07/07/2015 02:15:07 PM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (07/07/2015 02:02:22 PM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppXqnry5k2463e1eva81cgfqeh461wt463a.mca

Error: (07/07/2015 11:18:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/07/2015 11:07:48 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (07/07/2015 10:52:47 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (07/07/2015 10:38:09 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (07/07/2015 10:19:38 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (07/07/2015 10:18:39 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppXqnry5k2463e1eva81cgfqeh461wt463a.mca

Error: (07/07/2015 10:07:47 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (07/07/2015 09:52:47 AM) (Source: DCOM) (EventID: 10010) (User: POGS-LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa


Microsoft Office:
=========================
Error: (07/07/2015 02:15:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (07/07/2015 02:15:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade000000040001459810c001d0b884a424fbb5C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlle3cee414-2477-11e5-bebf-a4173144ef34Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (07/07/2015 02:02:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: SymantecCorporation.NortonStudio_v68kp9n051hdp!App-2144927141

Error: (07/07/2015 11:07:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (07/07/2015 11:07:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade00000004000145981b7c01d0b86a789980ebC:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllb881b9f0-245d-11e5-bebf-a4173144ef34Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (07/07/2015 10:52:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (07/07/2015 10:52:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade0000000400014598263801d0b86860278a33C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll9fdcb336-245b-11e5-bebf-a4173144ef34Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (07/07/2015 10:38:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (07/07/2015 10:37:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade0000000400014598199001d0b86647b714c6C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll8822ae24-2459-11e5-bebf-a4173144ef34Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (07/07/2015 10:19:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POGS-LAPTOP)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141


==================== Memory info ===========================

Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 49%
Total physical RAM: 3992.28 MB
Available physical RAM: 2004.07 MB
Total Virtual: 4696.28 MB
Available Virtual: 2387.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:271.8 GB) (Free:47.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.73 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4371273C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 527B22D2)

Partition: GPT Partition Type.

==================== End of log ============================

 

Thank you again for your help Brian.. :-)


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Your logs look fairly clean but I do see a couple apps crashing. Please do the following.

 

Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation, are not recommended or are currently causing your machine issues.. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

 

Facebook Video Calling 3.1.0.521

Norton Studio <---This one is a Windows Store app. Please uninstall

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   217bytes   94 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
 

 

Items for your next post

1. Fixlog

2. Adwcleaner log


  • 0

#7
Pogs Logs

Pogs Logs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Peter at 2015-07-08 13:57:09 Run:4
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter & Administrator (Available Profiles: Peter & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
FF Extension: Block site - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-30]
EmptyTemp:




*****************

Restore point was successfully created.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => moved successfully.
EmptyTemp: => 1.4 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 13:58:18 ====

 

 

# AdwCleaner v3.023 - Report created 08/07/2015 at 14:07:50
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Peter - POGS-LAPTOP
# Running from : C:\Users\Peter\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\AppDataLow\Software\Headlight

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)

[ File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8v9rxw2a.default-1398345474335\prefs.js ]


*************************

AdwCleaner[R0].txt - [3154 octets] - [03/04/2014 12:06:32]
AdwCleaner[R1].txt - [1201 octets] - [18/06/2015 14:19:34]
AdwCleaner[R2].txt - [1090 octets] - [18/06/2015 14:56:42]
AdwCleaner[R3].txt - [1210 octets] - [28/06/2015 13:00:27]
AdwCleaner[R4].txt - [1386 octets] - [08/07/2015 14:06:47]
AdwCleaner[S0].txt - [2782 octets] - [03/04/2014 12:07:32]
AdwCleaner[S1].txt - [1232 octets] - [18/06/2015 14:26:45]
AdwCleaner[S2].txt - [1110 octets] - [18/06/2015 14:58:00]
AdwCleaner[S3].txt - [1231 octets] - [28/06/2015 13:01:10]
AdwCleaner[S4].txt - [1268 octets] - [08/07/2015 14:07:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1328 octets] ##########

 

Thank you once again Brian.. :-)


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Do you still have the twinapi.appcore.dll error?


  • 0

#9
Pogs Logs

Pogs Logs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello Brian.. Yes it's still there.. :-(


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Please do the following.

 

Step#1 - SFC Scan
1. Right-click on the Start w8start.png button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
sfc /scannow

3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.
copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

4. Once this has completed please go to your Desktop and you will find CBS.txt => Please zip/upload CBS.txt to this thread

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.


  • 0

Advertisements


#11
Pogs Logs

Pogs Logs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks Brian,

cbs.txt attached.. :-)

 

Attached Files

  • Attached File  cbs.txt   948.73KB   51 downloads

  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Please do the following to fix some corrupt files.
 
Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
  • Download this file named, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  • Save any open documents and close all open windows.
  • On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  • Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  • SFCFix will now process the script.
  • Upon completion, a file should be created on your Desktop: SFCFix.txt.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

 

Step#2 - Verify Corruption Fixed
1. Right-click on the Start w8start.png button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
sfc /scannow

3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.
copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

4. Once this has completed please go to your Desktop and you will find CBS.txt => Please zip/upload CBS.txt to this thread

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

 

 

Items for your next post

1. SFCFix.txt

2. CBS.txt


  • 0

#13
Pogs Logs

Pogs Logs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-07-10 10:05:32.761
Microsoft Windows 8.1 Update 3 - amd64
Using .zip script file at C:\Users\Peter\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.3.9600.17415_none_8e3a46aaaad1b4ee\wmpeffects.dll
Successfully took permissions for file or folder C:\WINDOWS\winsxs\wow64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_6.3.9600.17415_none_aefba13ec5ffa064\twinapi.appcore.dll
Successfully took permissions for file or folder C:\WINDOWS\winsxs\wow64_microsoft-windows-mfcore_31bf3856ad364e35_6.3.9600.17415_none_ec384b6e5f4fcd69\mfcore.dll
Successfully took permissions for file or folder C:\WINDOWS\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.3.9600.17415_none_06c968585737ee8c\wmp.dll
Successfully took permissions for file or folder C:\WINDOWS\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB

Successfully copied file C:\Users\Peter\AppData\Local\niemiro\Archive\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.3.9600.17415_none_8e3a46aaaad1b4ee\wmpeffects.dll to C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.3.9600.17415_none_8e3a46aaaad1b4ee\wmpeffects.dll.
The file \\?\C:\WINDOWS\winsxs\wow64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_6.3.9600.17415_none_aefba13ec5ffa064\twinapi.appcore.dll is in use and must be replaced over a reboot.
Successfully copied file C:\Users\Peter\AppData\Local\niemiro\Archive\winsxs\wow64_microsoft-windows-mfcore_31bf3856ad364e35_6.3.9600.17415_none_ec384b6e5f4fcd69\mfcore.dll to C:\WINDOWS\winsxs\wow64_microsoft-windows-mfcore_31bf3856ad364e35_6.3.9600.17415_none_ec384b6e5f4fcd69\mfcore.dll.
Successfully copied file C:\Users\Peter\AppData\Local\niemiro\Archive\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.3.9600.17415_none_06c968585737ee8c\wmp.dll to C:\WINDOWS\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.3.9600.17415_none_06c968585737ee8c\wmp.dll.
Successfully copied file C:\Users\Peter\AppData\Local\niemiro\Archive\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB to C:\WINDOWS\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB.

Successfully pended file for replace over reboot: \\?\C:\WINDOWS\winsxs\wow64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_6.3.9600.17415_none_aefba13ec5ffa064\twinapi.appcore.dll

Successfully restored ownership for C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.3.9600.17415_none_8e3a46aaaad1b4ee\wmpeffects.dll
Successfully restored permissions on C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.3.9600.17415_none_8e3a46aaaad1b4ee\wmpeffects.dll
Successfully restored ownership for C:\WINDOWS\winsxs\wow64_microsoft-windows-mfcore_31bf3856ad364e35_6.3.9600.17415_none_ec384b6e5f4fcd69\mfcore.dll
Successfully restored permissions on C:\WINDOWS\winsxs\wow64_microsoft-windows-mfcore_31bf3856ad364e35_6.3.9600.17415_none_ec384b6e5f4fcd69\mfcore.dll
Successfully restored ownership for C:\WINDOWS\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.3.9600.17415_none_06c968585737ee8c\wmp.dll
Successfully restored permissions on C:\WINDOWS\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.3.9600.17415_none_06c968585737ee8c\wmp.dll
Successfully restored ownership for C:\WINDOWS\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB
Successfully restored permissions on C:\WINDOWS\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB
PowerCopy:: directive completed successfully.




Reboot:: directive completed successfully.




PostRebootCorruptionDetection::
No hash verification failures detected.
PostRebootCorruptionDetection:: directive completed successfully.




PostRebootRestorePermissions::
Successfully restored ownership for C:\WINDOWS\winsxs\wow64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_6.3.9600.17415_none_aefba13ec5ffa064\twinapi.appcore.dll
Successfully restored permissions on C:\WINDOWS\winsxs\wow64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_6.3.9600.17415_none_aefba13ec5ffa064\twinapi.appcore.dll
PostRebootRestorePermissions:: directive completed successfully.




Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 5 datablocks.
Finish time: 2015-07-10 10:08:28.827
----------------------EOF-----------------------

 

 

Attached File  cbs.txt   2MB   93 downloads


  • 0

#14
Pogs Logs

Pogs Logs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks again Brian..

So far things are looking good..

Windows Media Player is working and the pop up hasn't appeared again..

I think you may have fixed it.. Yippee..! :-)

I'll wait for your assessment before I throw a party though..! ha ha..


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Agreed. Logs look good. If you are satisfied, let's get you cleaned up.

 

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
 
2. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 

3. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 


  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
UpdatesV7.4.11.JPG
 

 

For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP