Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Having virus issue but scanner finds nothing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Having virus issue but scanner finds nothing

Unread postby PJWales » May 7th, 2015, 8:45 am

Hi,

I am having an issue that might be more deep rooted than it seems. Randomly I get AVG telling me it detected a virus and I ask it to protect me all is good but it always the same one and now it found another and did the same.

I am also having java issue, I've uninstalled and re-installed java from java.com and it says successfully installed but not showing up in Chrome Plugins area and java detect java shows as plugins not available yet java console is saying everything is fine. Doing a full virus scans and emsisoft anti-malware scan reveals nothing so I am guessing this is something more deep rooted and I am usually very careful on what I click and downloads.

below is the copy of the logs as requested:-

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Peter (administrator) on PJ-LAPTOP on 07-05-2015 13:29:17
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available profiles: Peter & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Users\Peter\AppData\Local\Viber\Viber.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-01-25] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-06] ()
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4886608 2015-03-23] (Emsisoft GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1681952 2014-03-24] (SPAMfighter ApS)
HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1051168 2014-04-30] (SPAMfighter ApS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [Viber] => C:\Users\Peter\AppData\Local\Viber\Viber.exe [930816 2014-06-19] ()
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-04-27] (Glarysoft Ltd)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [GoogleChromeAutoLaunch_14883A56D9D426BB697F73C8366CAF1F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-28] (Google Inc.)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-04-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
BootExecute: autocheck autochk * BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
HKU\S-1-5-21-104905620-282271343-3815656909-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={630F46DE-5FDD-4820-9D24-42D95FF03ACD}&mid=0952648cb80347d29dcd557dd19488bf-5c0426ba4aa4e8d20704eed334d5414b9f965823&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-06 06:58:29&v=18.3.0.885&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-104905620-282271343-3815656909-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
SearchScopes: HKLM -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-104905620-282271343-3815656909-1002 -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-104905620-282271343-3815656909-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-104905620-282271343-3815656909-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={630F46DE-5FDD-4820-9D24-42D95FF03ACD}&mid=0952648cb80347d29dcd557dd19488bf-5c0426ba4aa4e8d20704eed334d5414b9f965823&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-06 06:58:29&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-104905620-282271343-3815656909-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-104905620-282271343-3815656909-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-01] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-01] (Oracle Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-06] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-104905620-282271343-3815656909-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014-03-06]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.gmail.com/
CHR StartupUrls: Default -> "hxxp://www.gmail.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-06]
CHR Extension: (Click Trap Remover, Shortlinker and POD post) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpgpnhpamnbamgbpdhegjehippjdgd [2014-01-25]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-25]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-25]
CHR Extension: (WGT Golf Challenge) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2014-01-25]
CHR Extension: (Context Menu URL Shortener) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecehogjcciopmihcocdchiaciibinajf [2014-12-19]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2014-01-25]
CHR Extension: (Image collector extension) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhffefhdkeibnkdldinbncimlojchnie [2014-01-25]
CHR Extension: (KabaListics - DoA Power Tools Plus III) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfkefhipiannebmklaoedmlbkpgfkhc [2014-06-22]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-01-25]
CHR Extension: (Bookmark Manager) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-01-25]
CHR Extension: (WGT Baseball: MLB) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpbjopfokekaencoephlgdbnljhcflhm [2014-01-25]
CHR Extension: (Bitly
Unleash the power of the link) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2014-01-25]
CHR Extension: (Autodesk Homestyler) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-06-17]
CHR Extension: (Spockholm Mafia Toolbar) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmnlgpakocffbjcgfibfdmgmfhjgepni [2014-01-25]
CHR Extension: (Hangouts) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-11-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Mafia Wars Addon) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe [2014-01-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Bookmark Checker) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec [2015-03-31]
CHR Extension: (3D Solar System Web) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2014-01-25]
CHR Extension: (Hangouts) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-01-26]
CHR Extension: (AVG Secure Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-25]
CHR Extension: (Abstract-Blue) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2014-11-08]
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-16]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-16]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-16]
CHR Extension: (Context Menu URL Shortener) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecehogjcciopmihcocdchiaciibinajf [2014-10-17]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2014-06-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-16]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-16]
CHR HKU\S-1-5-21-104905620-282271343-3815656909-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Peter\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-04]
CHR HKU\S-1-5-21-104905620-282271343-3815656909-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1032680 2014-10-03] (Camshare Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2014-04-30] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2014-03-14] (SPAMfighter ApS)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-06] (AVG Secure Search)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-04-07] (AVG Technologies CZ, s.r.o.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-01] (Glarysoft Ltd)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-23] (Emsisoft GmbH)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-04-29] (Glarysoft Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 13:29 - 2015-05-07 13:30 - 00032420 _____ () C:\Users\Peter\Desktop\FRST.txt
2015-05-07 13:28 - 2015-05-07 13:28 - 00000000 ____D () C:\Users\Peter\Desktop\FRST-OlderVersion
2015-05-06 17:39 - 2015-05-07 03:06 - 00000000 ____D () C:\Users\Peter\AppData\Local\FirestormOS_x64
2015-05-06 17:35 - 2015-05-06 17:35 - 00000995 _____ () C:\Users\Public\Desktop\Firestorm-Betax64.lnk
2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2015-05-06 17:34 - 2015-05-06 17:35 - 00000000 ____D () C:\Program Files\Firestorm-Betax64
2015-05-06 17:26 - 2015-05-06 17:27 - 72046336 _____ (Phoenix Firestorm Project Inc) C:\Users\Peter\Downloads\Phoenix-FirestormOS-Betax64-4-7-1-45325_Setup.exe
2015-05-06 17:11 - 2015-05-06 17:15 - 00000000 ____D () C:\SL backups
2015-05-06 02:19 - 2015-05-06 02:19 - 00000000 ____D () C:\Users\Peter\AppData\Local\Deluxe_Digital_Studios
2015-05-06 01:58 - 2015-05-06 01:58 - 00000000 __SHD () C:\Users\Peter\AppData\Local\EmieBrowserModeList
2015-05-06 01:56 - 2015-05-06 01:56 - 00000000 ____D () C:\Users\Peter\Downloads\downloadManager
2015-05-06 01:56 - 2015-05-06 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Copy
2015-05-06 01:56 - 2015-05-06 01:56 - 00000000 ____D () C:\Program Files\Digital Copy
2015-05-06 01:55 - 2015-05-06 01:55 - 17375144 _____ () C:\Users\Peter\Downloads\MissionImpossible_GhostProtocol_UK_Installer.exe
2015-05-03 10:35 - 2015-05-03 10:35 - 00000404 _____ () C:\WINDOWS\PFRO.log
2015-05-02 00:29 - 2015-05-01 23:32 - 00079215 _____ () C:\Users\Peter\Documents\PJ new home in planning.skb
2015-05-01 23:35 - 2015-05-01 23:35 - 00601200 _____ () C:\Users\Peter\Downloads\stairs_left.skp
2015-05-01 23:32 - 2015-05-02 00:29 - 00684852 _____ () C:\Users\Peter\Documents\PJ new home in planning.skp
2015-05-01 16:46 - 2015-05-01 16:46 - 00000000 _____ () C:\WINDOWS\SysWOW64\REN5765.tmp
2015-05-01 16:45 - 2015-05-01 16:45 - 00000000 _____ () C:\WINDOWS\SysWOW64\REN2DF9.tmp
2015-05-01 16:44 - 2015-05-01 16:44 - 37321640 _____ (Oracle Corporation) C:\Users\Peter\Downloads\jre-8u45-windows-i586.exe
2015-05-01 16:42 - 2015-05-01 16:41 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Program Files\Java
2015-05-01 16:40 - 2015-05-01 16:40 - 43159464 _____ (Oracle Corporation) C:\Users\Peter\Downloads\jre-8u45-windows-x64.exe
2015-05-01 16:28 - 2015-05-07 12:58 - 01238425 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-01 16:25 - 2015-05-07 12:41 - 00000732 _____ () C:\WINDOWS\setupact.log
2015-05-01 16:25 - 2015-05-01 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-01 16:13 - 2015-05-01 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-01 16:12 - 2015-05-01 16:45 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-01 16:12 - 2015-05-01 16:12 - 00561576 _____ (Oracle Corporation) C:\Users\Peter\Downloads\chromeinstall-8u45 (1).exe
2015-05-01 15:44 - 2015-05-01 15:44 - 00000000 _____ () C:\WINDOWS\system32\REN1E57.tmp
2015-05-01 15:40 - 2015-05-01 15:40 - 00561576 _____ (Oracle Corporation) C:\Users\Peter\Downloads\chromeinstall-8u45.exe
2015-05-01 15:31 - 2015-05-01 15:31 - 40084390 _____ () C:\Users\Peter\Downloads\look-at-her-big-cock-on-webcam.flv
2015-04-29 11:27 - 2015-04-29 11:28 - 15058264 _____ () C:\Users\Peter\Downloads\Glary_Utilities_v5.24.0.43.exe
2015-04-26 08:47 - 2015-04-26 08:47 - 02338824 _____ () C:\Users\Peter\Downloads\hppiw.exe
2015-04-23 17:10 - 2015-04-23 17:10 - 06484352 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup505.exe
2015-04-18 01:49 - 2015-04-18 01:49 - 00062691 _____ () C:\Users\Peter\Documents\Pj SL New House Designs.skp
2015-04-15 18:09 - 2015-04-15 18:13 - 00015933 _____ () C:\Users\Peter\Documents\PJ Trains Station Mats Details.xlsx
2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2015-04-15 10:55 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 10:55 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 10:55 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 10:55 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 10:55 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 10:55 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 10:55 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 10:55 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 10:55 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 10:55 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 10:55 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 10:55 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 10:55 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 10:55 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 10:55 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 10:54 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 10:54 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 10:54 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 10:54 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 10:54 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 10:54 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 10:54 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 10:54 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 10:54 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 10:54 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 10:54 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 10:54 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 10:54 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 10:54 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 10:54 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 10:54 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 10:54 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 10:54 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 10:54 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 10:54 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 10:54 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 10:54 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 10:54 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 10:54 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 10:54 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 10:54 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 10:54 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 10:54 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 10:54 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 10:54 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 10:54 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 10:54 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 10:54 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 10:54 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 10:54 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 10:54 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 10:54 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 10:54 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 10:54 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 10:54 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 10:54 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 10:54 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 10:54 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 10:54 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 10:54 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 10:54 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 10:54 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 10:54 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 10:54 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 10:53 - 2015-04-14 10:53 - 15058624 _____ () C:\Users\Peter\Downloads\Glary_Utilities_v5.23.0.42.exe
2015-04-14 01:10 - 2015-04-14 01:28 - 168367793 _____ () C:\Users\Peter\Downloads\Geile Party.flv
2015-04-13 00:23 - 2015-04-13 00:32 - 82613374 _____ () C:\Users\Peter\Downloads\Big Boobs Sperm Fucking.flv
2015-04-12 00:51 - 2015-04-12 19:16 - 00004713 _____ () C:\Users\Peter\Desktop\PF Friends to be removed.txt
2015-04-09 18:42 - 2015-04-09 18:52 - 92383495 _____ () C:\Users\Peter\Downloads\Suzanna Queen of the Jungle.flv
2015-04-09 14:11 - 2015-04-09 14:11 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2015-04-08 01:38 - 2015-04-08 01:46 - 68042592 _____ () C:\Users\Peter\Downloads\Hot Euro Granny Bangs Young Man.flv
2015-04-07 12:39 - 2015-04-07 12:39 - 00293856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys
2015-04-07 00:27 - 2015-04-07 00:35 - 72684957 _____ () C:\Users\Peter\Downloads\Ladyboy Cumshot Compilation.flv
2015-04-07 00:23 - 2015-04-07 00:24 - 10981056 _____ () C:\Users\Peter\Downloads\Ladyboy Crush.flv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 13:30 - 2014-01-25 19:52 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-07 13:29 - 2015-02-04 22:21 - 00000000 ____D () C:\FRST
2015-05-07 13:28 - 2015-02-04 22:18 - 02102272 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2015-05-07 13:19 - 2014-06-16 11:22 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-05-07 13:07 - 2014-07-16 20:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-07 13:06 - 2014-03-30 13:58 - 00004976 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PJ-LAPTOP-Peter PJ-Laptop
2015-05-07 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-07 12:47 - 2014-01-25 17:42 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-104905620-282271343-3815656909-1002
2015-05-07 12:45 - 2014-07-15 11:30 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\ViberPC
2015-05-07 12:45 - 2014-01-25 21:25 - 00000000 ___DO () C:\Users\Peter\SkyDrive
2015-05-07 12:44 - 2013-10-19 16:34 - 00000000 ____D () C:\Users\Peter\Documents\Outlook Files
2015-05-07 12:43 - 2014-08-04 12:33 - 00000000 ___RD () C:\Users\Peter\Google Drive
2015-05-07 12:43 - 2014-07-17 15:27 - 00000352 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-05-07 12:43 - 2014-07-17 15:25 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-05-07 12:43 - 2014-07-15 11:29 - 00000000 ____D () C:\Users\Peter\AppData\Local\Viber
2015-05-07 12:42 - 2014-01-25 21:04 - 00000000 ____D () C:\Users\Peter
2015-05-07 12:42 - 2014-01-25 19:52 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-07 12:41 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-07 12:31 - 2014-08-04 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-07 12:21 - 2014-04-07 21:09 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1173210B-1728-4781-BE47-6661733E95B5}
2015-05-07 12:17 - 2014-01-25 21:39 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-07 03:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-06 17:34 - 2014-06-21 19:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-06 00:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-05 09:48 - 2013-11-14 13:45 - 00960300 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-04 17:19 - 2014-06-08 22:37 - 00003166 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForPeter
2015-05-04 17:19 - 2014-06-08 22:37 - 00000352 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForPeter.job
2015-05-04 14:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-03 17:52 - 2014-01-25 21:41 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-02 11:52 - 2014-03-28 21:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-01 18:12 - 2014-06-27 18:29 - 00004130 _____ () C:\Users\Peter\Desktop\tp loc.txt.txt
2015-05-01 16:46 - 2014-06-08 10:09 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-01 16:10 - 2015-03-07 00:57 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Skype
2015-05-01 11:44 - 2014-07-17 15:26 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\DiskDefrag
2015-04-29 11:36 - 2014-07-17 15:27 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2015-04-29 11:36 - 2014-07-17 15:27 - 00002974 _____ () C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-04-29 11:36 - 2014-07-17 15:27 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-04-29 11:36 - 2014-07-17 15:27 - 00001052 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-04-26 08:53 - 2012-08-16 21:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-25 19:47 - 2014-01-25 21:41 - 00000000 ____D () C:\ProgramData\AVG2014
2015-04-25 19:47 - 2014-01-25 21:41 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-25 19:46 - 2014-10-25 12:05 - 00000941 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-25 19:46 - 2014-03-31 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-25 19:46 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-23 17:11 - 2014-01-26 13:42 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-23 17:11 - 2014-01-26 13:42 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-17 19:03 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 12:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 12:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 00:56 - 2014-12-11 01:57 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-16 00:56 - 2014-07-14 04:59 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-16 00:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-04-16 00:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-04-15 11:22 - 2014-01-25 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 11:08 - 2014-01-25 18:26 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 10:53 - 2014-11-12 13:37 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 19:30 - 2014-07-16 20:26 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 00:24 - 2014-08-15 11:43 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 00:24 - 2014-08-15 11:43 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 22:37 - 2015-03-07 00:56 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-07-09 00:30 - 2015-03-04 02:39 - 0010240 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-07 00:55 - 2014-09-07 00:55 - 0000000 _____ () C:\Users\Peter\AppData\Local\TempSimLab_2014-09-07-00-55-09.skb
2014-09-07 00:55 - 2014-09-07 00:55 - 0682038 _____ () C:\Users\Peter\AppData\Local\TempSimLab_2014-09-07-00-55-09.skp
2014-04-07 20:43 - 2014-11-03 15:22 - 0001345 _____ () C:\ProgramData\hpzinstall.log
2014-08-18 12:19 - 2014-08-18 12:19 - 0000032 _____ () C:\ProgramData\Temp.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 14:26

==================== End Of Log ============================

Additions.txt:- Available on request due to the log exceeding max length of characters, error message it gave me - Your message contains 111134 characters. The maximum number of allowed characters is 100000.

Thanks PJ.
PJWales
Active Member
 
Posts: 12
Joined: May 7th, 2015, 8:10 am
Advertisement
Register to Remove

Re: Having virus issue but scanner finds nothing

Unread postby askey127 » May 8th, 2015, 4:34 pm

Hi PJ,
Please post the contents of addition.txt and we can get started.
You can post it in two pieces if necessary.
Thanks.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having virus issue but scanner finds nothing

Unread postby PJWales » May 8th, 2015, 8:23 pm

Addition.txt file as requested, reason for not posting over 2 post is your policy of zero replies.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Peter at 2015-05-07 13:32:06
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-104905620-282271343-3815656909-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-104905620-282271343-3815656909-501 - Limited - Disabled)
Peter (S-1-5-21-104905620-282271343-3815656909-1002 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.3.0.885 - AVG Technologies)
Awesome Duplicate Photo Finder v. 1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Bulkr (HKLM-x32\...\com.prakaz.project.photogettr) (Version: 1.7 - Prakash Bajracharya)
Bulkr (x32 Version: 1.7 - Prakash Bajracharya) Hidden
C4500 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Camfrog Video Chat 6.10 (HKLM-x32\...\Camfrog) (Version: 6.10.454 - Camshare, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.27) (Version: 1.1.0.27 - DAZ 3D)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Digital Copy (HKLM-x32\...\Digital Copy) (Version: - )
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Firestorm SecondLife and OpenSim viewer (Version: 4.7.45325 - Phoenix Viewer Project) Hidden
Firestorm-Betax64 x64 (HKLM-x32\...\{97166652-349c-48f1-a024-fa8539c5cb47}) (Version: 4.7.45325 - Phoenix Firestorm Project Inc)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities 5.24 (HKLM-x32\...\Glary Utilities 5) (Version: 5.24.0.43 - Glarysoft Ltd)
GOM Audio (HKLM-x32\...\GomAudio) (Version: 2.0.7.0873 - Gretech Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4500 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{0EC01D72-4906-42DD-BCC0-AF89EDA7493D}) (Version: 14.0 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Marvelous Designer 3 Personal (HKLM-x32\...\Marvelous Designer 3 Personal) (Version: - CLO Virtual Fashion Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MyFreeCodec (HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\MyFreeCodec) (Version: - )
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Outlook Attachment Remover 2.0 (HKLM-x32\...\Outlook Attachment Remover_is1) (Version: - Kopf)
PS_AIO_04_C4500_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SPAMfighter (HKLM-x32\...\SPAMfighter) (Version: 7.6.104 - Spamfighter ApS)
SPAMfighter (x32 Version: 7.6.104 - Spamfighter ApS) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Viber (HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XnConvert 1.55 (HKLM\...\XnConvert_is1) (Version: 1.55 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-104905620-282271343-3815656909-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-104905620-282271343-3815656909-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

25-04-2015 19:44:08 Installed AVG 2015
01-05-2015 15:56:27 Removed Java 8 Update 45
06-05-2015 17:22:32 Firestorm-Releasex64 x64

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12903C82-AF7C-494C-98EA-09E9CAA08346} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {1E6A42B5-E192-4598-87B9-E1EEE87F84FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {298E96FB-5C78-4212-9744-15E881880A70} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {353BAA81-F8F3-4345-A346-5F8980A09A60} - System32\Tasks\HPCeeScheduleForPeter => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {45736BB4-C574-4B2E-83F4-C766370A542B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {49913FA7-ACEE-46FD-A700-B9F131BFEB7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4B5A8737-3B50-43E3-AD7A-BCDBFFB697A4} - System32\Tasks\{9E20D040-CF31-4B25-96F2-ED0995BFA47C} => pcalua.exe -a C:\Users\Peter\Downloads\Installer.exe -d C:\Users\Peter\Downloads
Task: {59AF5524-22CE-48DB-B521-63C76258F302} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {61D99953-62DA-4F7F-98B3-5DB079E9BBE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {637D652F-1B82-4A7E-9A6E-3116B2420520} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PJ-LAPTOP-Peter PJ-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {7839B79C-4493-4EEF-B0FD-941448FE9ABC} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-104905620-282271343-3815656909-1002
Task: {7A4D8866-4C73-4483-AF1C-54448DC604B3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {7CC8FD69-E793-4A24-99D7-5DFAC15B30EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {81D4E4FE-AD7C-49B2-82EF-071263EEBAB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {82F326FC-EA07-49A1-9854-B3DE6C6208B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {95F43B0E-1813-4E60-A78A-DF6CFC27FA4C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-104905620-282271343-3815656909-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {967C44E8-D053-4645-9B4D-B8A82F8BB004} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {9ACA3D5C-CF2E-4001-995B-CC73935789A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {A0418612-FDB7-43F5-965F-DA6FBF54B5DD} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-04-27] (Glarysoft Ltd)
Task: {A3DD24A0-7EB3-4C1A-8615-C4B672E946DD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {B12C21E2-C758-435D-9CE0-BB8EBED84118} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-04-27] (Glarysoft Ltd)
Task: {C798E737-BF2D-4873-9D03-E5F042E7D1EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D1D2FDBC-8CA7-4A36-9FB9-C4B9971BC8DB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {D3057507-7516-428F-9620-9200522A1D77} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {D8BEB02C-4A61-4009-A594-3AE1EBE8B3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {D98C5E3B-8ADD-4EE3-9270-6B9953B0DB82} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-25] (Synaptics Incorporated)
Task: {E3E85532-7886-42E6-AF56-1712615EDB4D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {F2377E23-E304-406B-882F-16483B775D77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPeter.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-28 21:53 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-06 01:46 - 2015-03-06 01:45 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2015-03-17 18:14 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-15 11:30 - 2014-06-19 10:13 - 00930816 _____ () C:\Users\Peter\AppData\Local\Viber\Viber.exe
2014-03-06 07:58 - 2015-03-06 01:45 - 02503704 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2012-08-08 10:36 - 2012-08-08 10:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-03-06 01:46 - 2015-03-06 01:45 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2015-04-27 08:06 - 2015-04-27 08:06 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 49471488 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\libViber.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00770048 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\libGLESv2.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00106496 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\qfacebook.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00172032 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\exif.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00049152 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\libEGL.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00876544 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\platforms\qwindows.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00024576 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\imageformats\qgif.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00024576 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\imageformats\qico.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00204800 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\imageformats\qjpeg.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00221184 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\imageformats\qmng.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00016384 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\imageformats\qsvg.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00016384 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\imageformats\qtga.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00311296 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\imageformats\qtiff.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00016384 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\imageformats\qwbmp.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00638976 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\sqldrivers\qsqlite.dll
2015-03-09 12:08 - 2015-03-09 12:08 - 00032768 _____ () C:\Users\Peter\AppData\Local\Viber\5.0.1.42\iconengines\qsvgicon.dll
2014-03-06 07:58 - 2014-03-28 20:37 - 01603608 ____N () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2015-05-07 12:43 - 2015-05-07 12:43 - 00098816 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32api.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00110080 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\pywintypes27.dll
2015-05-07 12:43 - 2015-05-07 12:43 - 00364544 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\pythoncom27.dll
2015-05-07 12:43 - 2015-05-07 12:43 - 00045568 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\_socket.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 01161216 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\_ssl.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00320512 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32com.shell.shell.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00713216 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\_hashlib.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 01175040 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\wx._core_.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00805888 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\wx._gdi_.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00811008 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\wx._windows_.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 01062400 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\wx._controls_.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00735232 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\wx._misc_.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00682496 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\pysqlite2._sqlite.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00128512 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\_elementtree.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00127488 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\pyexpat.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00087552 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\_ctypes.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00119808 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32file.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00108544 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32security.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00007168 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\hashobjs_ext.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00017408 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\usb_ext.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00167936 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32gui.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00018432 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32event.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00013824 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\common.time34.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00036864 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\_psutil_windows.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00038912 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32inet.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00011264 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32crypt.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00070656 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\wx._html2.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00027136 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\_multiprocessing.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00020480 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\_yappi.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00035840 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32process.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00686080 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\unicodedata.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00122368 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\wx._wizard.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00024064 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32pipe.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00010240 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\select.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00025600 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32pdh.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00525640 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\windows._lib_cacheinvalidation.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00017408 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32profile.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00022528 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\win32ts.pyd
2015-05-07 12:43 - 2015-05-07 12:43 - 00078336 _____ () C:\Users\Peter\AppData\Local\Temp\_MEI57002\wx._animate.pyd
2015-04-30 21:36 - 2015-04-28 03:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 21:36 - 2015-04-28 03:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2014-04-30 00:38 - 2014-04-30 00:38 - 00541216 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll
2014-04-30 00:38 - 2014-04-30 00:38 - 00966688 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll
2014-11-21 01:15 - 2014-11-21 01:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-01 03:54 - 2009-07-14 17:25 - 00888832 _____ () C:\Program Files (x86)\Outlook Attachment Remover\OutlookAttRemover.dll
2015-05-02 11:50 - 2015-03-04 07:26 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2014-11-21 01:15 - 2014-11-21 01:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Peter\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Peter\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-104905620-282271343-3815656909-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 194.168.4.100 - 194.168.8.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7D1F785C-841B-4D4D-9772-D4B49AF18B24}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DAF3EAEB-A71D-47FB-96FA-A97806AAE218}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BAA8AEF6-9B23-4E11-ABF5-753DA6CF95FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C697B9B-DF2C-4C33-805B-5D8967B8F6FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6B7B6CC-5CD0-49F6-87C1-320019592224}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{47F6250D-86EE-45DA-A59A-E3EB741A4F59}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9130B970-BF94-4675-A112-D3329D6C0A8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{F254E732-F76F-4E54-90D8-08735D02D079}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{87E4C131-7FD7-4373-AB5A-33061936F38C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{1714169D-5DA9-4B89-A8D1-0AD8D0983124}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{D804A215-F919-4472-B714-0BC2D4F243EA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{92EDFFB6-4A29-43D2-B855-CE2D131FA0B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4E4E20A9-362C-4192-B245-7E299A3F654C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{BE0AC124-265D-4441-ADE1-1185543341FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{14D02F5C-9F8D-49F5-9B46-78D738D87F97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BF5AFAF8-E934-4707-9C28-5B11C56518AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{F000AF63-89E1-4216-9EC1-9A735AD13289}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C074EEA3-05E5-4494-B606-62E9B76F05E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{604C04BC-AEEA-4E7F-B6EC-DE02D0709CCF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{BD01AB92-7880-4941-B4AC-3BAB7DC8973B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{FE03B0F3-35ED-476B-9C93-3255F703D9FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B2957AD7-39CB-41EF-8718-C2D17767F0A2}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{BE66489D-93AF-4FAD-9A93-DDC49D08848F}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A4F84890-8D83-493F-B690-4D0C0FFC700F}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{671CC8AD-D68B-4849-8D75-754B1FC75EC7}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{10C91756-0642-46A5-82FF-E038B4F01DE9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{543485F5-F147-4CC2-A5D5-FC3FEBCD7902}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{2D825D4F-4DFF-47DC-9EE9-0A09FAA52972}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{88C27DF6-A570-403D-BB0B-FD50A6B4A19C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E63B0977-21FA-4578-8B18-5C3319A396D6}] => (Allow) LPort=2869
FirewallRules: [{22582E7D-B836-4EDE-9FDD-A6AAC8F9432B}] => (Allow) LPort=1900
FirewallRules: [{0EB1F409-C76E-41F8-84F3-169A9F9489B3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{62A140E3-9DAC-4334-90AC-FB49460970F9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{ADD0765B-A077-4CF0-832B-3AB23A0A0565}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CA42DE61-010B-4840-8454-6A282F8C9C2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D4FAE296-5E61-46E6-9DB3-B7E2625D1B07}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4FDA156A-F07E-4499-9D1A-86D8F071435D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{51EFEB69-EB17-400D-8308-535850C685D3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8FCF0982-A9A4-474C-A4C8-57C1AFBE90F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{DBC9933E-4CF3-41CB-A4E5-649FD84E5031}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{76E83AFA-7995-45A9-94DB-818F4A90047E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FD6C6CE5-3AFF-4953-AB3B-0AEDA441C934}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D7EEE314-01DD-4DB9-80C3-548A400C6B26}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{ED0E47FF-394D-4C5F-A7DB-0D663103A22A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B25FC2BE-461A-427B-94F5-3FF712E3F766}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{41377B31-A238-4350-B540-BD41BB077C3F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{5F18D3FE-C8B8-4048-8971-78384764641D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2015 00:18:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 114c

Start Time: 01d088b6c8b8f883

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: bd53c247-f4aa-11e4-809e-84349770614c

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 02:14:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GOM.EXE version 2.2.69.5227 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a6c

Start Time: 01d08799ad1325fc

Termination Time: 24

Application Path: C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE

Report Id: 4932f7c8-f38d-11e4-809c-84349770614c

Faulting package full name:

Faulting package-relative application ID:

Error: (05/02/2015 11:51:50 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: PJ-LAPTOP)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (05/02/2015 11:39:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1258

Start Time: 01d084c3839e1521

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 79d446ed-f0b7-11e4-8098-84349770614c

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/01/2015 11:50:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b8

Start Time: 01d083fbed981271

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e5182527-efef-11e4-8096-84349770614c

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/29/2015 11:28:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b0

Start Time: 01d0826684aedb21

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 797bb1d1-ee5a-11e4-8094-84349770614c

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/25/2015 07:47:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: PJ-LAPTOP)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1706. SA_Error1706: StandardAction(0xC00706AA): An installation package for the product AVG 2014 cannot be found. Try the installation again using a valid copy of the installation package 'Avgx64.msi'.

Error: (04/23/2015 05:02:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b0

Start Time: 01d07dde34eee937

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 2ad085cb-e9d2-11e4-808a-84349770614c

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/22/2015 02:15:49 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (04/22/2015 11:02:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1388

Start Time: 01d07ce2ba9b82e1

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: afb0e506-e8d6-11e4-8088-84349770614c

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (05/07/2015 00:41:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (05/07/2015 00:41:39 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (05/07/2015 00:41:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:11:56 on ‎07/‎05/‎2015 was unexpected.

Error: (05/07/2015 00:15:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053

Error: (05/07/2015 00:15:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

Error: (05/07/2015 00:12:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (05/07/2015 00:12:01 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (05/07/2015 03:07:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (05/06/2015 11:10:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (05/06/2015 11:10:46 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)


Microsoft Office Sessions:
=========================
Error: (05/07/2015 00:18:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689114c01d088b6c8b8f8834294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exebd53c247-f4aa-11e4-809e-84349770614cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 02:14:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: GOM.EXE2.2.69.52271a6c01d08799ad1325fc24C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE4932f7c8-f38d-11e4-809c-84349770614c

Error: (05/02/2015 11:51:50 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: PJ-LAPTOP)
Description: 1C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exeMicrosoft Office Document Cache Sync Client Interface021172056243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000

Error: (05/02/2015 11:39:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689125801d084c3839e15214294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe79d446ed-f0b7-11e4-8098-84349770614cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/01/2015 11:50:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068913b801d083fbed9812714294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exee5182527-efef-11e4-8096-84349770614cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/29/2015 11:28:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068913b001d0826684aedb214294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe797bb1d1-ee5a-11e4-8094-84349770614cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/25/2015 07:47:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: PJ-LAPTOP)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1706. SA_Error1706: StandardAction(0xC00706AA): An installation package for the product AVG 2014 cannot be found. Try the installation again using a valid copy of the installation package 'Avgx64.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/23/2015 05:02:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068913b001d07dde34eee9374294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe2ad085cb-e9d2-11e4-808a-84349770614cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/22/2015 02:15:49 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (04/22/2015 11:02:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689138801d07ce2ba9b82e14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeafb0e506-e8d6-11e4-8088-84349770614cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity Errors:
===================================
Date: 2015-05-06 02:16:10.200
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-06 01:58:24.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-09 14:35:10.243
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

Date: 2015-04-09 14:35:08.754
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

Date: 2015-04-08 22:27:50.886
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

Date: 2015-04-08 22:27:41.675
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

Date: 2015-04-07 16:28:40.510
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

Date: 2015-04-07 16:28:38.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

Date: 2015-04-05 12:37:13.586
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

Date: 2015-04-05 12:37:12.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 33%
Total physical RAM: 7650.26 MB
Available physical RAM: 5121.62 MB
Total Pagefile: 8866.26 MB
Available Pagefile: 5283.24 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:910.6 GB) (Free:772.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.8 GB) (Free:2.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E28E0A4)

Partition: GPT Partition Type.

==================== End Of Log ============================
PJWales
Active Member
 
Posts: 12
Joined: May 7th, 2015, 8:10 am

Re: Having virus issue but scanner finds nothing

Unread postby askey127 » May 9th, 2015, 7:28 am

PJ,
It's likely that you are suffering from adware installed by free programs you decided to use.
These nuisances are commonly included without notice, and can disrupt your normal operations.
Glary Utilities performs Registry changes and can be dangerous to use.

Built-in Windows safeguards are having trouble validating a file used by Emsisoft.
We will deal with that later.
You can Uninstall Emsisoft and Install Malwarebytes Anti-Malware if you wish. Just tell me if you do it.
https://www.malwarebytes.org/mwb-download/
------------------------------------------------
Remove Programs Using Control Panel
Point to the upper-right corner of the screen, move the mouse pointer down, and then click Search.
Enter "control panel" in the search box, and then click Control Panel.
Under View by, select Large Icons, and then click Programs and features.
Click each icon Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

AVG SafeGuard toolbar
DAZ Install Manager
Glary Utilities 5.24
Unity Web Player
Yahoo! Software Update
Yahoo! Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

askey127
You do not have the required permissions to view the files attached to this post.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having virus issue but scanner finds nothing

Unread postby PJWales » May 9th, 2015, 8:07 am

Hi Askey,

I have and un-installed all the software asked barring one, I am having some sort of issues. Yahoo! Toolbar when I click on it to uninstall something runs and then nothing more is done, so did a restart in case it is was completed and stuck in as showing the software when it is gone. Only to find Yahoo! Toolbar is still listed so click uninstall again and same thing, somethign runs and then nothing more since.

Go ahead with the FRST Fixlist or wait until we get this Yahoo! Toolbar uninstalled before proceeding with FRST fixlist?

Thanks, PJ
PJWales
Active Member
 
Posts: 12
Joined: May 7th, 2015, 8:10 am

Re: Having virus issue but scanner finds nothing

Unread postby askey127 » May 9th, 2015, 9:13 am

Just go ahead with the Fix.
We will take care of the Yahoo toolbar manually.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having virus issue but scanner finds nothing

Unread postby PJWales » May 9th, 2015, 9:57 am

FRST ran and can I say that during the running of FRST an popup came up about Yahoo! Toolbar saying something about incompatibility and gave me two options, run this in Program Compatibility Mode and This program was removed correctly, I just closed it and continued with FRST.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Peter at 2015-05-09 14:44:53 Run:1
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available profiles: Peter & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-06] ()
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-04-27] (Glarysoft Ltd)
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p= {searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p= {searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-104905620-282271343-3815656909-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-104905620-282271343-3815656909-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p= {searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014-03-06]
FF Plugin HKU\S-1-5-21-104905620-282271343-3815656909-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
CHR HKU\S-1-5-21-104905620-282271343-3815656909-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
C:\Users\Peter\Downloads\downloadManager
EmptyTemp:
Cmd: ipconfig /flushdns



*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-104905620-282271343-3815656909-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GUDelayStartup => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
"HKU\S-1-5-21-104905620-282271343-3815656909-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
"HKU\S-1-5-21-104905620-282271343-3815656909-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => Value not found.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 not found.
HKU\S-1-5-21-104905620-282271343-3815656909-1002\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => Key not found.
C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found.
"HKU\S-1-5-21-104905620-282271343-3815656909-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
C:\Users\Peter\Downloads\downloadManager => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 776.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:47:05 ====
PJWales
Active Member
 
Posts: 12
Joined: May 7th, 2015, 8:10 am

Re: Having virus issue but scanner finds nothing

Unread postby askey127 » May 9th, 2015, 10:27 am

PJ,
That worked fine.
-------------------------------------------------------------
AdwCleaner Download and Run
Download AdwCleaner and save it to your desktop or somewhere you can find it.
Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click the AdwCleaner icon on your desktop.
  • Click on the Scan button, accept any prompts that appear, and allow it to run.
    It may take several minutes to complete.
  • When it is done, click on the Clean button, accept any prompts that appear, and allow the system to Reboot.
  • You will then be presented with the report. Copy & Paste it into a reply here.
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\
    The filename will be adwcleaner[xx].txt, where [xx] will be S1, or S2, etc. whichever filename is newest.
-----------------------------------------------------------
Run a New Scan With the Farbar Scan Tool
  • Double click FRST64.exe on your desktop to launch it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
  • Please post the contents in your next reply.
(No need for a new copy of Addition.txt)

So we are looking for the log from AdwCleaner, and the fresh version of FRST.txt
Separate replies are fine, if more convenient.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having virus issue but scanner finds nothing

Unread postby PJWales » May 9th, 2015, 11:02 am

Hi Askey,

adwcleaner [s0].txt

# AdwCleaner v4.203 - Logfile created 09/05/2015 at 15:40:04
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Peter - PJ-LAPTOP
# Running from : C:\Users\Peter\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Fighters
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Fighters
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
Folder Deleted : C:\Users\Peter\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Peter\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Peter\AppData\LocalLow\Check Point Software Technologies LTD
Folder Deleted : C:\Users\Peter\AppData\Roaming\Fighters
Folder Deleted : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao
Folder Deleted : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CommonToolkitTray]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Fighters
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Fighters
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v42.0.2311.135

[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb
[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ehoopddfhgaehhmphfcooacjdpmbjlao
[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : iabeihobmhlgpkcgjiloemdbofjbdcic
[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

*************************

AdwCleaner[R0].txt - [17080 bytes] - [09/05/2015 15:34:46]
AdwCleaner[S0].txt - [4854 bytes] - [09/05/2015 15:40:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4913 bytes] ##########

FRST.txt:-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Peter (administrator) on PJ-LAPTOP on 09-05-2015 15:59:08
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available profiles: Peter & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgscanx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Users\Peter\AppData\Local\Viber\Viber.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-01-25] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4886608 2015-03-23] (Emsisoft GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [Viber] => C:\Users\Peter\AppData\Local\Viber\Viber.exe [930816 2014-06-19] ()
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [GoogleChromeAutoLaunch_14883A56D9D426BB697F73C8366CAF1F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-28] (Google Inc.)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-104905620-282271343-3815656909-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-04-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
HKU\S-1-5-21-104905620-282271343-3815656909-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={630F46DE-5FDD-4820-9D24-42D95FF03ACD}&mid=0952648cb80347d29dcd557dd19488bf-5c0426ba4aa4e8d20704eed334d5414b9f965823&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-06 06:58:29&v=18.5.0.895&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-104905620-282271343-3815656909-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
SearchScopes: HKLM -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-104905620-282271343-3815656909-1002 -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-104905620-282271343-3815656909-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-01] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-01] (Oracle Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.gmail.com/
CHR StartupUrls: Default -> "hxxp://www.gmail.com/"
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-09]
CHR Extension: (Click Trap Remover, Shortlinker and POD post) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpgpnhpamnbamgbpdhegjehippjdgd [2015-05-09]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-09]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-09]
CHR Extension: (WGT Golf Challenge) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2015-05-09]
CHR Extension: (Context Menu URL Shortener) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecehogjcciopmihcocdchiaciibinajf [2015-05-09]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2015-05-09]
CHR Extension: (Image collector extension) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhffefhdkeibnkdldinbncimlojchnie [2015-05-09]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2015-05-09]
CHR Extension: (Bookmark Manager) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-05-09]
CHR Extension: (WGT Baseball: MLB) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpbjopfokekaencoephlgdbnljhcflhm [2015-05-09]
CHR Extension: (Bitly
Unleash the power of the link) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2015-05-09]
CHR Extension: (Autodesk Homestyler) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2015-05-09]
CHR Extension: (Spockholm Mafia Toolbar) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmnlgpakocffbjcgfibfdmgmfhjgepni [2015-05-09]
CHR Extension: (Hangouts) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-05-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-09]
CHR Extension: (Mafia Wars Addon) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe [2015-05-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-09]
CHR Extension: (Bookmark Checker) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec [2015-05-09]
CHR Extension: (3D Solar System Web) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2015-05-09]
CHR Extension: (Hangouts) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-09]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-09]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]
CHR Extension: (Abstract-Blue) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2014-11-08]
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-16]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-16]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-16]
CHR Extension: (Context Menu URL Shortener) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecehogjcciopmihcocdchiaciibinajf [2014-10-17]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2014-06-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-16]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-16]
CHR HKU\S-1-5-21-104905620-282271343-3815656909-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Peter\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-04]
CHR HKU\S-1-5-21-104905620-282271343-3815656909-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1032680 2014-10-03] (Camshare Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
S2 SPAMfighter Update Service; "C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe" [X]
S2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-23] (Emsisoft GmbH)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 15:34 - 2015-05-09 15:40 - 00000000 ____D () C:\AdwCleaner
2015-05-09 15:33 - 2015-05-09 15:33 - 02204160 _____ () C:\Users\Peter\Downloads\adwcleaner_4.203.exe
2015-05-09 14:44 - 2015-05-09 14:44 - 00000000 ____D () C:\Users\Peter\Desktop\FRST-OlderVersion
2015-05-07 13:32 - 2015-05-07 13:33 - 00057490 _____ () C:\Users\Peter\Desktop\Addition.txt
2015-05-07 13:29 - 2015-05-09 15:59 - 00027427 _____ () C:\Users\Peter\Desktop\FRST.txt
2015-05-06 17:39 - 2015-05-09 00:40 - 00000000 ____D () C:\Users\Peter\AppData\Local\FirestormOS_x64
2015-05-06 17:35 - 2015-05-06 17:35 - 00000995 _____ () C:\Users\Public\Desktop\Firestorm-Betax64.lnk
2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2015-05-06 17:34 - 2015-05-06 17:35 - 00000000 ____D () C:\Program Files\Firestorm-Betax64
2015-05-06 17:26 - 2015-05-06 17:27 - 72046336 _____ (Phoenix Firestorm Project Inc) C:\Users\Peter\Downloads\Phoenix-FirestormOS-Betax64-4-7-1-45325_Setup.exe
2015-05-06 17:11 - 2015-05-06 17:15 - 00000000 ____D () C:\SL backups
2015-05-06 02:19 - 2015-05-06 02:19 - 00000000 ____D () C:\Users\Peter\AppData\Local\Deluxe_Digital_Studios
2015-05-06 01:58 - 2015-05-06 01:58 - 00000000 __SHD () C:\Users\Peter\AppData\Local\EmieBrowserModeList
2015-05-06 01:56 - 2015-05-06 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Copy
2015-05-06 01:56 - 2015-05-06 01:56 - 00000000 ____D () C:\Program Files\Digital Copy
2015-05-06 01:55 - 2015-05-06 01:55 - 17375144 _____ () C:\Users\Peter\Downloads\MissionImpossible_GhostProtocol_UK_Installer.exe
2015-05-03 10:35 - 2015-05-09 14:48 - 00003250 _____ () C:\WINDOWS\PFRO.log
2015-05-02 00:29 - 2015-05-01 23:32 - 00079215 _____ () C:\Users\Peter\Documents\PJ new home in planning.skb
2015-05-01 23:35 - 2015-05-01 23:35 - 00601200 _____ () C:\Users\Peter\Downloads\stairs_left.skp
2015-05-01 23:32 - 2015-05-02 00:29 - 00684852 _____ () C:\Users\Peter\Documents\PJ new home in planning.skp
2015-05-01 16:46 - 2015-05-01 16:46 - 00000000 _____ () C:\WINDOWS\SysWOW64\REN5765.tmp
2015-05-01 16:45 - 2015-05-01 16:45 - 00000000 _____ () C:\WINDOWS\SysWOW64\REN2DF9.tmp
2015-05-01 16:44 - 2015-05-01 16:44 - 37321640 _____ (Oracle Corporation) C:\Users\Peter\Downloads\jre-8u45-windows-i586.exe
2015-05-01 16:42 - 2015-05-01 16:41 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Program Files\Java
2015-05-01 16:40 - 2015-05-01 16:40 - 43159464 _____ (Oracle Corporation) C:\Users\Peter\Downloads\jre-8u45-windows-x64.exe
2015-05-01 16:28 - 2015-05-09 15:54 - 01583641 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-01 16:25 - 2015-05-09 15:49 - 00001194 _____ () C:\WINDOWS\setupact.log
2015-05-01 16:25 - 2015-05-01 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-01 16:13 - 2015-05-01 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-01 16:12 - 2015-05-01 16:45 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-01 16:12 - 2015-05-01 16:12 - 00561576 _____ (Oracle Corporation) C:\Users\Peter\Downloads\chromeinstall-8u45 (1).exe
2015-05-01 15:44 - 2015-05-01 15:44 - 00000000 _____ () C:\WINDOWS\system32\REN1E57.tmp
2015-05-01 15:40 - 2015-05-01 15:40 - 00561576 _____ (Oracle Corporation) C:\Users\Peter\Downloads\chromeinstall-8u45.exe
2015-05-01 15:31 - 2015-05-01 15:31 - 40084390 _____ () C:\Users\Peter\Downloads\look-at-her-big-cock-on-webcam.flv
2015-04-29 11:27 - 2015-04-29 11:28 - 15058264 _____ () C:\Users\Peter\Downloads\Glary_Utilities_v5.24.0.43.exe
2015-04-26 08:47 - 2015-04-26 08:47 - 02338824 _____ () C:\Users\Peter\Downloads\hppiw.exe
2015-04-23 17:10 - 2015-04-23 17:10 - 06484352 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup505.exe
2015-04-18 01:49 - 2015-04-18 01:49 - 00062691 _____ () C:\Users\Peter\Documents\Pj SL New House Designs.skp
2015-04-15 18:09 - 2015-04-15 18:13 - 00015933 _____ () C:\Users\Peter\Documents\PJ Trains Station Mats Details.xlsx
2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2015-04-15 10:55 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 10:55 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 10:55 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 10:55 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 10:55 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 10:55 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 10:55 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 10:55 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 10:55 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 10:55 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 10:55 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 10:55 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 10:55 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 10:55 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 10:55 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 10:54 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 10:54 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 10:54 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 10:54 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 10:54 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 10:54 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 10:54 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 10:54 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 10:54 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 10:54 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 10:54 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 10:54 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 10:54 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 10:54 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 10:54 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 10:54 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 10:54 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 10:54 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 10:54 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 10:54 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 10:54 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 10:54 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 10:54 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 10:54 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 10:54 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 10:54 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 10:54 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 10:54 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 10:54 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 10:54 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 10:54 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 10:54 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 10:54 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 10:54 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 10:54 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 10:54 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 10:54 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 10:54 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 10:54 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 10:54 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 10:54 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 10:54 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 10:54 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 10:54 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 10:54 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 10:54 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 10:54 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 10:54 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 10:54 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 10:54 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 10:53 - 2015-04-14 10:53 - 15058624 _____ () C:\Users\Peter\Downloads\Glary_Utilities_v5.23.0.42.exe
2015-04-14 01:10 - 2015-04-14 01:28 - 168367793 _____ () C:\Users\Peter\Downloads\Geile Party.flv
2015-04-13 00:23 - 2015-04-13 00:32 - 82613374 _____ () C:\Users\Peter\Downloads\Big Boobs Sperm Fucking.flv
2015-04-12 00:51 - 2015-04-12 19:16 - 00004713 _____ () C:\Users\Peter\Desktop\PF Friends to be removed.txt
2015-04-09 18:42 - 2015-04-09 18:52 - 92383495 _____ () C:\Users\Peter\Downloads\Suzanna Queen of the Jungle.flv
2015-04-09 14:11 - 2015-04-09 14:11 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-09 15:59 - 2015-02-04 22:21 - 00000000 ____D () C:\FRST
2015-05-09 15:56 - 2014-01-25 17:42 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-104905620-282271343-3815656909-1002
2015-05-09 15:53 - 2014-03-30 13:58 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PJ-LAPTOP-Peter PJ-Laptop
2015-05-09 15:53 - 2014-01-25 21:25 - 00000000 ___DO () C:\Users\Peter\SkyDrive
2015-05-09 15:52 - 2014-08-04 12:33 - 00000000 ___RD () C:\Users\Peter\Google Drive
2015-05-09 15:52 - 2014-07-15 11:30 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\ViberPC
2015-05-09 15:51 - 2014-07-15 11:29 - 00000000 ____D () C:\Users\Peter\AppData\Local\Viber
2015-05-09 15:51 - 2014-06-16 11:22 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-05-09 15:51 - 2014-01-25 19:52 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-09 15:50 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-09 15:30 - 2014-01-25 19:52 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-09 15:07 - 2014-07-16 20:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-09 14:47 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-09 14:44 - 2015-02-04 22:18 - 02102784 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2015-05-09 12:57 - 2014-01-26 13:36 - 00431192 _____ () C:\WINDOWS\system32\Drivers\vsconfig.xml
2015-05-09 12:50 - 2014-12-17 17:20 - 00000000 ____D () C:\Users\Peter\AppData\Local\Unity
2015-05-09 12:50 - 2014-04-10 12:35 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-05-09 12:49 - 2015-01-22 12:31 - 00000000 ____D () C:\ProgramData\GlarySoft
2015-05-09 12:49 - 2014-07-17 15:26 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\GlarySoft
2015-05-09 12:48 - 2014-08-20 19:37 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2015-05-09 12:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-09 12:20 - 2014-01-25 21:39 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-09 12:06 - 2014-04-07 21:09 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1173210B-1728-4781-BE47-6661733E95B5}
2015-05-09 11:58 - 2014-07-17 15:26 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\DiskDefrag
2015-05-08 17:19 - 2014-06-08 22:37 - 00003166 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForPeter
2015-05-08 17:19 - 2014-06-08 22:37 - 00000352 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForPeter.job
2015-05-08 01:40 - 2014-01-25 21:04 - 00000000 ____D () C:\Users\Peter
2015-05-07 14:08 - 2013-10-19 16:34 - 00000000 ____D () C:\Users\Peter\Documents\Outlook Files
2015-05-07 12:31 - 2014-08-04 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 17:34 - 2014-06-21 19:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-06 00:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-05 09:48 - 2013-11-14 13:45 - 00960300 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-03 17:52 - 2014-01-25 21:41 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-02 11:52 - 2014-03-28 21:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-01 18:12 - 2014-06-27 18:29 - 00004130 _____ () C:\Users\Peter\Desktop\tp loc.txt.txt
2015-05-01 16:46 - 2014-06-08 10:09 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-01 16:10 - 2015-03-07 00:57 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Skype
2015-04-26 08:53 - 2012-08-16 21:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-25 19:47 - 2014-01-25 21:41 - 00000000 ____D () C:\ProgramData\AVG2014
2015-04-25 19:47 - 2014-01-25 21:41 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-25 19:46 - 2014-10-25 12:05 - 00000941 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-25 19:46 - 2014-03-31 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-25 19:46 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-23 17:11 - 2014-01-26 13:42 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-23 17:11 - 2014-01-26 13:42 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-17 19:03 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 12:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 12:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 00:56 - 2014-12-11 01:57 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-16 00:56 - 2014-07-14 04:59 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-16 00:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-04-16 00:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-04-15 11:22 - 2014-01-25 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 11:08 - 2014-01-25 18:26 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 10:53 - 2014-11-12 13:37 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 19:30 - 2014-07-16 20:26 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 00:24 - 2014-08-15 11:43 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 00:24 - 2014-08-15 11:43 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 22:37 - 2015-03-07 00:56 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-07-09 00:30 - 2015-03-04 02:39 - 0010240 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-07 00:55 - 2014-09-07 00:55 - 0000000 _____ () C:\Users\Peter\AppData\Local\TempSimLab_2014-09-07-00-55-09.skb
2014-09-07 00:55 - 2014-09-07 00:55 - 0682038 _____ () C:\Users\Peter\AppData\Local\TempSimLab_2014-09-07-00-55-09.skp
2014-04-07 20:43 - 2014-11-03 15:22 - 0001345 _____ () C:\ProgramData\hpzinstall.log
2014-08-18 12:19 - 2014-08-18 12:19 - 0000032 _____ () C:\ProgramData\Temp.log

Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 14:26

==================== End Of Log ============================
PJWales
Active Member
 
Posts: 12
Joined: May 7th, 2015, 8:10 am

Re: Having virus issue but scanner finds nothing

Unread postby askey127 » May 9th, 2015, 7:15 pm

PJ,
------------------------------------------------------------
Java Issue
You may want to read here before you decide whether to keep Java on your system:
http://www.zdnet.com/a-close-look-at-how-oracle-installs-deceptive-software-with-java-updates-7000010038/
(I don't have any Java on my system).

Your two Java programs are here:
Java 8 Update 45 (64-bit)
Java 8 Update 45

Uninstall them if you wish.
(These are not the same as the Javascript found as a standard inclusion in browsers).
Otherwise, your logs look clean.
Let me know what you are thinking, or what additional help would be useful.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having virus issue but scanner finds nothing

Unread postby PJWales » May 10th, 2015, 6:36 am

HI Askey,

If I do un-install Java, how can I enable Chrome own Java built-in? And is this Ninite worth looking at? Also other thing is at the very beginning you mention that 'Built-in Windows safeguards are having trouble validating a file used by Emsisoft.
We will deal with that later.
You can Uninstall Emsisoft and Install Malwarebytes Anti-Malware if you wish. Just tell me if you do it.' I didn't do this as I wanted to get all the other things done 1st. So what would be better to do? un-install Emsisoft and install Malwarebytes instead?

Also I can uncheck c:\windows\temp from AVG exception list as this is one of the area that the virus keeps reporting a virus but nothing found and goes in a loop and shall see how ti goes over the next few days to a week or two.

Thanks, PJ.
PJWales
Active Member
 
Posts: 12
Joined: May 7th, 2015, 8:10 am

Re: Having virus issue but scanner finds nothing

Unread postby askey127 » May 10th, 2015, 8:19 am

PJ,
Let's try to shed a little light on one item at a time.

Q: If I do un-install Java, how can I enable Chrome own Java built-in? And is this Ninite worth looking at?
A: It's already enabled automatically unless you set Chrome to disable scripts. There are a few (very few) websites that use Java, but those that do would not work. There could also be a game or other program written in Java that would fail to function. Most users don't notice the removal of Java at all. But, based on history, security is certainly better without it. I don't have enough experience with Ninite to be certain about it. A couple security programs tag it as an adknowledge bundler, most say it's clean.

Q: Also other thing is at the very beginning you mention that 'Built-in Windows safeguards are having trouble validating a file used by Emsisoft. We will deal with that later. You can Uninstall Emsisoft and Install Malwarebytes Anti-Malware if you wish. Just tell me if you do it. I didn't do this as I wanted to get all the other things done 1st.
So what would be better to do? un-install Emsisoft and install Malwarebytes instead?

A: One of the Emsisoft files is not signed properly and is causing System exceptions in the event log.
It may not effect the operation of the program, but is not correct.
Malwarebytes Anti-Malware (MBAM) is very reliable, and I would prefer it personally, but it's your call.
You can either use things as-is, or Uninstall Emsisoft and install MBAM.


Q:Also I can uncheck c:\windows\temp from AVG exception list as this is one of the area that the virus keeps reporting a virus but nothing found and goes in a loop and shall see how ti goes over the next few days to a week or two.
A: Not sure what the question is, but I wouldn't make any folder an exception just because AVG is having trouble dealing with it.
If you use CCleaner, (not the Registry part !) you can clean out files in the temp folders regularly.


Be aware that the AVG toolbars are primarily for providing search redirects to benefit ask.com (and AVG).
The ask.com redirects get installed as search engines in your browsers. We removed them here, but they may get re-installed.
The Windows 8 built-in Defender is popular as an antivirus- it's free, no redirects, no toolbars.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having virus issue but scanner finds nothing

Unread postby PJWales » May 10th, 2015, 8:35 am

Hi Askey,

OK I've unchecked the AVg exception of ignoring warnings from Temp folder and now have 2 times got given warnings for viruses ask it to clean it and it does sometime later same thing again.

permission to post screenshot of the said viruses warnings?

Thanks, PJ
PJWales
Active Member
 
Posts: 12
Joined: May 7th, 2015, 8:10 am

Re: Having virus issue but scanner finds nothing

Unread postby askey127 » May 10th, 2015, 9:45 am

If you Uninstall AVG and enable Defender, the warnings will go away.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having virus issue but scanner finds nothing

Unread postby PJWales » May 10th, 2015, 9:47 am

Just saw and notices that Emsisoft Anti-Malware is the cause of the viruses generation? So going to un-install Emsisoft and install Malwarebytes instead and see how that goes.
PJWales
Active Member
 
Posts: 12
Joined: May 7th, 2015, 8:10 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware