Inactive Bad Image error upon boot and opening programs, and an unknown new user, "wangjihua"?

pme1410 · Aug 17, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Peter (2015-08-17 10:00:12)
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3952311282-3270686217-2811382985-500 - Administrator - Disabled)
Guest (S-1-5-21-3952311282-3270686217-2811382985-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3952311282-3270686217-2811382985-1002 - Limited - Enabled)
Peter (S-1-5-21-3952311282-3270686217-2811382985-1000 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: System Shield (Disabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2015 (HKLM-x32\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden
Acronis True Image 2015 Media Add-on (HKLM-x32\...\{33E3F34C-612E-49CD-ADB3-3DE735594420}) (Version: 18.0.6055 - Acronis)
Acronis Disk Director 12 (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3223 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)
ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS)
ASUS Sync (HKLM-x32\...\{488E9FD9-7C30-4120-8790-410F46F13CD6}) (Version: 1.0.97 - FutureDial Inc.)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.94.193 - eCareme Technologies, Inc.)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.0.5.510 - Online Media Technologies Ltd.)
AVS Audio Editor 7.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.1.5.479 - Online Media Technologies Ltd.)
AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: 4.0.1.21 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)
AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.0.6.520 - Online Media Technologies Ltd.)
AVS Document Converter 2.2.5 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.2.5.218 - Online Media Technologies Ltd.)
AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)
AVS Image Converter 2.3.2.248 (HKLM-x32\...\AVS Image Converter_is1) (Version: 2.3.2.248 - Online Media Technologies Ltd.)
AVS Media Player 4.1.10.99 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.1.10.99 - Online Media Technologies Ltd.)
AVS Photo Editor (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.0.8.128 - Online Media Technologies Ltd.)
AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version: 2.2.3.236 - Online Media Technologies Ltd.)
AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.2.533 - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.3.2.234 - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.5.3.83 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.1.3.149 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.1.3.149 - Online Media Technologies Ltd.)
AVSDK5 (Version: 5.4.11 - CYREN Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digiguide TV Guide (HKLM-x32\...\Digiguide TV Guide) (Version: - GipsyMedia Limited)
Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden)
DraftSight x64 (HKLM\...\{18D88174-BDBF-4BBF-B05C-3C75F609E44A}) (Version: 12.1.1077 - Dassault Systemes)
Dropbox (HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
EPSON PX820FWD Series Printer Uninstall (HKLM\...\EPSON PX820FWD Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Google Apps Sync™ for Microsoft Outlook® 3.7.410.1100 (HKLM-x32\...\{799A7E2B-388F-4BDE-B55B-47AF42C6440A}) (Version: 3.7.410.1100 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\...\Google Chrome SxS) (Version: 46.0.2472.0 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google Web Designer (HKLM-x32\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.7.0 - Google Inc.)
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.46.0 - HTC)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.5.2 - iolo technologies, LLC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MightyText (HKLM-x32\...\{87B9BBD8-C449-4885-AD4F-97957734F734}_is1) (Version: 1.0 - MightyText)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.0.0.12 - SEIKO EPSON CORPORATION) Hidden
NetWorx 5.4 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Polytune 1.0.5 (HKLM-x32\...\{DDEF841D-8BA5-4071-B3C9-E111D5AC86F5}_is1) (Version: 1.0.5 - TC Electronic)
Pushbullet version 312 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 312 - Pushbullet Inc)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Rapport (x32 Version: 3.5.1412.176 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-14-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-14-4 - Siber Systems)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Sky Go Desktop (HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\...\3979305135.go.sky.com) (Version: - go.sky.com)
Spotify (HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Sunny Explorer (HKLM-x32\...\{0854AE6B-9CDA-4676-B8E8-C926B515A6C4}) (Version: 1.7.17 - SMA Solar Technology AG)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Mechanic 12 Professional (x32 Version: 14.5.2 - ) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
tbbMeter (HKLM-x32\...\{79F5C843-112C-4562-9F5C-29D255C91379}) (Version: 1.00.0000 - thinkbroadband.com)
tbbMeter Loader Service (HKLM-x32\...\{FDC85EE3-EDAA-47C9-9885-2A26FC41DC22}) (Version: 1.0.0 - thinkbroadband.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1412.176 - Trusteer)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.3.1 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vivaldi (HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\...\Vivaldi) (Version: 1.0.118.19 - Vivaldi)
WinDirStat 1.1.2 (HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\...\WinDirStat) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Wunderlist (HKLM-x32\...\{1ca68332-4ba1-4943-9010-eaa1aa45b492}) (Version: 2.3.0.31 - 6 Wunderkinder GmbH)
Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Peter\AppData\Local\Google\Chrome SxS\Application\46.0.2472.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3952311282-3270686217-2811382985-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

13-08-2015 23:44:38 Windows Update
14-08-2015 08:34:46 Windows Update
15-08-2015 22:03:00 JRT Pre-Junkware Removal
16-08-2015 03:00:23 Windows Update
17-08-2015 03:00:24 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-08-08 16:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07C3E016-D593-4F28-AF12-F722F91475A6} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {178AE9A2-BF29-4415-87F0-A151C1B612BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {19C9C269-4D86-4C7E-8DA9-C63B29748A7F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000Core => C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {1CE04CD8-7F0B-48A8-BC16-8F87E08F5FD2} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {1E6D6149-C8E7-4585-8B16-ED0A20E5AE6C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {28A4F414-4745-4E16-B8B2-411E0A29116A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {3717F1A0-E21E-424F-9A7C-37BE44C8630C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {396A171A-DB91-4C15-B85A-98C51FF1F8BA} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-03-01] (Futuredial Inc.)
Task: {3E15D23D-60DB-4BE1-92B8-A9A51518517F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6FE63CE5-36A7-4044-9565-B5C2434345EB} - System32\Tasks\iolo DelOnReboot => cmd.exe /c IF EXIST C:\ProgramData\iolo\ops\smrr.dll del /f C:\ProgramData\iolo\ops\smrr.dll
Task: {7DBF93DD-87F0-48A2-B415-8AA7AC5AEB87} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2012-07-12] (ASUSTeK Computer Inc.)
Task: {8B2A387D-608C-4532-ABB4-3D09B5AC5BB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {8B9EC1BD-6F53-4DD2-9651-FA5FF7562CB0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000Core => C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-12] (Google Inc.)
Task: {96EB4E91-3365-4032-9852-071B5354B687} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9CC403E9-3FEC-4C8C-8191-9E141C44CAC7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {A56381F9-CAB2-4B39-A9E6-758E7F19BB23} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {A96701C8-4CFB-4688-BF73-8EEEB36F8CAE} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-08-14] (ASUSTeK Computer Inc.)
Task: {B764589E-0D23-4EB7-AE59-7B899CAC50FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000UA => C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-12] (Google Inc.)
Task: {BFA3358B-8F30-44FA-B4E9-833D37B4B245} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2015-04-28] (iolo technologies, LLC)
Task: {C7A815E4-1393-401E-8BB0-A77EB9F9FC48} - System32\Tasks\Opera scheduled Autoupdate 1418408359 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-30] (Opera Software)
Task: {D1143B11-DB82-45F0-B98C-6C3A1ECE54D5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000UA => C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {D67647E3-F82E-40C2-AD99-AE36456D9FB0} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {E1366B13-328F-4FA8-B03B-0AEC8A403048} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {E741C8D1-4C11-4467-8B0C-0B1CA26AB618} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {EA87D3A8-3791-438D-A2EE-1B85D4F2C65F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.h...ICNJJCKJNBJCMPKKJLIKJNIJNKJCMJNNICMJNDJCMKJBJ"
Task: {F5067A80-CACE-4DBB-9823-240258BED248} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-06-27] (Siber Systems)
Task: {FF475FDB-87EF-4CBC-B482-D6FA7514F1B1} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000Core.job => C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000UA.job => C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000Core.job => C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000UA.job => C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-01-07 19:49 - 2012-06-01 18:42 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-07 19:49 - 2015-08-15 22:03 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-01-07 19:49 - 2010-06-29 11:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

pme1410 · Aug 17, 2015

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C9DBA59F-2B5A-4C3E-AA7C-43D816BA9483}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{B91B183A-E233-4673-9640-86501CD2A872}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{E08F6EA6-09AD-427F-8EFB-BEDCEA57EDF9}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{0B61AFDA-87DB-4A0A-B6E9-EFE58937A865}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{299DBE58-672D-4B9B-B448-7FA694F2A964}] => (Allow) LPort=2869
FirewallRules: [{420D8108-6BC1-4F5C-8EFF-8533B718FBA3}] => (Allow) LPort=1900
FirewallRules: [{19B6AA90-5A7E-4306-8EA4-EDDAF4ECDEB9}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{DF180890-0F1F-4B13-9F7F-D87105237837}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{EE82BBC6-7AD4-4A35-8818-1AD0998F6977}] => (Allow) C:\Users\Peter\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{4B14AAFE-3E03-4D4B-BA95-FB7B5F5C38B4}] => (Allow) C:\Users\Peter\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{FB3DEFE1-F15E-4E3D-813A-87B6258CE7C4}] => (Allow) C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{865B72E9-F549-4E8A-9B8F-6691A37BB9CC}] => (Allow) C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2DC11F95-CD78-4465-A6CD-3728F43D3ECF}] => (Allow) C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D1E0DAD4-2905-46E2-9669-F0A47C4A34D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DB6E068E-168C-4FA1-8379-22ED2042DE65}] => (Allow) LPort=2869
FirewallRules: [{742E172A-BBA4-4D21-891F-0B7930723EDF}] => (Allow) LPort=1900
FirewallRules: [{C2A2635F-EB00-417D-A712-FB3A211D784C}] => (Allow) LPort=2869
FirewallRules: [{4E22A133-0513-4844-810C-3F91E921B644}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{94FBEC3E-1F2E-4DFD-B37C-65A4A5609D1F}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6E9E74DF-DFD6-4631-BC01-026500A6C3ED}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{97165269-2A91-49DD-BA53-5E32F2AA89E4}] => (Allow) LPort=2869
FirewallRules: [{E1FEE7A9-DCBD-4956-BCFE-BC4CFAD97832}] => (Allow) LPort=1900
FirewallRules: [{0D4FB77C-76FC-4511-A599-30E6B7B1ACB8}] => (Allow) C:\Users\Peter\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{F2B19180-54B1-4581-B433-208CA440AA65}] => (Allow) C:\Users\Peter\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{53F5E110-FDA8-4FFF-8BF9-702B8012C494}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{0A34156B-CFD3-4086-A193-40FB3F235EEA}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{A05B2C81-0605-4174-9EA6-D4EF46612FDC}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{052067E4-2AE1-476D-B522-898ABF3BC9A9}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{2DAD5BA7-3511-4C40-9343-F40C9C1AB6F0}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [UDP Query User{CFD644B3-053C-4FB2-8BD1-CEC10C554CF3}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [TCP Query User{F1C1B1A5-F090-401B-A6A7-F548925272CC}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [UDP Query User{6E6FA268-1767-4EDD-97A9-C9095F1A8908}C:\program files (x86)\asus\asus sync\asusupctloader.exe] => (Allow) C:\program files (x86)\asus\asus sync\asusupctloader.exe
FirewallRules: [TCP Query User{1BF67F21-A638-4157-9E1D-EE73293BE9D5}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{7A2F7A84-64A0-45B9-B6AA-C99BE2A65102}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{E70B9497-EDDA-4E37-B5E1-E5665CBC6AC7}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{93C5351A-EF4C-4D33-AB61-6FA85425F991}] => (Allow) C:\Program Files (x86)\SMA\Sunny Explorer\SMA.Multicasting.IGMP.QuerierService.exe
FirewallRules: [{73F905FB-C947-4CE3-9DBC-2C2341270A9B}] => (Allow) C:\Program Files (x86)\SMA\Sunny Explorer\SunnyExplorer.exe
FirewallRules: [{085950D9-002C-4A22-859E-15592EE0FA79}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FFDBB230-D144-4B7C-85D4-8A8EE4FE0819}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{0582C27A-9847-4D72-A638-79B816AB6933}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{AF827C53-B891-43ED-9E5E-C11886D65705}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7BA8745E-EBFD-4517-AC5F-80ABE9320977}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7B7798BB-E557-44F2-8087-C7F6593AFCE6}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{F42B32B4-ED6F-4212-B57C-60E4847AFFDB}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{65630B99-632C-45E7-B071-A1D414CDF09E}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{AF050479-1E08-43A1-ACF3-896279AC9575}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [{9778BAAB-19F2-4DB9-8AE0-9D11AE39B4A9}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{7380F57E-F172-4E4F-A64C-5477C5E22BFC}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{A3F0D5AF-E484-4BB8-92A5-24972C9E2E7B}] => (Allow) C:\Users\Peter\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{62480E3B-FF3E-4486-9A78-72258F3B9CAA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9F025D5B-718F-4E2D-9E70-2B3D2ED8F141}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{04FC5832-86FC-4CEF-934D-D68E5EADB556}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{B5A6462E-9ED2-4D18-A9AC-8B02D0BE91E8}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{14219C75-3545-47C4-A846-9EA988E527FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1A7DBB56-BF7A-46ED-AB7B-7FD6180F32D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9E159EA3-90D1-4A9B-A107-11284DDD7C2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{03A9DC24-D2B5-4601-BB55-BAC98B8503C9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{77EEBA9E-87C5-4778-B448-46B7459FE9A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{53947988-3BB8-4FCB-AE68-D1A4F23960E2}] => (Allow) C:\Users\Peter\AppData\Local\Google\Chrome SxS\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2015 09:54:21 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (08/17/2015 03:00:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Outlook MUI (English) 2010 - Update 'Update for Microsoft Outlook 2010 (KB3055041) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/17/2015 03:00:35 AM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft Office Outlook MUI (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (08/17/2015 03:00:21 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is a problem with the backup catalog. Restore from a different backup or create new, full backup. (0x810000E4).

Error: (08/16/2015 09:01:07 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (08/16/2015 03:00:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Outlook MUI (English) 2010 - Update 'Update for Microsoft Outlook 2010 (KB3055041) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/16/2015 03:00:34 AM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft Office Outlook MUI (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (08/15/2015 11:25:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avant.exe, version: 12.5.0.0, time stamp: 0x55ac9bda
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7506cb49
Faulting process id: 0x2380
Faulting application start time: 0xavant.exe0
Faulting application path: avant.exe1
Faulting module path: avant.exe2
Report Id: avant.exe3

Error: (08/15/2015 05:01:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ONENOTEM.EXE, version: 14.0.4763.1000, time stamp: 0x4bb16e6b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1258
Faulting application start time: 0xONENOTEM.EXE0
Faulting application path: ONENOTEM.EXE1
Faulting module path: ONENOTEM.EXE2
Report Id: ONENOTEM.EXE3

Error: (08/15/2015 02:45:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.0.30319.34209, time stamp: 0x53489f50
Faulting module name: clr.dll, version: 4.0.30319.34209, time stamp: 0x5348a1ef
Exception code: 0xc0000005
Fault offset: 0x000000000006e8d0
Faulting process id: 0x530
Faulting application start time: 0xmscorsvw.exe0
Faulting application path: mscorsvw.exe1
Faulting module path: mscorsvw.exe2
Report Id: mscorsvw.exe3

System errors:
=============
Error: (08/17/2015 09:54:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (08/17/2015 09:54:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (08/17/2015 09:54:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (08/17/2015 09:54:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (08/17/2015 09:54:38 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (08/17/2015 09:54:38 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (08/17/2015 09:54:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (08/17/2015 09:54:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (08/17/2015 09:54:30 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (08/17/2015 07:17:12 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Microsoft Office:
=========================
Error: (08/17/2015 09:54:21 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Mapi(HRESULT : 0x800700c1)

Error: (08/17/2015 03:00:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Outlook MUI (English) 2010Update for Microsoft Outlook 2010 (KB3055041) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (08/17/2015 03:00:35 AM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft Office Outlook MUI (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/17/2015 03:00:21 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is a problem with the backup catalog. Restore from a different backup or create new, full backup. (0x810000E4)

Error: (08/16/2015 09:01:07 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Mapi(HRESULT : 0x800700c1)

Error: (08/16/2015 03:00:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Outlook MUI (English) 2010Update for Microsoft Outlook 2010 (KB3055041) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (08/16/2015 03:00:34 AM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft Office Outlook MUI (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/15/2015 11:25:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avant.exe12.5.0.055ac9bdaunknown0.0.0.000000000c00000057506cb49238001d0d7a93b4a5672C:\Program Files (x86)\Avant Browser\avant.exeunknown793e3436-439c-11e5-bdbc-c860008a7848

Error: (08/15/2015 05:01:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ONENOTEM.EXE14.0.4763.10004bb16e6bunknown0.0.0.000000000c000000500000000125801d0d773817056ccC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEunknownd2fd868a-4366-11e5-bdbc-c860008a7848

Error: (08/15/2015 02:45:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mscorsvw.exe4.0.30319.3420953489f50clr.dll4.0.30319.342095348a1efc0000005000000000006e8d053001d0d760b6c151e7C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dllf472f593-4353-11e5-8634-c860008a7848

CodeIntegrity:
===================================
Date: 2015-08-17 09:54:40.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-16 09:05:58.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-16 08:53:31.949
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-16 08:32:17.965
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-16 08:23:57.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-16 08:05:18.119
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-16 07:53:44.463
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-16 03:00:30.591
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-15 22:07:55.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-15 17:00:49.298
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 8%
Total physical RAM: 16064.8 MB
Available physical RAM: 14645.72 MB
Total Virtual: 32127.82 MB
Available Virtual: 29689.77 MB

==================== Drives ================================

Drive c: (Intel SSD OS W7 64) (Fixed) (Total:167.68 GB) (Free:53.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Old D Drive) (Fixed) (Total:59.2 GB) (Free:19.31 GB) NTFS
Drive f: (OS W7 32) (Fixed) (Total:127.1 GB) (Free:59.17 GB) NTFS
Drive h: (s) (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: FDEAFDEA)
Partition 1: (Not Active) - (Size=8 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=127.1 GB) - (Type=OF Extended)
Partition 3: (Active) - (Size=59.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: 8FE1F6C5)
Partition 1: (Active) - (Size=167.7 GB) - (Type=07 NTFS)

==================== End of log ============================

pme1410 · Aug 17, 2015

I didn't click Farbar "Fix", after the scan, should I do this?
Arh, I see from other posts that I need a "fixlist" to do this...

Broni · Aug 17, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

pme1410 · Aug 18, 2015

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Peter (2015-08-18 07:44:02) Run:1
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8fqsvsgg.default\extensions\duplicatetab@kechitpratik.xpi [not found]
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8fqsvsgg.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}.xpi [not found]
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8fqsvsgg.default\extensions\isreaditlater@ideashower.com [not found]
S3 ALSysIO; \??\C:\Users\Peter\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
2015-08-05 15:09 - 2013-09-05 20:01 - 00000000 ____D C:\Users\wangjihua
2014-05-05 14:56 - 2015-01-10 12:49 - 0000624 _____ () C:\Users\Peter\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-14 23:15 - 2013-10-14 23:15 - 0000092 _____ () C:\Users\Peter\AppData\Roaming\Control System_Settings.ini
2013-01-13 19:26 - 2013-01-13 19:26 - 0007605 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg

*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3952311282-3270686217-2811382985-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf" => key removed successfully
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8fqsvsgg.default\extensions\duplicatetab@kechitpratik.xpi not found.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8fqsvsgg.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}.xpi not found.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8fqsvsgg.default\extensions\isreaditlater@ideashower.com not found.
ALSysIO => service removed successfully
catchme => service removed successfully
dgderdrv => service removed successfully
C:\Users\wangjihua => moved successfully.
C:\Users\Peter\AppData\Roaming\All CPU MeterV3_Settings.ini => moved successfully.
C:\Users\Peter\AppData\Roaming\Control System_Settings.ini => moved successfully.
C:\Users\Peter\AppData\Local\Resmon.ResmonCfg => moved successfully.

==== End of Fixlog 07:44:02 ====

Broni · Aug 18, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

pme1410 · Aug 19, 2015

Results of screen317's Security Check version 1.007
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.7011)
AVS Registry Cleaner version 2.2
Java 8 Update 51
Adobe Flash Player 18.0.0.232
Mozilla Firefox (39.0)
Google Chrome (44.0.2403.107)
Google Chrome (44.0.2403.125)
````````Process Check: objlist.exe by Laurent````````
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 39% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

pme1410 · Aug 19, 2015

Farbar Service Scanner Version: 26-07-2015
Ran by Peter (administrator) on 19-08-2015 at 07:48:10
Running from "C:\Users\Peter\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

pme1410 · Aug 19, 2015

Temp File Cleaner
User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 71503858 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 39711581 bytes
->Flash cache emptied: 696 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 262144 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 106.00 mb

pme1410 · Aug 19, 2015

I got this error when installing Sophos...
Unsupoorted 16 bit application.
the prog or feature "\??C:\Windows\System\msiexec.exe" cannot start or run due to incompatibility with 64-bit versions of windows. Please contact your software supplier...
I restarted but same error, also fyi when restarted, the bad image error-msi.dll errors still show for apps trying to start...
Also Win 7 is very keen for me to install lots of Windows updates at shutdown, I haven't as yet until instructed, so I only restart or sleep, but it keeps waking up by itself.
SO a bit stuck at present...

pme1410 · Aug 19, 2015

Also, fyi, when I restart, Iolo System Mech does it's reg backup & compression thing every time, should I uninstall?
Although I can now right click on things without windows explorer crashing...

Broni · Aug 19, 2015

I'd recommend uninstalling not only System Mechanic but also AVS Registry Cleaner.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Update Firefox to the latest version.

======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

pme1410 · Aug 20, 2015

I have 9 important (security) and optional MS updates which will not install, tried 13 time during the day. I can't shut down without them trying to install which take 20 minutes each time.
I still get the bad image error boxes at start up, do I just reinstall these apps?
I never did get Sophos to run (64bit issue).
Right mouse click works ok now, but still having difficulty with any .exe file I always get the bad image error, but then when click ok, some run some don't. Even chrome will not update gives an error, with no shockwave or flash player, I downloaded a new copy but the .exe wouldn't run; C;\Windows\system32\msi.dll not designed or has an error...
I may have wasted our time so far as to eliminate possible influence before we started, I had disconnected two of the internal drives, these I need to reconnect as one is may documents drive and one is my backup drive, which can be wiped and started again (True Image).
Can I reconnect and scan with some specific tools? the docs drive is mostly files & docs, I don't run any apps from it, and the Bu drive is just 3 months of conveyor backups, which must have the malware in there somewhere, it can be formatted if required and new folders/BU tasks set up.
I fine old mess I'm in!
Malware bytes has found no threats...

pme1410 · Aug 20, 2015

Do I need to delete chrome extension files & folders every time I run adwcleaner?
Chrome reloads them when it restarts, and I constantly use them.

Broni · Aug 20, 2015

You can scan your external drive with your AV program. That will do.

As for AdwCleaner you can always uncheck items you don't want to be removed.

As for other issues...it looks like not malware related since at this point your computer is clean.

If bad image error mentions some specific program, yes, reinstall it and see how it goes.

Finally I'd recommend....

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

Go to Step 5 and under "System Restore" click on Create button:

Go to Repairs tab and click Open Repairs button.

In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

pme1410 · Aug 23, 2015

I've been unable to do anything for a few days, I'll try and progress you last post today, but as of tomorrow I'm working away for the week, so there may be a five day delay until Saturday 29th.
I got as far as delfix, but I just can't get any of the windows updates to install, I think I'm going to have to try a windows repair from the install disc.
Also I couldn't install the latest windows repair, but I did have the last issue of it already installed, so I'll try that.

pme1410 · Aug 23, 2015

Well all was going well, managed to get into safe mode and run windows repair portable from a usb drive, everything went perfectly, right though all the stages. Eventually rebooted into windows all good, all working fine. Rebooted a couple of times, by which time windows updates had download, when I shut down they installed. Now I can't even get into safe mode or "repair your computer" from bios start or my cd.
I can't even get to the log files.
I've despondently given up for tonight, tomorrow I may not get a chance it's the wife's birthday, then I'm away on business until Friday night.
Should I post to bleeping computer or another site for help?

Broni · Aug 23, 2015

NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

pme1410 · Aug 23, 2015

Broni, thank you for your patience and help so far, it really is very much appreciated...
I'll see if I can implement this tomorrow, between starting my new job and taking the wife out for her Birthday dinner!
Peter

Broni · Aug 23, 2015

Broni · Aug 28, 2015

Still with me?

pme1410 · Aug 29, 2015

Hi Broni,
yes indeed still with you, back from my week working away.
I've restarted and it boots into windows starting screen then crashes with BSOD, and reboots into failed to start screen "launch startup repair" but start up repair has tried several times but still cannot determine the cause of the problem. So going to follow your FRST instructions...

pme1410 · Aug 29, 2015

Yey, success with FRST;
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015
Ran by SYSTEM on MININT-5O15SLT (29-08-2015 11:26:45)
Running from H:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll
BootExecute: autocheck

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-08-05] (SUPERAntiSpyware.com)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.)
S2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
S2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2014-03-13] (Dassault Systèmes)
S2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-17] (Malwarebytes Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2015-06-15] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-29] (Microsoft Corporation)
S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703584 2011-09-16] (SEIKO EPSON CORPORATION)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-29] (Microsoft Corporation)
S4 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139536 2011-11-15] ()
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] ()
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-06-02] (IBM Corp.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S2 SMA.Multicasting.IGMP.QuerierService.exe; C:\Program Files (x86)\SMA\Sunny Explorer\SMA.Multicasting.IGMP.QuerierService.exe [21152 2014-06-24] (Microsoft)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S2 tbbLoaderService; C:\Program Files (x86)\thinkbroadband.com\tbbMeter\tbbLoaderService.exe [14848 2010-10-09] (thinkbroadband.com)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
S2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
S2 AMP; C:\Windows\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
S2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-11-01] (EldoS Corporation)
S0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2014-11-08] (Acronis International GmbH)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
S3 HCW99BDA; C:\Windows\System32\Drivers\hcw99bda.sys [216064 2007-03-23] (Hauppauge Computer Works, Inc.)
S3 hcw99rc; C:\Windows\System32\Drivers\hcw99rc.sys [38528 2007-03-23] (Hauppauge Computer Works, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-17] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-05-19] (NetFilterSDK.com)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2015-08-23] (microOLAP Technologies LTD)
S1 RapportCerberus_1412112; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [917112 2015-06-22] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [485368 2015-06-02] (IBM Corp.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121432 2015-06-02] (IBM Corp.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [376184 2015-06-02] (IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [480440 2015-06-02] (IBM Corp.)
S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-15] (EldoS Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [585944 2014-12-31] (Realtek Semiconductor Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-07-21] (Acronis International GmbH)
S2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-19] (Acronis International GmbH)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-15] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-23 06:19 - 2015-08-23 06:19 - 00000000 ____D C:\RegBackup
2015-08-23 05:36 - 2015-08-23 05:37 - 00000000 ____D C:\users\wangjihua
2015-08-20 22:56 - 2015-08-20 22:56 - 00000000 ____D C:\Windows\pss
2015-08-20 22:35 - 2015-08-20 22:36 - 22020608 _____ (Tweaking.com) C:\Users\Peter\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-08-20 12:24 - 2015-06-15 13:45 - 03242496 _____ (Microsoft Corporation) C:\Users\Peter\Desktop\msi (2).dll
2015-08-20 12:17 - 2015-08-20 12:17 - 00931408 _____ (Google Inc.) C:\Users\Peter\Downloads\ChromeSetup.exe
2015-08-20 12:01 - 2015-08-20 12:01 - 00000000 ____D C:\AdwCleaner
2015-08-20 02:54 - 2015-08-20 02:54 - 00000000 ____D C:\Users\Peter\AppData\Local\Pushbullet_Inc
2015-08-20 02:52 - 2015-08-20 02:52 - 00000144 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-20 02:29 - 2015-08-20 05:01 - 00004128 _____ C:\Windows\IE11_main.log
2015-08-20 01:47 - 2015-08-20 02:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-20 01:47 - 2015-08-20 02:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-20 00:19 - 2015-07-14 19:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2015-08-20 00:19 - 2015-07-14 18:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-08-20 00:19 - 2015-07-09 09:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2015-08-20 00:19 - 2015-07-09 09:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\System32\dwmapi.dll
2015-08-20 00:19 - 2015-07-09 09:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-20 00:19 - 2015-07-09 09:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-20 00:19 - 2015-06-25 02:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2015-08-20 00:19 - 2015-06-25 02:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2015-08-20 00:19 - 2015-06-25 02:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2015-08-20 00:19 - 2015-06-25 01:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-19 23:53 - 2015-08-19 23:53 - 00000000 ____D C:\Windows\ERUNT
2015-08-19 23:52 - 2015-08-19 23:53 - 00002431 _____ C:\DelFix.txt
2015-08-19 23:41 - 2015-08-19 23:41 - 41760640 _____ C:\Users\Peter\Downloads\Firefox Setup 40.0.2.exe
2015-08-19 02:00 - 2015-08-19 02:00 - 130682224 _____ (Sophos Limited) C:\Users\Peter\Desktop\Sophos Virus Removal Tool.exe
2015-08-15 07:29 - 2015-08-15 07:29 - 00000925 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-13 23:37 - 2015-07-30 05:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 23:37 - 2015-07-30 05:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 10:25 - 2015-07-28 12:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-08-13 10:25 - 2015-07-28 12:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-08-13 10:25 - 2015-07-28 12:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-08-13 10:25 - 2015-07-28 12:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-08-13 10:25 - 2015-07-28 12:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-08-13 10:25 - 2015-07-28 12:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-08-13 10:25 - 2015-07-28 12:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-08-13 10:25 - 2015-07-28 11:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-08-13 10:25 - 2015-07-16 11:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 10:25 - 2015-07-16 11:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-13 10:25 - 2015-07-16 11:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-13 10:25 - 2015-07-16 11:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-08-13 10:25 - 2015-07-16 11:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2015-08-13 10:25 - 2015-07-16 11:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2015-08-13 10:25 - 2015-07-11 05:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2015-08-13 10:21 - 2015-07-14 19:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2015-08-13 10:21 - 2015-07-14 19:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-08-13 10:21 - 2015-07-14 19:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2015-08-13 10:21 - 2015-07-14 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-08-13 10:21 - 2015-07-14 18:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 10:21 - 2015-07-14 18:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 10:21 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-13 10:21 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-13 10:21 - 2015-07-10 09:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-08-13 10:21 - 2015-07-10 09:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-13 10:21 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2015-08-13 10:21 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 10:21 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 10:21 - 2015-07-01 12:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2015-08-13 10:21 - 2015-07-01 12:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2015-08-13 10:21 - 2015-07-01 12:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 10:21 - 2015-07-01 12:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-13 10:01 - 2015-08-20 12:01 - 00000000 ____D C:\Users\Peter\Downloads\Anti Malware
2015-08-09 03:32 - 2015-08-09 03:32 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-08 07:36 - 2015-08-08 07:36 - 00000916 _____ C:\Users\Peter\Desktop\Downloads.lnk
2015-08-08 07:03 - 2015-08-15 23:19 - 00000000 ____D C:\Windows\erdnt
2015-08-08 06:57 - 2015-08-08 06:57 - 00000000 ____D C:\Users\Peter\AppData\Roaming\QuickScan
2015-08-07 10:00 - 2015-08-07 10:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-07 09:17 - 2015-08-15 06:35 - 00035064 _____ C:\Windows\System32\Drivers\TrueSight.sys
2015-08-07 09:17 - 2015-08-07 09:45 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-07 08:52 - 2015-08-29 11:26 - 00000000 ____D C:\FRST
2015-08-06 22:48 - 2015-08-06 22:48 - 938067359 _____ C:\Windows\MEMORY.DMP
2015-08-06 22:48 - 2015-08-06 22:48 - 00262144 _____ C:\Windows\Minidump\080715-23899-01.dmp
2015-08-06 01:40 - 2015-08-06 01:40 - 00000000 ____D C:\$Windows.~BT
2015-08-06 01:33 - 2015-07-10 02:30 - 00000001 ___SH C:\BOOTNXT
2015-08-06 01:29 - 2015-08-06 01:36 - 00001287 _____ C:\Windows\DtcInstall.log
2015-08-06 01:29 - 2015-08-06 01:30 - 00001577 _____ C:\Windows\comsetup.log
2015-08-05 07:04 - 2015-08-05 07:04 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PETER-PC-W7-64-Windows-7-Home-Premium-(64-bit).dat
2015-08-05 06:04 - 2015-08-23 08:11 - 00019148 _____ C:\Windows\PFRO.log
2015-08-05 05:57 - 2015-08-23 07:37 - 00003666 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-08-05 05:57 - 2015-08-23 07:37 - 00002181 _____ C:\Users\Peter\Desktop\Tweaking.com - Windows Repair.lnk
2015-08-05 05:57 - 2015-08-05 05:57 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-05 05:04 - 2015-08-05 05:04 - 00000343 _____ C:\Windows\LkmdfCoInst.log
2015-08-05 04:54 - 2015-08-05 02:42 - 02364416 _____ (Microsoft Corporation) C:\Users\Peter\Desktop\msi.dll
2015-08-05 04:40 - 2015-08-23 08:12 - 00003752 _____ C:\Windows\setupact.log
2015-08-05 04:40 - 2015-08-05 04:40 - 00000000 _____ C:\Windows\setuperr.log
2015-08-05 02:50 - 2015-08-05 02:50 - 00000000 ____D C:\SUPERDelete
2015-08-05 02:41 - 2015-08-05 02:41 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-05 02:41 - 2015-08-05 02:41 - 00000840 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-05 02:40 - 2015-08-05 02:41 - 00000000 ____D C:\Program Files\CCleaner
2015-08-05 02:22 - 2015-08-05 02:22 - 00001286 _____ C:\Users\Peter\Desktop\Revo Uninstaller.lnk
2015-08-05 01:31 - 2015-08-05 01:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Peter\Downloads\revosetup.exe
2015-08-04 02:12 - 2015-08-04 02:14 - 43812432 _____ (Foxit Software Inc. ) C:\Users\Peter\Downloads\FoxitReader720.0722_prom_enu_Setup.exe
2015-08-03 06:33 - 2015-08-03 06:33 - 01491560 _____ C:\Users\Peter\Downloads\BMExtreme - v2.76.exe
2015-08-01 10:59 - 2015-08-01 10:59 - 00000408 _____ C:\Windows\SysWOW64\iolo.ini
2015-08-01 10:59 - 2015-08-01 10:59 - 00000408 _____ C:\Windows\System32\iolo.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-23 09:12 - 2012-11-14 12:42 - 01931635 _____ C:\Windows\WindowsUpdate.log
2015-08-23 09:03 - 2015-06-18 06:14 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000UA.job
2015-08-23 09:01 - 2013-06-19 12:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-23 08:46 - 2014-12-12 10:06 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000UA.job
2015-08-23 08:41 - 2012-11-14 12:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-23 08:27 - 2009-07-13 20:45 - 00015632 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-23 08:27 - 2009-07-13 20:45 - 00015632 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-23 08:21 - 2009-07-13 21:13 - 00776420 _____ C:\Windows\System32\PerfStringBackup.INI
2015-08-23 08:18 - 2014-05-13 11:33 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-08-23 08:13 - 2012-11-14 13:07 - 00110480 _____ C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-23 08:12 - 2014-01-12 15:21 - 00000000 ____D C:\Users\Peter\AppData\Local\HTC MediaHub
2015-08-23 08:12 - 2012-11-14 13:37 - 00065600 _____ (microOLAP Technologies LTD) C:\Windows\System32\Drivers\pssdklbf.sys
2015-08-23 08:12 - 2012-11-14 13:37 - 00053312 _____ (microOLAP Technologies LTD) C:\Windows\System32\Drivers\pssdk42.sys
2015-08-23 08:12 - 2012-11-14 12:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-23 08:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-23 08:12 - 2009-07-13 20:45 - 00412256 _____ C:\Windows\System32\FNTCACHE.DAT
2015-08-23 08:08 - 2009-07-13 18:34 - 00000514 _____ C:\Windows\win.ini
2015-08-23 07:23 - 2009-07-13 18:34 - 00000855 _____ C:\Windows\System32\Drivers\etc\hosts_bak_280
2015-08-23 06:35 - 2009-07-13 18:34 - 00000855 _____ C:\Windows\System32\Drivers\etc\hosts_bak_199
2015-08-23 05:36 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2015-08-20 12:24 - 2015-02-15 01:25 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Ditto
2015-08-20 11:35 - 2015-02-07 06:03 - 00000000 ____D C:\Users\Peter\AppData\Local\Pushbullet
2015-08-20 11:35 - 2012-11-15 09:21 - 00000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2015-08-20 10:46 - 2014-12-12 10:06 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000Core.job
2015-08-20 10:03 - 2015-06-18 06:14 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3952311282-3270686217-2811382985-1000Core.job
2015-08-20 07:59 - 2012-11-14 13:46 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2015-08-20 07:59 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2015-08-20 05:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-08-20 03:33 - 2013-07-26 08:40 - 00000000 ____D C:\Windows\System32\MRT
2015-08-20 02:47 - 2013-09-29 02:10 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-19 23:42 - 2015-07-10 04:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-19 23:42 - 2013-08-21 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-19 00:06 - 2014-12-12 10:19 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1418408359
2015-08-19 00:06 - 2014-12-12 10:17 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-15 23:21 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2015-08-15 08:00 - 2012-12-12 12:10 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Dropbox
2015-08-15 07:29 - 2014-05-13 11:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-14 00:13 - 2014-12-11 10:47 - 00000000 ____D C:\Windows\System32\appraiser
2015-08-14 00:13 - 2014-04-25 08:56 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-08-13 14:49 - 2013-03-12 19:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 14:49 - 2013-03-12 19:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 12:01 - 2013-06-19 12:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-13 12:01 - 2012-11-18 07:34 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 12:01 - 2012-11-18 07:34 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-10 19:03 - 2012-11-14 12:42 - 00000000 ____D C:\users\Peter
2015-08-09 08:31 - 2012-11-14 15:37 - 00000000 ____D C:\Users\Peter\Downloads\Gadgets
2015-08-08 07:15 - 2009-07-13 18:34 - 00000027 _____ C:\Windows\System32\Drivers\etc\hosts_bak_187
2015-08-06 22:48 - 2012-11-14 12:36 - 00000000 ____D C:\Windows\Minidump
2015-08-06 16:44 - 2012-12-29 05:07 - 00000000 ____D C:\temp
2015-08-06 01:47 - 2014-05-07 01:54 - 01301504 ___SH C:\Users\Peter\Desktop\Thumbs.db
2015-08-06 01:41 - 2012-11-14 20:34 - 00000000 ____D C:\Windows\Panther
2015-08-06 01:33 - 2012-11-14 20:34 - 00008192 __RSH C:\BOOTSECT.BAK
2015-08-06 01:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-08-05 07:53 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-05 07:15 - 2009-07-13 18:34 - 00000855 _____ C:\Windows\System32\Drivers\etc\hosts_bak_732
2015-08-05 07:03 - 2015-06-10 01:14 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-05 05:04 - 2012-12-13 09:44 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2015-08-05 03:04 - 2013-01-27 06:02 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Foxit Software
2015-08-05 02:47 - 2013-01-15 09:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-05 00:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2015-08-04 10:03 - 2012-11-15 10:10 - 00000000 ____D C:\Users\Peter\Documents\Outlook Files
2015-08-04 04:17 - 2012-12-29 04:08 - 00000000 ____D C:\Users\Peter\Downloads\PDF files
2015-08-02 00:38 - 2012-12-13 10:20 - 00000000 ___RD C:\Users\Peter\Sync
2015-08-01 10:59 - 2012-11-14 13:51 - 00000392 _____ C:\Windows\SysWOW64\iolo.ini.txt
2015-07-31 07:41 - 2012-11-14 12:55 - 00000000 ____D C:\Users\Peter\AppData\Local\Google
==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16064.8 MB
Available physical RAM: 14894.88 MB
Total Virtual: 16062.95 MB
Available Virtual: 14888.49 MB

==================== Drives ================================

Drive c: (Intel SSD OS W7 64) (Fixed) (Total:167.68 GB) (Free:64.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Samsung SSD) (Fixed) (Total:119.24 GB) (Free:119.15 GB) NTFS
Drive h: () (Removable) (Total:0.24 GB) (Free:0.19 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 9A32EA79)
Partition 2: (Not Active) - (Size=119.2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: 8FE1F6C5)
Partition 1: (Active) - (Size=167.7 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 246 MB) (Disk ID: 007298DA)
Partition 1: (Active) - (Size=246 MB) - (Type=07 NTFS)

LastRegBack: 2015-08-13 13:34

==================== End of log ============================

Broni · Aug 29, 2015

Nothing malicious there so let's see if we can make your computer bootable again.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

pme1410 · Aug 29, 2015

Hi Broni,
the fixlist txt file just reads; "LastRegBack: 2015-08-13 13:34" I trust this is correct and I haven't missing something, it produced this log...
Fix result of Farbar Recovery Scan Tool (x64) Version:23-08-2015
Ran by SYSTEM (2015-08-29 23:53:40) Run:2
Running from h:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
LastRegBack: 2015-08-13 13:34
*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 23:53:44 ====

System restarted, windows logo screen "Starting Windows" then hangs until bsod, auto restart into windows error recovery screen.
BSOD reads;
Stop: c000021a {Fatal System Error}
the initial session process or system process terminated unexpectedly with a status of 0x00000000 (0xc0000428 0x00010ae0) system shut down

Inactive Bad Image error upon boot and opening programs, and an unknown new user, "wangjihua"?

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Attachments

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Attachments

Posts: 37 +0

Similar threads