Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Proxy override...malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Proxy override...malware?

Unread postby fayfox » July 19th, 2015, 4:40 pm

Hello,
My problem started with my computer freezing after using for around 20 to 30 minutes. Ctrl+Alt+Delete gave me the message : " Failure to display security and shut down options
The logon process was unable to display security and logon options when CTRL+ALT+DELETE was pressed. If the operating system does not respond, press ESC or restart the computer by using the power switch"
I had to hold the power switch..several times. It took me a minute to realize I had a problem. On start up everything seemed fine, but again, 20 to 30 min in..frozen.
On researching, the trojan.adh was what I thought I had. I followed these steps: 1.adwcleaner 2.junkware removal tool 3.malwarebytes antimalware 4.hitmanpro
No trojans found, just swdumon under the service tab in adwcleaner. I did not look at the other tabs..sigh. Clicked clean, rebooted. Started junkware, did not ask for a reboot. Started malware, reboot, ditto on hitmanpro.
On that reboot, I ran adwcleaner again, I clicked on all tabs this time, and on the registry tab I found :" HKCU\Microsoft|windows|currentVersion|Internet Settings ProxyOverride *.local"
Research on this seems to suggest malware, but I'm not sure. My computer seems to be working just fine, even booting up faster than normal. Oh, one more thing...when I found the proxyoverride, I clicked the clean button on adwcleaner. On reboot I was unable to log in under user account --got the message "Failed to connect to a Windows Service. Windows could not connect to the System Event Notification Service. This problem prevents standard users from logging onto the system. As an Administrative User, you can review the System Events Log for details about why the service didn't respond." I was able to log onto the admin acct, but unable to connect to the internet.
I did a system restore at that point. Was able to log onto user account and the internet. Ran adwcleaner and the proxyoverride is still the only thing that pops up on any tab. I did not remove this time, just left alone. Oh, I also was initially using the chrome browser, but I unistalled it. Have not reinstalled yet, using firefox.
I think it all may have started from a driver updater program by Slimware? that I installed months ago. I unistalled the program. I was trying to see if that would help my computer run the Wither2. :)
Here are my dds logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 10.80.2
Run by Admin at 14:54:19 on 2015-07-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.4708 [GMT -4:00]
.
AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VIPRE\SBAMSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\fay\Downloads\adwcleaner_4.208.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRunOnce: [Report] \AdwCleaner\AdwCleaner[S2].txt
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5}\2656C6B696E6E2362373E2537484A7 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5}\34963736F61353537373 : DHCPNameServer = 192.168.1.1
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
SSODL: WebCheck - <orphaned>
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-10-6 230456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-3 55856]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2010-9-8 260816]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/18 18:12:28];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-5-18 146928]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-2 237056]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2015-7-19 127752]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 99128]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2013-9-5 3937472]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2013-6-18 88928]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [2013-9-5 176016]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-6 25816]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 239616]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2010-9-8 120608]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2013-4-12 88864]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-18 34872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [2012-11-23 133496]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-9 1133880]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-7-28 21712]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-8 41032]
S3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2013-7-31 31264]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2015-7-19 43664]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-15 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-9 63704]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2011-8-20 1931632]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2010-9-8 120608]
S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2010-9-8 63184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-2 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-2 1255736]
.
=============== Created Last 30 ================
.
2015-07-19 15:14:01 -------- d-----w- C:\Users\Admin\AppData\Local\Diagnostics
2015-07-19 14:26:28 43664 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2015-07-19 14:26:20 -------- d-----w- C:\Program Files\HitmanPro
2015-07-19 12:46:16 -------- d-----w- C:\ProgramData\HitmanPro
2015-07-18 17:37:06 -------- d-----w- C:\AdwCleaner
2015-07-18 17:21:49 -------- d-----w- C:\Program Files\Reason
2015-07-15 16:04:51 -------- d-----w- C:\Program Files\Common Files\AV
2015-07-15 07:31:59 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-15 07:30:59 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-12 19:33:41 -------- d-----w- C:\Program Files (x86)\Delicious - Emilys Childhood Memories
2015-07-12 18:50:26 -------- d-----w- C:\Users\Admin\AppData\Roaming\VisualShape
2015-07-12 18:50:26 -------- d-----w- C:\ProgramData\VisualShape
2015-07-12 17:50:14 -------- d-----w- C:\Users\Admin\AppData\Roaming\GameHouse
2015-07-12 17:48:51 -------- d-----w- C:\Program Files (x86)\Farm to Fork
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2015-07-12 00:07:46 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2015-07-12 00:05:58 895160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2015-07-12 00:05:58 51880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2015-07-12 00:05:58 188584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-07-11 14:28:24 -------- d-----w- C:\Program Files (x86)\Surface - Alone in the Mist
.
==================== Find3M ====================
.
2015-07-15 09:09:12 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 09:09:12 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-09 17:59:59 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:41 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:31 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-09 17:58:26 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:24 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-09 17:58:23 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-09 17:58:23 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:50:11 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-03 18:05:54 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-03 18:05:43 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-03 18:05:34 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-03 18:05:26 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-03 17:56:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-03 17:56:56 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-03 17:56:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-03 17:55:42 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-03 16:52:31 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-03 16:42:38 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-18 12:41:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-18 12:41:44 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-18 12:41:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 14:54:33.50 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/8/2010 11:58:02 AM
System Uptime: 7/19/2015 12:50:16 PM (2 hours ago)
.
Motherboard: FOXCONN | | ALOE
Processor: AMD Phenom(tm) II X4 945 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 674.015 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.622 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
RP388: 7/12/2015 1:02:35 AM - Scheduled Checkpoint
RP389: 7/15/2015 3:00:15 AM - Windows Update
RP390: 7/16/2015 3:34:34 AM - Windows Modules Installer
RP391: 7/18/2015 8:18:26 AM - Removed HP Advisor.
RP392: 7/19/2015 8:08:49 AM - JRT Pre-Junkware Removal
RP393: 7/19/2015 8:59:04 AM - JRT Pre-Junkware Removal
RP394: 7/19/2015 10:39:50 AM - Checkpoint by HitmanPro
RP395: 7/19/2015 10:41:12 AM - Checkpoint by HitmanPro
RP396: 7/19/2015 11:18:10 AM - Restore Operation
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Community Help
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Help Center 2.1
Adobe Photoshop Elements 10
Adobe Photoshop Elements 5.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.5.5
Amazon Kindle
Amazon MP3 Downloader 1.0.15
AMD USB Filter Driver
Apple Application Support (32-bit)
Apple Mobile Device Support
Apple Software Update
Art of Murder: Cards of Destiny
ATI Catalyst Install Manager
Big Fish Games Toolbar 2.0
Big Fish: Game Manager
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brain Training for Dummies
BufferChm
BVS Solitaire Collection
calibre
Casebook
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
City of Fools
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Delicious: Emily's Childhood Memories
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DocMgr
DocProc
Dragon Keeper
Dragon Keeper 2
DVD Menu Pack for HP MediaSmart Video
Elements 10 Organizer
Fable - The Lost Chapters
Family Tree Maker 2012
Fantasy Mosaics 4: Art of Color
Fantasy Mosaics 5
Fantasy Mosaics 6: Into the Unknown
Fantasy Mosaics 7: Our Home
Farm to Fork
Fax
Final Cut: Encore Collector's Edition
Garden Rescue
Garden Rescue: Christmas Edition
GIMP 2.6.11
Google Update Helper
Gothic 3
GPBaseService2
Grimm's Hatchery
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
HitmanPro 3.7
Holiday Jigsaw Valentine's Day
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Document Manager 2.0
HP Games
HP Imaging Device Functions 14.0
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP OfficeJet J4600 All-In-One Series
HP Photo Creations
HP Photosmart Essential 3.5
HP Remote Solution
HP Setup
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Support Assistant
HP Support Information
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Hulu Desktop
HydraVision
inSSIDer 3
Java 7 Update 80
Jewel Quest Solitaire
Jigsaw World Tour
Jigsaws Galore
Junk Mail filter update
Kingdoms of Amalur: Reckoning
LabelPrint
LightScribe System Software
Mah-Jomino
Malwarebytes Anti-Malware version 2.1.8.1057
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2000 Professional
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Mobipocket Creator 4.2
Mosaics Galore
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 39.0 (x86 en-US)
Mozilla Maintenance Service
Mr. Puzzle
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Kingdom for the Princess II
My Kingdom for the Princess III
Mystery Riddles
Nancy Drew - Curse of Blackmoor Manor
Nancy Drew - Last Train to Blue Moon Canyon
Nancy Drew - Secret Of The Old Clock
Nancy Drew: Alibi in Ashes
Nancy Drew: Ghost Dogs of Moon Lake
Nancy Drew: Message in a Haunted Mansion
Nancy Drew: Secret of Shadow Ranch
Nancy Drew: Secret of the Scarlet Hand
Nancy Drew: Shadow at the Water's Edge
Nancy Drew: The Captive Curse
Nancy Drew: The Deadly Device
Nancy Drew: The Final Scene
Nancy Drew: The Haunted Carousel
Nancy Drew: The Silent Spy
Nancy Drew: Tomb of the Lost Queen
Nancy Drew: Treasure in the Royal Tower
Network64
NVIDIA PhysX
OCR Software by I.R.I.S. 14.0
Off the Record: Linden Shades
OpenAL
Origin
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
Power2Go
PowerDirector
Profiler: The Hopscotch Killer
PSE10 STI Installer
QuickTime 7
RAIDXpert
Realtek High Definition Audio Driver
Recovery Manager
Royal Jigsaw 2
Royal Jigsaw 3
Scan
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Steam
Sudoku Latin Squares
Surface: Alone in the Mist
System Requirements Lab Detection
The Elder Scrolls V: Skyrim
The Witcher 2: Assassins of Kings Enhanced Edition
The Witcher: Enhanced Edition
Toolbar - Big Fish Games
Toolbox
Toy Defense 3 - Fantasy
TrayApp
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2013
TurboTax 2013 wgaiper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
Victorian Mysteries&reg;: The Yellow Room
VIPRE Internet Security
WebReg
Who Am I
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
World Mosaics 7
.
==== Event Viewer Messages From Past Week ========
.
7/19/2015 9:02:08 AM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/19/2015 9:02:03 AM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/19/2015 9:02:03 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/19/2015 8:52:29 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The system cannot find the path specified.
7/19/2015 8:52:29 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The system cannot find the path specified.
7/19/2015 8:52:23 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The pipe has been ended.
7/19/2015 8:52:22 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The pipe has been ended.
7/19/2015 8:52:20 AM, Error: Service Control Manager [7038] - The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/19/2015 8:52:20 AM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not start due to a logon failure.
7/19/2015 8:51:57 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2015 8:32:57 AM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/19/2015 8:32:57 AM, Error: Service Control Manager [7038] - The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/19/2015 8:32:57 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
7/19/2015 8:32:57 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure.
7/19/2015 8:10:21 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/19/2015 8:10:21 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/19/2015 8:09:21 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 3:13:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
7/19/2015 3:13:36 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2015 2:54:07 PM, Error: NetBT [4321] - The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
7/19/2015 12:51:44 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.
7/19/2015 12:51:44 PM, Error: NetBT [4321] - The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
7/19/2015 12:51:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the GFI LanGuard 11 Attendant Service service to connect.
7/19/2015 12:51:16 PM, Error: Service Control Manager [7000] - The GFI LanGuard 11 Attendant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2015 11:20:43 AM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error A system call has failed..
7/19/2015 11:16:49 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147012892
7/19/2015 11:15:16 AM, Error: Service Control Manager [7024] - The Network Location Awareness service terminated with service-specific error %%-1073741502.
7/19/2015 11:15:15 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The operation completed successfully.
7/19/2015 11:15:12 AM, Error: Service Control Manager [7034] - The Windows Event Log service terminated unexpectedly. It has done this 3 time(s).
7/19/2015 11:15:12 AM, Error: Service Control Manager [7023] - The Windows Event Log service terminated with the following error: The authentication service is unknown.
7/19/2015 11:14:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service has not been started.
7/19/2015 11:14:20 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The operation completed successfully.
7/19/2015 11:14:09 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014789.
7/19/2015 11:14:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Active File Monitor V10 service to connect.
7/19/2015 11:14:09 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007277B.
7/19/2015 11:13:12 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/19/2015 11:12:31 AM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: A specified authentication package is unknown.
7/19/2015 11:12:30 AM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: A system call has failed.
7/19/2015 11:12:29 AM, Error: Service Control Manager [7023] - The DNS Client service terminated with the following error: A system call has failed.
7/19/2015 11:12:09 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/19/2015 11:12:09 AM, Error: Service Control Manager [7022] - The Net Driver HPZ12 service hung on starting.
7/19/2015 11:11:55 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
7/19/2015 11:10:42 AM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service has not been started.
7/19/2015 11:10:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
7/19/2015 11:10:32 AM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2015 11:10:06 AM, Error: Service Control Manager [7023] - The Diagnostics Tracking Service service terminated with the following error: %%-2147467259
7/19/2015 11:10:04 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024882
7/19/2015 11:09:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Active File Monitor V5 service to connect.
7/19/2015 11:09:50 AM, Error: Service Control Manager [7000] - The Adobe Active File Monitor V5 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2015 11:09:41 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect..
7/19/2015 11:09:38 AM, Error: Service Control Manager [7022] - The TCP/IP NetBIOS Helper service hung on starting.
7/19/2015 11:09:38 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The authentication service is unknown.
7/19/2015 11:09:36 AM, Error: Service Control Manager [7022] - The DHCP Client service hung on starting.
7/19/2015 11:08:14 AM, Error: Service Control Manager [7023] - The WLAN AutoConfig service terminated with the following error: The authentication service is unknown.
7/19/2015 11:08:14 AM, Error: Microsoft-Windows-WLAN-AutoConfig [4002] - WLAN AutoConfig service has failed to start. Error Code: 1747
7/19/2015 11:08:12 AM, Error: Service Control Manager [7022] - The System Event Notification Service service hung on starting.
7/19/2015 11:05:20 AM, Error: Service Control Manager [7038] - The eventlog service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/19/2015 11:05:20 AM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not start due to a logon failure.
7/19/2015 10:54:43 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2015 10:54:42 AM, Error: Service Control Manager [7034] - The VIPRE Internet Security service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7034] - The SB Recovery Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7034] - The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7034] - The HitmanPro Scheduler service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7034] - The GFI LanGuard 11 Attendant Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7034] - The Adobe Active File Monitor V10 service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:03 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2015 10:54:03 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/19/2015 10:54:03 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2015 10:54:03 AM, Error: Service Control Manager [7031] - The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/19/2015 10:54:02 AM, Error: Service Control Manager [7034] - The AMD RAIDXpert service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:02 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:02 AM, Error: Service Control Manager [7034] - The Adobe Active File Monitor V5 service terminated unexpectedly. It has done this 1 time(s).
7/19/2015 10:54:02 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/19/2015 10:20:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
7/19/2015 10:20:48 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2015 1:34:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
7/19/2015 1:34:24 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2015 1:05:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
7/18/2015 8:33:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
7/18/2015 8:33:00 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/18/2015 7:53:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/18/2015 12:53:13 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/18/2015 12:43:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/18/2015 12:39:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
7/18/2015 1:24:18 PM, Error: Service Control Manager [7000] - The Reason Core Security Bundle Protection service failed to start due to the following error: Access is denied.
7/17/2015 8:15:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
7/17/2015 8:15:43 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/16/2015 4:01:09 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/16/2015 3:09:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
.
==== End Of File ===========================


Thanks for your help.
Fay
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 9:21 am

Hello fayfox, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.


I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...


Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 9:28 am

Hi fayfox

Please run the following and post the results separately as the logs can get quite long.


Step 1.
FRST - Farbar Recovery Scanner Tool Image
Please download FRST64.exe ... by Farbar. Save it to your desktop.
  1. Right click on FRST64.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. When the tool opens click Yes to disclaimer.
  2. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
  3. Please copy/paste FRST.txt it to your reply.
    The first time the tool is run, it makes also another log... Addition.txt.
  4. Please copy/paste Addition.txt in your reply.


Step 2.
aswMBR - Scan

Please download aswMBR.exe ... © Avast Software ( 511KB ). Save it to your desktop.
  1. Right click the aswMBR.exe icon... select "Run As Administrator" to run it.
  2. aswmbr uses Avast's virus definition, if prompted to download definitions... reply Yes.
    It may take some time for these definitions to download, please be patient.
  3. Make sure Quick Scan is set in the options... then click the "Scan" button to start the scan.
    The scan wil take a few minutes, please be patient.
  4. On completion... "Scan finished successfully" will be displayed... press the "Save log" button.
  5. You'll be prompted to save a file named "aswMBR.txt"... Save it to your desktop.
  6. Please copy and paste the contents of aswMBR.txt in your next reply.
Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat
This is a copy of your MBR record, before any changes, to be used to recover MBR to previous condition, if problem exist after changes.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.


What I need back from you:
Post each separately.
  1. Contents of FRST.txt
  2. Contents of Addition.txt
  3. Contents of aswMBR.txt
  4. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 10:13 am

Hi wbg,
I'm having trouble with the very first step. I've tried in both firefox and IE to download the farbar tool. It goes to the download page and then it switches to an "unable to connect" message.
Fay
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 11:39 am

First part step 1: FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Admin (administrator) on FAY-PC on 20-07-2015 11:30:29
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: fay & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\mantle.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2010-05-18]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-07-20]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
GroupPolicyUsers\S-1-5-21-765319908-1524800839-1392544109-1000\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1003: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-11] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-19] (SurfRight B.V.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-25] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 11:30 - 2015-07-20 11:31 - 00015720 _____ C:\Users\Admin\Downloads\FRST.txt
2015-07-20 11:29 - 2015-07-20 11:30 - 00000000 ____D C:\FRST
2015-07-20 11:27 - 2015-07-20 11:28 - 02134528 _____ (Farbar) C:\Users\Admin\Downloads\FRST64(1).exe
2015-07-20 11:26 - 2015-07-20 11:26 - 02134528 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-07-20 06:44 - 2015-07-20 06:43 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-20 06:43 - 2015-07-20 06:44 - 00000630 _____ C:\Windows\SecuniaPackage.log
2015-07-20 06:43 - 2015-07-20 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-20 06:43 - 2015-07-20 06:43 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-20 06:35 - 2015-07-20 06:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Secunia PSI
2015-07-20 06:34 - 2015-07-20 06:34 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-07-20 06:34 - 2015-07-20 06:34 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-07-20 06:31 - 2015-07-20 06:32 - 05490752 _____ (Secunia) C:\Users\fay\Downloads\PSISetup.exe
2015-07-19 17:04 - 2015-07-19 17:05 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Admin\Downloads\JRT.exe
2015-07-19 17:03 - 2015-07-19 17:04 - 02248704 _____ C:\Users\Admin\Downloads\adwcleaner_4.208.exe
2015-07-19 16:55 - 2015-07-19 16:55 - 00000000 ____D C:\Users\Admin\AppData\Local\GWX
2015-07-19 14:36 - 2015-07-19 14:56 - 00026929 _____ C:\Users\Admin\Desktop\attach.txt
2015-07-19 14:36 - 2015-07-19 14:54 - 00023071 _____ C:\Users\Admin\Desktop\dds.txt
2015-07-19 14:35 - 2015-07-19 14:35 - 00688992 ____R (Swearware) C:\Users\fay\Downloads\dds.scr
2015-07-19 10:26 - 2015-07-19 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-19 10:26 - 2015-07-19 11:24 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-19 10:26 - 2015-07-19 10:26 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-07-19 09:12 - 2015-07-19 09:12 - 00002377 _____ C:\Users\Admin\Downloads\JRT.txt
2015-07-19 09:10 - 2015-07-19 09:10 - 00002377 _____ C:\Users\Admin\Desktop\JRT.txt
2015-07-19 08:46 - 2015-07-19 10:40 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-19 08:45 - 2015-07-19 08:46 - 11032736 _____ (SurfRight B.V.) C:\Users\fay\Downloads\HitmanPro_x64.exe
2015-07-19 08:08 - 2015-07-19 08:08 - 01798288 _____ (Malwarebytes Corporation) C:\Users\fay\Downloads\JRT.exe
2015-07-18 14:12 - 2015-07-18 14:12 - 00127504 _____ C:\Users\fay\Documents\bookmarks_7_18_15.html
2015-07-18 13:45 - 2015-07-18 13:45 - 02248704 _____ C:\Users\fay\Downloads\adwcleaner_4.208 (1).exe
2015-07-18 13:37 - 2015-07-19 17:05 - 00000000 ____D C:\AdwCleaner
2015-07-18 13:36 - 2015-07-18 13:36 - 02248704 _____ C:\Users\fay\Downloads\adwcleaner_4.208.exe
2015-07-18 13:21 - 2015-07-18 13:21 - 04152184 _____ (Reason Software Company Inc.) C:\Users\fay\Downloads\setup-dlcm.exe
2015-07-18 13:21 - 2015-07-18 13:21 - 00000000 ____D C:\Program Files\Reason
2015-07-16 07:48 - 2015-07-16 07:48 - 00000000 ____D C:\Users\fay\AppData\Roaming\VisualShape
2015-07-15 12:04 - 2015-07-15 12:04 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-15 03:32 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 03:32 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 03:32 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 03:32 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 03:32 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 03:32 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 03:32 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 03:32 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 03:32 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 03:32 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 03:32 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 03:32 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 03:32 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 03:32 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 03:32 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 03:32 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 03:32 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 03:32 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 03:32 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 03:32 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 03:32 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 03:32 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 03:32 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 03:32 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 03:32 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 03:32 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 03:32 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 03:32 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 03:32 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 03:32 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 03:32 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 03:32 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 03:32 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 03:32 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 03:32 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 03:32 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 03:32 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 03:32 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 03:32 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 03:32 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 03:32 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 03:32 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 03:32 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 03:32 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 03:32 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 03:32 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 03:32 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 03:32 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 03:32 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 03:32 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 03:32 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 03:32 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 03:32 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 03:31 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 03:31 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 03:31 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 03:31 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 03:31 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 03:31 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 03:31 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 03:31 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 03:31 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 03:31 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 03:31 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 03:31 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 03:31 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 03:31 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 03:31 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 03:31 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 03:31 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 03:31 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 03:31 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 03:31 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 03:31 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 03:31 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 03:31 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 03:31 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 03:31 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 03:31 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 03:31 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 03:30 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 03:30 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 03:30 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 03:30 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 03:30 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 03:30 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 03:30 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 03:30 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 03:30 - 2015-07-03 14:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 03:30 - 2015-07-03 14:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 03:30 - 2015-07-03 14:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 03:30 - 2015-07-03 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 03:30 - 2015-07-03 13:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 03:30 - 2015-07-03 13:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 03:30 - 2015-07-03 13:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 03:30 - 2015-07-03 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 03:30 - 2015-07-03 12:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 03:30 - 2015-07-03 12:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 03:30 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 03:30 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 03:30 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 03:30 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 03:30 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 03:30 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 03:30 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 03:30 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 03:30 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 03:30 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 03:30 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 03:30 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 03:30 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 03:30 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 03:30 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 03:30 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 03:30 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 03:30 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 03:30 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 03:30 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-12 17:26 - 2015-07-12 17:26 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\bigfishgames_p238514316_s1_l1.exe
2015-07-12 17:26 - 2015-07-12 17:26 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\bigfishgames_p238514316_s1_l1 (1).exe
2015-07-12 15:35 - 2015-07-12 15:35 - 00002210 _____ C:\Users\Public\Desktop\Play Delicious - Emilys Childhood Memories.lnk
2015-07-12 15:35 - 2015-07-12 15:35 - 00001304 _____ C:\Users\Public\Desktop\More Great Games.lnk
2015-07-12 15:33 - 2015-07-12 15:35 - 00000000 ____D C:\Program Files (x86)\Delicious - Emilys Childhood Memories
2015-07-12 15:33 - 2015-07-12 15:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Childhood Memories
2015-07-12 15:33 - 2015-07-12 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Childhood Memories
2015-07-12 14:50 - 2015-07-12 14:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VisualShape
2015-07-12 14:50 - 2015-07-12 14:50 - 00000000 ____D C:\ProgramData\VisualShape
2015-07-12 13:50 - 2015-07-12 15:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GameHouse
2015-07-12 13:49 - 2015-07-12 13:49 - 00001937 _____ C:\Users\Public\Desktop\Play Farm to Fork.lnk
2015-07-12 13:48 - 2015-07-12 13:49 - 00000000 ____D C:\Program Files (x86)\Farm to Fork
2015-07-12 13:48 - 2015-07-12 13:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm to Fork
2015-07-12 13:48 - 2015-07-12 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm to Fork
2015-07-11 20:07 - 2015-07-11 20:07 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-11 20:07 - 2015-07-11 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-11 20:07 - 2015-07-11 20:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-11 10:53 - 2015-07-11 10:53 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\easter-eggztravaganza-2_s1_l1_gF7597T1L1_d2488663256.exe
2015-07-11 10:46 - 2015-07-11 10:46 - 00237568 _____ (Big Fish Games) C:\Users\fay\Downloads\easter-eggztravaganza-2_s1_l1_gF7597T1L1_d2488661125.exe
2015-07-11 10:29 - 2015-07-11 10:29 - 00002102 _____ C:\Users\Public\Desktop\Play Surface - Alone in the Mist.lnk
2015-07-11 10:28 - 2015-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\Surface - Alone in the Mist
2015-07-11 10:28 - 2015-07-11 10:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Surface - Alone in the Mist
2015-07-11 10:28 - 2015-07-11 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surface - Alone in the Mist

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 11:09 - 2013-04-18 03:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 10:44 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 10:44 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 10:33 - 2010-05-19 13:13 - 01933482 _____ C:\Windows\WindowsUpdate.log
2015-07-20 10:27 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 10:27 - 2009-07-14 00:51 - 00052045 _____ C:\Windows\setupact.log
2015-07-20 09:59 - 2011-11-01 12:40 - 00000000 ____D C:\Users\fay\Documents\Computer Tools
2015-07-20 06:43 - 2014-07-28 05:28 - 00000000 ____D C:\ProgramData\Oracle
2015-07-19 20:55 - 2010-11-26 09:48 - 00000000 ____D C:\Users\fay\Documents\Account Info
2015-07-19 18:21 - 2011-11-04 07:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-19 18:00 - 2015-01-08 07:46 - 00000000 ____D C:\Users\Admin\Documents\Account Info
2015-07-19 16:55 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-19 13:31 - 2011-11-04 07:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-07-19 12:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2015-07-19 11:50 - 2012-06-19 17:22 - 00000000 ____D C:\Users\Admin
2015-07-19 11:48 - 2010-09-08 11:58 - 00000000 ____D C:\Users\fay
2015-07-19 11:24 - 2014-01-31 02:40 - 00000000 ____D C:\Program Files (x86)\VIPRE
2015-07-19 11:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 11:23 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-19 11:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-19 07:38 - 2010-05-18 20:56 - 00000000 ____D C:\ProgramData\Temp
2015-07-18 14:25 - 2015-01-10 06:06 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-18 14:24 - 2015-01-10 06:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2015-07-18 14:24 - 2014-11-30 21:43 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-07-18 14:24 - 2014-05-23 19:37 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
2015-07-18 14:24 - 2014-05-23 19:37 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
2015-07-18 08:30 - 2011-11-26 12:22 - 00000000 ____D C:\Windows\pss
2015-07-18 08:23 - 2010-05-18 20:38 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-18 08:07 - 2010-09-08 12:00 - 00000000 ____D C:\Users\fay\AppData\Local\Hewlett-Packard
2015-07-16 19:03 - 2013-08-04 06:16 - 00000000 ____D C:\BigFishCache
2015-07-16 06:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 04:07 - 2009-07-14 00:45 - 00343664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 04:05 - 2014-04-09 03:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-16 04:05 - 2012-04-27 06:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-16 04:05 - 2011-12-05 04:16 - 00001698 _____ C:\Windows\SysWOW64\CountScans.XML
2015-07-16 04:05 - 2010-06-10 06:13 - 00534802 _____ C:\Windows\PFRO.log
2015-07-16 04:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 04:01 - 2015-04-15 03:33 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 04:01 - 2014-05-06 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 05:09 - 2013-04-18 03:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 05:09 - 2012-06-02 10:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 05:09 - 2011-05-25 05:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 03:03 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-15 03:03 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-12 15:38 - 2010-11-24 05:38 - 00000000 ____D C:\Users\fay\Documents\Recipes
2015-07-12 15:33 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-12 15:16 - 2015-05-26 08:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Western Software Technologies
2015-07-11 20:07 - 2012-11-15 02:12 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-11 20:07 - 2012-10-30 22:19 - 00000000 ____D C:\Windows\Patches
2015-07-11 20:06 - 2014-04-09 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 20:06 - 2012-06-15 19:51 - 00001032 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 20:06 - 2011-05-01 08:36 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-11 20:06 - 2010-09-11 07:06 - 00001077 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-11 20:05 - 2015-01-14 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-11 10:57 - 2012-12-02 21:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Elephant Games
2015-07-05 01:00 - 2010-09-10 06:46 - 00003170 _____ C:\Windows\System32\Tasks\HPCeeScheduleForfay
2015-07-05 01:00 - 2010-09-10 06:46 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForfay.job
2015-07-01 01:00 - 2010-05-19 13:12 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-06-27 03:09 - 2013-08-03 11:56 - 00774632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-03-23 11:45 - 2014-03-23 11:47 - 0000011 _____ () C:\Users\Admin\AppData\Roaming\log.txt
2013-06-16 12:27 - 2013-06-16 12:27 - 0000037 ___SH () C:\Users\Admin\AppData\Local\70149b02515b3bb20dd492.47983420
2010-09-11 01:14 - 2010-09-11 01:45 - 0003897 _____ () C:\ProgramData\doicrane_save.log
2012-03-11 11:34 - 2012-03-11 12:28 - 0001464 _____ () C:\ProgramData\hpzinstall.log
2014-04-13 21:23 - 2014-04-13 22:23 - 0000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2010-09-24 03:13 - 2010-09-24 03:13 - 0000059 _____ () C:\ProgramData\user.ini

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\bfguni.exe
C:\Users\Admin\AppData\Local\Temp\installerdll355051770.dll
C:\Users\Admin\AppData\Local\Temp\lowproc.exe
C:\Users\Admin\AppData\Local\Temp\rootsupd.exe
C:\Users\Admin\AppData\Local\Temp\rscp_setup.exe
C:\Users\Admin\AppData\Local\Temp\sp58915.exe
C:\Users\Admin\AppData\Local\Temp\stubhelper.dll
C:\Users\Admin\AppData\Local\Temp\tempmessage.bfg
C:\Users\Admin\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Admin\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Admin\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\fay\AppData\Local\Temp\installerdll354983005.dll
C:\Users\fay\AppData\Local\Temp\installerdll355505858.dll
C:\Users\fay\AppData\Local\Temp\Setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 00:43

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 11:41 am

Step 1 Addition.txt - working on step 2 now.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Admin at 2015-07-20 11:31:44
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-765319908-1524800839-1392544109-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-765319908-1524800839-1392544109-500 - Administrator - Disabled)
fay (S-1-5-21-765319908-1524800839-1392544109-1000 - Limited - Enabled) => C:\Users\fay
Guest (S-1-5-21-765319908-1524800839-1392544109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-765319908-1524800839-1392544109-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art of Murder: Cards of Destiny (HKLM-x32\...\BFG-Art of Murder - Cards of Destiny) (Version: - )
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Big Fish Games Toolbar 2.0 (HKLM-x32\...\BfgBar) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brain Training for Dummies (HKLM-x32\...\BFG-Brain Training for Dummies) (Version: - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BVS Solitaire Collection (HKLM-x32\...\BFG-BVS Solitaire Collection) (Version: - )
calibre (HKLM-x32\...\{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}) (Version: 0.8.54 - Kovid Goyal)
Casebook (HKLM-x32\...\BFG-Casebook) (Version: - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - ATI) Hidden
City of Fools (HKLM-x32\...\BFG-City of Fools) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Delicious: Emily's Childhood Memories (HKLM-x32\...\BFG-Delicious - Emilys Childhood Memories) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dragon Keeper (HKLM-x32\...\BFG-Dragon Keeper) (Version: - )
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Fantasy Mosaics 4: Art of Color (HKLM-x32eams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:AABECEFB
AlternateDataStreams: C:\ProgramData\Temp:AB03533D
AlternateDataStreams: C:\ProgramData\Temp:ABFEED8E
AlternateDataStreams: C:\ProgramData\Temp:AC73CDCE
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AF2F9D4A
AlternateDataStreams: C:\ProgramData\Temp:B08E1EB8
AlternateDataStreams: C:\ProgramData\Temp:B1381B34
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B190BE3A
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:B2FEAB71
AlternateDataStreams: C:\ProgramData\Temp:B3196E8D
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B648F38E
AlternateDataStreams: C:\ProgramData\Temp:B6E58523
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B73EC53A
AlternateDataStreams: C:\ProgramData\Temp:B762A0C2
AlternateDataStreams: C:\ProgramData\Temp:B790962B
AlternateDataStreams: C:\ProgramData\Temp:B86927F0
AlternateDataStreams: C:\ProgramData\Temp:B88DC997
AlternateDataStreams: C:\ProgramData\Temp:B942A5C5
AlternateDataStreams: C:\ProgramData\Temp:BA46F44F
AlternateDataStreams: C:\ProgramData\Temp:BABA07C2
AlternateDataStreams: C:\ProgramData\Temp:BC076721
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD0A043E
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BDE93B22
AlternateDataStreams: C:\ProgramData\Temp:BDF08FAF
AlternateDataStreams: C:\ProgramData\Temp:BF6A2C54
AlternateDataStreams: C:\ProgramData\Temp:BF6C81B2
AlternateDataStreams: C:\ProgramData\Temp:C07A6A6B
AlternateDataStreams: C:\ProgramData\Temp:C0913157
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C3702442
AlternateDataStreams: C:\ProgramData\Temp:C370B84F
AlternateDataStreams: C:\ProgramData\Temp:C37283B5
AlternateDataStreams: C:\ProgramData\Temp:C46848E8
AlternateDataStreams: C:\ProgramData\Temp:C49A5AD1
AlternateDataStreams: C:\ProgramData\Temp:C5AE4E07
AlternateDataStreams: C:\ProgramData\Temp:C5EB4127
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8
AlternateDataStreams: C:\ProgramData\Temp:C6920A5D
AlternateDataStreams: C:\ProgramData\Temp:C76CFF82
AlternateDataStreams: C:\ProgramData\Temp:C8182692
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA23BCFD
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:CB16385F
AlternateDataStreams: C:\ProgramData\Temp:CB299F13
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC45913B
AlternateDataStreams: C:\ProgramData\Temp:CC4C59B4
AlternateDataStreams: C:\ProgramData\Temp:CDCDE97C
AlternateDataStreams: C:\ProgramData\Temp:CE506F23
AlternateDataStreams: C:\ProgramData\Temp:D0AD4EA5
AlternateDataStreams: C:\ProgramData\Temp:D1D597D0
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1
AlternateDataStreams: C:\ProgramData\Temp:D93AABC7
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:DCA27D99
AlternateDataStreams: C:\ProgramData\Temp:DEDEEB2F
AlternateDataStreams: C:\ProgramData\Temp:DEEB5C70
AlternateDataStreams: C:\ProgramData\Temp:E0A09032
AlternateDataStreams: C:\ProgramData\Temp:E33C786A
AlternateDataStreams: C:\ProgramData\Temp:E3615992
AlternateDataStreams: C:\ProgramData\Temp:E4272706
AlternateDataStreams: C:\ProgramData\Temp:E47BBD7B
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E66247BD
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B
AlternateDataStreams: C:\ProgramData\Temp:E8074E20
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E87CF820
AlternateDataStreams: C:\ProgramData\Temp:E900132A
AlternateDataStreams: C:\ProgramData\Temp:E9900C74
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED51D3ED
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EE2DD6CC
AlternateDataStreams: C:\ProgramData\Temp:EE7A6A39
AlternateDataStreams: C:\ProgramData\Temp:EE9B2879
AlternateDataStreams: C:\ProgramData\Temp:EEB25EAE
AlternateDataStreams: C:\ProgramData\Temp:F0E908D5
AlternateDataStreams: C:\ProgramData\Temp:F135A76C
AlternateDataStreams: C:\ProgramData\Temp:F1F936DF
AlternateDataStreams: C:\ProgramData\Temp:F2B81C2E
AlternateDataStreams: C:\ProgramData\Temp:F2C34CD7
AlternateDataStreams: C:\ProgramData\Temp:F52A6209
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F72306CC
AlternateDataStreams: C:\ProgramData\Temp:F75FE298
AlternateDataStreams: C:\ProgramData\Temp:F817E159
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
AlternateDataStreams: C:\ProgramData\Temp:F8EBAB95
AlternateDataStreams: C:\ProgramData\Temp:F9153E10
AlternateDataStreams: C:\ProgramData\Temp:FAC7C0A8
AlternateDataStreams: C:\ProgramData\Temp:FACB65E7
AlternateDataStreams: C:\ProgramData\Temp:FB65A4AA
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
AlternateDataStreams: C:\ProgramData\Temp:FD11E093
AlternateDataStreams: C:\ProgramData\Temp:FD38E906
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
AlternateDataStreams: C:\ProgramData\Temp:FF9C44FE
AlternateDataStreams: C:\ProgramData\Temp:FFD38FD9

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7698 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^fay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GumNotes.lnk => C:\Windows\pss\GumNotes.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99E6F953-AF6C-444B-A65D-C6F4A50E21C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7C97B664-D242-4181-A388-913141AF54AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{36EDF6B6-41D1-4CDB-9994-519D9EA3056F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{6EAC32C1-81B5-4431-A19A-00FBCE45E624}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{579DEC31-559F-4FB2-B15B-924B666C09B8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{85B3CEC1-CE56-481B-961F-CD273B0E1CDB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{2D66649C-4C7D-4CFA-B160-4D21FFEE3316}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{E4371197-ABE3-450A-88F3-C741F6E55C2B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{79CD9701-1A28-4A13-8A22-2EDEEA8A003E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9870FEB0-DD8F-4DC6-83F9-FA8EE2E750D4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E4684629-C62D-4DBE-B5FE-E210D7B36643}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{035BC04F-B1F5-473C-A280-6B01D9C1AF34}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{9D3466EF-979F-4E41-BC3E-EFC37AD1281D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6078D94B-EDAF-4C09-BC12-11EBFB8C02A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{173CBDE3-28A9-46AA-9BA3-FF1720549C84}] => (Allow) svchost.exe
FirewallRules: [{43020B60-9C84-40E6-81A3-0E9DD73DFFE7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF4B8492-E491-4BDF-8B3D-0E7AE983C494}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{5BB7594C-D04C-4328-A3AB-E150371ED1E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{2C04A3F2-9BE3-454E-992D-7DA3735C8C10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{6D6B67FC-836E-4BF1-9656-2512E962FCB2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1750E239-2D6A-40DD-931D-73CA56735FFE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1D1C0E76-F5FF-4A7C-B239-A1027F145D18}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{8D5E0BB2-3EBB-4560-999F-19F7B7508B1F}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{15A32B58-A895-4578-AE12-50EE9252532E}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{88832019-E77A-45E9-B201-22E5068B4C91}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{EA5323CF-2458-4260-A84D-DBE11596C6B8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{49EE1AA9-2567-4821-BCF6-A9468C7228DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1532522F-00B2-4DBB-B023-8D2A0B8FC613}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{025D0AF4-7AF7-4E90-BD64-1F1EE27900AF}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{9987C6E0-A590-40BF-ABD9-B9F4F7F7B889}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{42EF4C04-54CD-495B-B9E4-2815D67A049D}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS0A92\OJJ4600_Full_14\setup\hpznui40.exe
FirewallRules: [{BFDA91D3-88E7-45EA-90E1-FA5F41986CDC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D0EDD75-5231-47A6-A06D-6081CAA2DA0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84C55885-7A9C-41B7-8B16-511727A73E5F}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{4440D0C0-4914-4868-8ECB-792E7442120D}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{62FA2E9D-BAC8-491B-8E02-C47CB713A9C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71EDB5D0-F8DD-4AD8-8B8A-72483AD4EA6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4DE330C-6B57-4531-A6D3-23FD60ECACF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7416686F-D355-4EEF-94DE-E3A7A13EB54B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3A5E8D1-B3C2-4B29-A473-7506A40FF677}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{89592540-A7CC-432C-A333-8DAB4225C347}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD7840D7-2E17-413E-8067-FE73F3083648}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{049A999E-E5A1-40A2-A2DC-7A5BA3C67986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{DB94FF00-2CFD-4E4E-8760-8E1036EFB335}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B1295AD0-642C-4D68-8AD2-8CA6674E06FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B46A62AF-7CAA-4ABA-8C46-9712C411CFE7}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{D10EEF1C-2A4D-42AB-AF40-C66C11EF9367}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{3DD6F610-673C-49E8-9211-667B47F9472F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E534FC5B-C239-477A-9018-35B481E5980C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2BE0B955-D12A-40BB-93F5-576C0F777925}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{80E6C622-56C6-4AE1-ADBA-7ED44809A06C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{60AB0DC1-0727-46EC-9787-F363B64A29CD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4ADFE367-4641-440F-AAE1-4868453B3087}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54DFA08B-7442-4223-B74B-07481EDA2D40}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{37A57A9F-FBC5-457A-AD4C-6BC68D33C678}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9518A4F6-BA04-4A21-973D-C0721B054C4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{93B6E022-D6A4-43B6-A61F-40A2538E23D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{920DC97B-888A-4D7B-B30E-89AC9F5550CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{9F125263-5747-4826-A23B-704C51EBF05E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{A521F3C3-6E82-44F3-991C-6776296F08F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{1B9157CA-1256-4EE0-84A4-126EE3337886}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{C6537D7C-07D7-4204-B47A-8DCD4843882C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{764B26BD-C24E-4D5B-8865-8E068C8EE30D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5427480D-7E5A-4876-86AD-F3243C79F4A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BE4254B-E08D-4743-B391-24E81F1669BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC207AEF-AB44-49C3-B87A-7C97D7725578}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 10:32:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x72724174
Faulting process id: 0x97c
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (07/19/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003ec,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000316EF10.72). hr = 0x80070005, Access is denied.
.

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b08,(null),0,REG_BINARY,0000000002DFDD50.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {e84df962-b5c3-4367-a5d1-3f9789894f0d}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000348,(null),0,REG_BINARY,00000000095FDE50.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c733c054-6173-4c48-a056-88312a362179}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f0,(null),0,REG_BINARY,00000000017DE8F0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8e37b1dd-3bd1-49c1-ad0f-1c3627bdacef}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ac,(null),0,REG_BINARY,0000000001ACE970.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {8e3405d4-ba55-454d-b1ff-a8719fbcff4e}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000200EED0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {26649f3e-dd3e-4db5-93a5-398132a4b11d}


System errors:
=============
Error: (07/20/2015 10:32:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2015 10:28:19 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 10:28:19 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (07/20/2015 10:27:57 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 09:57:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 09:57:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 06:34:51 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 03:13:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
%%1053

Error: (07/20/2015 03:13:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

Error: (07/20/2015 01:00:21 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.


Microsoft Office:
=========================
Error: (07/20/2015 10:32:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000057272417497c01d0c2f84889303eC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown2abf246a-2eec-11e5-8ce2-18a905b8e4ce

Error: (07/19/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000003ec,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000316EF10.72)0x80070005, Access is denied.

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b08,(null),0,REG_BINARY,0000000002DFDD50.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {e84df962-b5c3-4367-a5d1-3f9789894f0d}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000348,(null),0,REG_BINARY,00000000095FDE50.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c733c054-6173-4c48-a056-88312a362179}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001f0,(null),0,REG_BINARY,00000000017DE8F0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8e37b1dd-3bd1-49c1-ad0f-1c3627bdacef}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001ac,(null),0,REG_BINARY,0000000001ACE970.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {8e3405d4-ba55-454d-b1ff-a8719fbcff4e}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000200EED0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {26649f3e-dd3e-4db5-93a5-398132a4b11d}


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 25%
Total physical RAM: 8183.89 MB
Available physical RAM: 6130.72 MB
Total Virtual: 16365.99 MB
Available Virtual: 14125.73 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920 GB) (Free:674.15 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.22 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 9A0D0322)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 11:49 am

Step 2 aswMBR.txt: I thought it had frozen and clicked on stop, then I clicked scan again. Despite the temptation I did not click on anything else. Do you need me to rescan?
Fay


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-07-20 11:43:28
-----------------------------
11:43:28.769 OS Version: Windows x64 6.1.7601 Service Pack 1
11:43:28.769 Number of processors: 4 586 0x403
11:43:28.770 ComputerName: FAY-PC UserName: Admin
11:43:30.961 Initialize success
11:43:31.090 VM: initialized successfully
11:43:31.092 VM: Amd CPU BiosDisabled
11:45:18.412 AVAST engine defs: 15072000
11:45:36.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
11:45:36.555 Disk 0 Vendor: WDC_____ 01.0 Size: 953674MB BusType: 8
11:45:36.774 Disk 0 MBR read successfully
11:45:36.789 Disk 0 MBR scan
11:45:36.789 Disk 0 unknown MBR code
11:45:36.805 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:45:36.805 Disk 0 default boot code
11:45:36.820 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942079 MB offset 206911
11:45:36.867 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11492 MB offset 1929586688
11:45:36.930 Disk 0 scanning C:\Windows\system32\drivers
11:45:49.425 Service scanning
11:46:15.056 Modules scanning
11:46:15.072 Disk 0 trace - called modules:
11:46:15.150 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
11:46:15.165 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007769060]
11:46:15.181 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\0000006a[0xfffffa800758e9c0]
11:46:17.334 AVAST engine scan C:\Windows
11:46:20.313 AVAST engine scan C:\Windows\system32
11:52:35.386 AVAST engine scan C:\Windows\system32\drivers
11:52:53.279 AVAST engine scan C:\Users\Admin
12:03:15.518 Disk 0 statistics 4118776/0/0 @ 3.18 MB/s
12:03:15.518 Scan stopped
12:03:21.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
12:03:21.306 Disk 0 Vendor: WDC_____ 01.0 Size: 953674MB BusType: 8
12:03:21.353 Disk 0 MBR read successfully
12:03:21.368 Disk 0 MBR scan
12:03:21.384 Disk 0 unknown MBR code
12:03:21.384 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:03:21.400 Disk 0 default boot code
12:03:21.415 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942079 MB offset 206911
12:03:21.462 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11492 MB offset 1929586688
12:03:21.462 Disk 0 scanning C:\Windows\system32\drivers
12:03:21.478 Service scanning
12:03:53.208 Modules scanning
12:03:53.224 Disk 0 trace - called modules:
12:03:53.754 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
12:03:53.754 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007769060]
12:03:53.770 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\0000006a[0xfffffa800758e9c0]
12:03:56.796 AVAST engine scan C:\Windows
12:04:08.792 AVAST engine scan C:\Windows\system32
12:09:31.073 AVAST engine scan C:\Windows\system32\drivers
12:09:47.173 AVAST engine scan C:\Users\Admin
12:25:11.866 AVAST engine scan C:\ProgramData
12:55:38.533 Disk 0 statistics 9464838/0/0 @ 1.52 MB/s
12:55:38.533 Scan finished successfully
12:56:39.514 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Documents\MalwareRemoval\MBR.dat"
12:56:39.529 The log file has been saved successfully to "C:\Users\Admin\Documents\MalwareRemoval\aswMBR.txt"
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 2:50 pm

Repost this log please: Addition.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 3:16 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Admin at 2015-07-20 11:31:44
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-765319908-1524800839-1392544109-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-765319908-1524800839-1392544109-500 - Administrator - Disabled)
fay (S-1-5-21-765319908-1524800839-1392544109-1000 - Limited - Enabled) => C:\Users\fay
Guest (S-1-5-21-765319908-1524800839-1392544109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-765319908-1524800839-1392544109-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art of Murder: Cards of Destiny (HKLM-x32\...\BFG-Art of Murder - Cards of Destiny) (Version: - )
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Big Fish Games Toolbar 2.0 (HKLM-x32\...\BfgBar) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brain Training for Dummies (HKLM-x32\...\BFG-Brain Training for Dummies) (Version: - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BVS Solitaire Collection (HKLM-x32\...\BFG-BVS Solitaire Collection) (Version: - )
calibre (HKLM-x32\...\{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}) (Version: 0.8.54 - Kovid Goyal)
Casebook (HKLM-x32\...\BFG-Casebook) (Version: - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - ATI) Hidden
City of Fools (HKLM-x32\...\BFG-City of Fools) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Delicious: Emily's Childhood Memories (HKLM-x32\...\BFG-Delicious - Emilys Childhood Memories) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dragon Keeper (HKLM-x32\...\BFG-Dragon Keeper) (Version: - )
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Fantasy Mosaics 4: Art of Color (HKLM-x32\...\BFG-Fantasy Mosaics 4 - Art of Color) (Version: - 8x86)\Mozilla Firefox"
Task: {2F56CE89-336A-4302-900F-2944F51C5873} - System32\Tasks\{A1BD3732-1EA9-4A93-B02C-2CC6B40F324E} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {331D389E-E7AB-49DA-A475-08244BCE78AF} - System32\Tasks\{8828DAD1-AD23-4932-9305-64F24BEAA215} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {3921128F-4866-4DB6-8D98-B108FB61D69D} - System32\Tasks\{E0D9E4DB-64FC-4EBB-B5C6-489B3D6051A9} => pcalua.exe -a C:\Users\fay\Downloads\hidden-in-time-mirror-mirror_s1_l1_gF2875T1L1_d1400479493.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {46BF2FA4-A53C-46F5-9084-55067D3BFC26} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {4971A075-89B3-4CEF-9EC3-0F822EBEC7F2} - System32\Tasks\{A5F0B333-A364-4323-8BB1-7743EA5367D8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p116509884_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5013628E-4713-44A9-B6DB-CEF460CF633E} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {51226FB1-7086-4454-9252-6C474862FC53} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5518233C-C902-45BF-B482-6E62A8591552} - System32\Tasks\hpUtility.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\utils\hpUtility.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5AA3364F-C0CA-41DC-9515-36B221C87625} - System32\Tasks\{5E4DB0BD-12E7-4775-A91F-83D0743BA7A3} => pcalua.exe -a C:\Users\fay\Downloads\vampire-saga-welcome-to-hell-lock_s1_l1_gF6323T1L1_d1409609995.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5F88543B-EF07-4A89-852E-5B5DD44E9300} - System32\Tasks\{0BCC4E6D-7F8C-4981-AF70-C05CC4446B0B} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p113648313_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {60D25ED5-D881-4185-96BB-1ACEBC0CA784} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {6118F1B6-F630-4267-99AB-A094F947FC39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {6AF902CC-C709-4BFA-9F36-6DDD30E0BA6B} - System32\Tasks\{802F3528-2C30-4C3D-8C7B-61A2DD772380} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {7159177C-AFBF-4B9A-BDF8-F7C1031E51DB} - System32\Tasks\{C06BD782-1773-4F54-B72B-1DB68D94796F} => pcalua.exe -a C:\Users\fay\Downloads\AmazonMP3Installer(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {77AD753E-021D-4544-A72B-02A630F6E4FC} - System32\Tasks\AdobeAAMUpdater-1.0-fay-PC-fay => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {83492967-2AD2-49A2-9C5F-8F8C881A979B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {89E2A58F-EA47-4C56-B622-79929F6C3DDC} - System32\Tasks\{06D86160-58EE-41A5-B52C-04A46A9D6A4F} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {914371EC-C6FB-4BAD-82A1-14BD43CCC787} - System32\Tasks\{5BA80D19-F4C7-4C8B-B234-8B304F355546} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-realm_s1_l1_gF6706T1L1_d1405491713.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {98E9A0CC-5988-44F1-840B-B67B3BD62DC2} - System32\Tasks\HPCeeScheduleForfay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9DF3876E-65A1-445C-AE38-791E5852E9F5} - System32\Tasks\{B3F215A0-F039-4151-B68D-4F363733DE58} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115300164_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {9E6A56B8-718E-4348-B19A-66FE156712EA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {9F0159D1-FAB2-484D-B9E8-43425D049419} - System32\Tasks\{8E7C215D-2D1B-468B-BEAE-F8A5A8C1D283} => pcalua.exe -a C:\Users\fay\Downloads\millennium-secrets-roxannes-necklace_s1_l1_gF6717T1L1_d1406542766.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A0B47B41-ACD5-4F4D-9586-CE2EC7F62CA9} - System32\Tasks\{DAA93FDF-CCC9-4D15-AE86-62EDBBB30ACA} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p51110979_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A23682F2-A635-454F-9623-7F5C1C2CA1F9} - System32\Tasks\{2F539F0C-9984-41E1-877C-9D661BDCB7C2} => pcalua.exe -a C:\Users\fay\Downloads\awakening-the-goblin-kingdom_s1_l1_gF6755T1L1_d1503674067.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A3EC34E4-7E3A-4500-BE3A-28B7424EE626} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4635ABE-5A8E-47DB-A2B6-DD5DEFCB1A43} - System32\Tasks\{8DE967A1-00F6-4FAB-9162-BFDC44C65B99} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A82ABBA2-D46B-437B-9420-E37A19C3B15E} - System32\Tasks\{9DDD666C-4CCB-422C-AB36-58BEA293F1C9} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {AF1FE2BF-AAC2-40F4-8979-DAAA6F74B787} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B3122CC9-8D85-4E42-A60F-CD39AA114ED2} - System32\Tasks\{75E8AF22-6F83-40EF-B51E-694BD2BA1416} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p57039746_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BF10AD13-07D6-49FC-BA1A-748E36656D3D} - System32\Tasks\{3F7AC69A-CC6E-499A-9DF1-A8FB47F36D91} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {C1651896-AFBF-4428-AED5-A0A53038F5FE} - System32\Tasks\{CD20E675-475E-430D-A999-006AF7789AB0} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C4ECBDAD-60AD-4270-A195-07CFA543BA78} - System32\Tasks\{B765C452-2DD4-445C-B510-345FDB0428E3} => pcalua.exe -a C:\Users\fay\Downloads\paranormal-crime-brohood-crescent-snake-ce_s1_l1_gF6692T1L1_d1405578465.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CBF4DDE4-C6CE-4D0B-8F1D-6CB3197E57D9} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D1DD3460-E00C-4249-B638-BF9E85103837} - System32\Tasks\{D7EEFE36-135B-4C36-A4F4-B9AA4AF6A069} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV9PJ45W\bigfishgames_p113088645_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {D32D5A06-51A3-43E7-9D44-8E5F07273084} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {D34DF0F6-A5D9-4A50-A3E6-2F587FA15D20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E0FE40B2-E5EC-4991-9B1C-753E20A68281} - System32\Tasks\{50742193-4A2D-4B16-9B69-E724CC291934} => pcalua.exe -a C:\Users\fay\Downloads\grim-facade-mystery-of-venice_s1_l1_gF6711T1L1_d1400481364.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {E4A4C26E-CAAF-494E-AC05-CE16BCDDA3C7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E83628D6-CB42-4AE7-ABE1-70D002C3DD36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EAA96CAF-B2E4-4F6C-89D1-CDBD073223CD} - System32\Tasks\{2380937D-C008-4C71-A71A-D1ED317D88C2} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-adventures-the-witchs-prison_s1_l1_gF5962T1L1_d1409957749.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EB8DA958-E5FA-4E0B-8BF0-70C46F160A76} - System32\Tasks\{D3C8B2D6-638E-4694-B1C4-423659F5BBD8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115954290_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EC803519-5E73-4709-8CC1-08DA90B39C66} - System32\Tasks\{C93684CC-5C22-41F9-87E4-F5695A3C6FB7} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115215773_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {ED9359A4-C105-43F4-B1CA-4FF144F3EA27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {EE1231F4-9AFF-485E-8D04-F93DA4A1C7FD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {EF35A44F-A33A-4AC7-908A-DDD35C9BBA44} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForfay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (Whitelisted) ==============

2006-12-22 08:31 - 2006-12-22 08:31 - 00108712 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2009-09-19 17:38 - 2009-09-19 17:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-09-07 16:54 - 2009-09-07 16:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2012-06-19 17:23 - 2009-06-03 15:34 - 03764224 _____ () C:\Users\Admin\AppData\Roaming\PictureMover\Bin\Core.dll
2012-06-19 17:23 - 2009-06-03 15:43 - 01703936 _____ () C:\Users\Admin\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:00D77978
AlternateDataStreams: C:\ProgramData\Temp:02CC0035
AlternateDataStreams: C:\ProgramData\Temp:036AA5DD
AlternateDataStreams: C:\ProgramData\Temp:064877B6
AlternateDataStreams: C:\ProgramData\Temp:0696EC8E
AlternateDataStreams: C:\ProgramData\Temp:06C34166
AlternateDataStreams: C:\ProgramData\Temp:07CBFAD5
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B
AlternateDataStreams: C:\ProgramData\Temp:0BACBDD9
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0CEE6109
AlternateDataStreams: C:\ProgramData\Temp:0D454494
AlternateDataStreams: C:\ProgramData\Temp:0E10B960
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:0FAE191E
AlternateDataStreams: C:\ProgramData\Temp:101708D3
AlternateDataStreams: C:\ProgramData\Temp:109734F6
AlternateDataStreams: C:\ProgramData\Temp:10B970A9
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:11EF326F
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:12383CAE
AlternateDataStreams: C:\ProgramData\Temp:124322E4
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:1409277B
AlternateDataStreams: C:\ProgramData\Temp:14362DF8
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:15442FF2
AlternateDataStreams: C:\ProgramData\Temp:162E02F7
AlternateDataStreams: C:\ProgramData\Temp:16F24F2E
AlternateDataStreams: C:\ProgramData\Temp:17BBEBBB
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51
AlternateDataStreams: C:\ProgramData\Temp:195E8317
AlternateDataStreams: C:\ProgramData\Temp:19636FDD
AlternateDataStreams: C:\ProgramData\Temp:1999DD0A
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204
AlternateDataStreams: C:\ProgramData\Temp:1B47CB83
AlternateDataStreams: C:\ProgramData\Temp:1CDEDE11
AlternateDataStreams: C:\ProgramData\Temp:1D5FADCD
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:1E726FBA
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:1EEB23AD
AlternateDataStreams: C:\ProgramData\Temp:2121613F
AlternateDataStreams: C:\ProgramData\Temp:21527199
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0
AlternateDataStreams: C:\ProgramData\Temp:241FA548
AlternateDataStreams: C:\ProgramData\Temp:242E63C5
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:2679D5C1
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:27C3CD07
AlternateDataStreams: C:\ProgramData\Temp:29F0CA7D
AlternateDataStreams: C:\ProgramData\Temp:2A6DC3A2
AlternateDataStreams: C:\ProgramData\Temp:2A9AE786
AlternateDataStreams: C:\ProgramData\Temp:2AC146B9
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2D133896
AlternateDataStreams: C:\ProgramData\Temp:2E636DD9
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:2F474C84
AlternateDataStreams: C:\ProgramData\Temp:2F8138B7
AlternateDataStreams: C:\ProgramData\Temp:3086B95F
AlternateDataStreams: C:\ProgramData\Temp:3118E26B
AlternateDataStreams: C:\ProgramData\Temp:313DE64F
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:3433021E
AlternateDataStreams: C:\ProgramData\Temp:351850A5
AlternateDataStreams: C:\ProgramData\Temp:3571475C
AlternateDataStreams: C:\ProgramData\Temp:35A1F1D2
AlternateDataStreams: C:\ProgramData\Temp:3807D082
AlternateDataStreams: C:\ProgramData\Temp:38F6DFA8
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:39EDBD33
AlternateDataStreams: C:\ProgramData\Temp:3B454A5C
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:3CA557DB
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:3FD69132
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827
AlternateDataStreams: C:\ProgramData\Temp:4009F120
AlternateDataStreams: C:\ProgramData\Temp:409A775B
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:415E77AB
AlternateDataStreams: C:\ProgramData\Temp:426D1496
AlternateDataStreams: C:\ProgramData\Temp:426DA7EE
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:43AA121F
AlternateDataStreams: C:\ProgramData\Temp:43DA85AC
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:44E16D4A
AlternateDataStreams: C:\ProgramData\Temp:453190EC
AlternateDataStreams: C:\ProgramData\Temp:461BD06D
AlternateDataStreams: C:\ProgramData\Temp:46700142
AlternateDataStreams: C:\ProgramData\Temp:46CBC45C
AlternateDataStreams: C:\ProgramData\Temp:48BCFDB6
AlternateDataStreams: C:\ProgramData\Temp:48D2ED03
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:4B244549
AlternateDataStreams: C:\ProgramData\Temp:4BDE2F32
AlternateDataStreams: C:\ProgramData\Temp:4C16B46B
AlternateDataStreams: C:\ProgramData\Temp:4C21784C
AlternateDataStreams: C:\ProgramData\Temp:4C9782FB
AlternateDataStreams: C:\ProgramData\Temp:4D28BE4D
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:4E4ABF17
AlternateDataStreams: C:\ProgramData\Temp:4EFA2FC7
AlternateDataStreams: C:\ProgramData\Temp:500F73A8
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:51E66512
AlternateDataStreams: C:\ProgramData\Temp:538B96B5
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:53DF59D1
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:553056F1
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:56F368C9
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57F8999E
AlternateDataStreams: C:\ProgramData\Temp:58481C6F
AlternateDataStreams: C:\ProgramData\Temp:58B3FE52
AlternateDataStreams: C:\ProgramData\Temp:59289B4E
AlternateDataStreams: C:\ProgramData\Temp:59C64924
AlternateDataStreams: C:\ProgramData\Temp:5A5477A9
AlternateDataStreams: C:\ProgramData\Temp:5B51C28F
AlternateDataStreams: C:\ProgramData\Temp:5C0CABC7
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5D570144
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:5EDB5EE9
AlternateDataStreams: C:\ProgramData\Temp:60E755E6
AlternateDataStreams: C:\ProgramData\Temp:60F6E37A
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:62ECBD75
AlternateDataStreams: C:\ProgramData\Temp:63C29481
AlternateDataStreams: C:\ProgramData\Temp:6444B424
AlternateDataStreams: C:\ProgramData\Temp:664852B0
AlternateDataStreams: C:\ProgramData\Temp:6764D965
AlternateDataStreams: C:\ProgramData\Temp:68899984
AlternateDataStreams: C:\ProgramData\Temp:68A56598
AlternateDataStreams: C:\ProgramData\Temp:68C981DB
AlternateDataStreams: C:\ProgramData\Temp:697C843D
AlternateDataStreams: C:\ProgramData\Temp:6A3BA499
AlternateDataStreams: C:\ProgramData\Temp:6A6D4AF4
AlternateDataStreams: C:\ProgramData\Temp:6B50A605
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6C74C778
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6DEB5611
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:70BDB805
AlternateDataStreams: C:\ProgramData\Temp:71612023
AlternateDataStreams: C:\ProgramData\Temp:71A89A93
AlternateDataStreams: C:\ProgramData\Temp:71B89F61
AlternateDataStreams: C:\ProgramData\Temp:71F04C26
AlternateDataStreams: C:\ProgramData\Temp:7247FE29
AlternateDataStreams: C:\ProgramData\Temp:73CF0D7D
AlternateDataStreams: C:\ProgramData\Temp:74091520
AlternateDataStreams: C:\ProgramData\Temp:751D6870
AlternateDataStreams: C:\ProgramData\Temp:757A3049
AlternateDataStreams: C:\ProgramData\Temp:76466F4C
AlternateDataStreams: C:\ProgramData\Temp:785C7C53
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:7BA83BF4
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7D2A8910
AlternateDataStreams: C:\ProgramData\Temp:7DC5D762
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:7F62E6D0
AlternateDataStreams: C:\ProgramData\Temp:831C6B2D
AlternateDataStreams: C:\ProgramData\Temp:834DD57E
AlternateDataStreams: C:\ProgramData\Temp:85345626
AlternateDataStreams: C:\ProgramData\Temp:85EA4795
AlternateDataStreams: C:\ProgramData\Temp:867812B2
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:87E0E06D
AlternateDataStreams: C:\ProgramData\Temp:88981452
AlternateDataStreams: C:\ProgramData\Temp:895C5142
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:8A737214
AlternateDataStreams: C:\ProgramData\Temp:8AED9359
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8BAD6F90
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:8F2D2441
AlternateDataStreams: C:\ProgramData\Temp:902C848D
AlternateDataStreams: C:\ProgramData\Temp:905BCB57
AlternateDataStreams: C:\ProgramData\Temp:9110335E
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:92CA7E75
AlternateDataStreams: C:\ProgramData\Temp:9338F136
AlternateDataStreams: C:\ProgramData\Temp:94878DD7
AlternateDataStreams: C:\ProgramData\Temp:94B46CA2
AlternateDataStreams: C:\ProgramData\Temp:95198126
AlternateDataStreams: C:\ProgramData\Temp:96AFAB10
AlternateDataStreams: C:\ProgramData\Temp:9732698E
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:98982C88
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:997DA6D7
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:9C3AAD57
AlternateDataStreams: C:\ProgramData\Temp:9C4C9993
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D6EAEC3
AlternateDataStreams: C:\ProgramData\Temp:9D86EE01
AlternateDataStreams: C:\ProgramData\Temp:9EE6560D
AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A1023D41
AlternateDataStreams: C:\ProgramData\Temp:A13B696A
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A3750BE5
AlternateDataStreams: C:\ProgramData\Temp:A384652A
AlternateDataStreams: C:\ProgramData\Temp:A3F7C8F8
AlternateDataStreams: C:\ProgramData\Temp:A4CDE823
AlternateDataStreams: C:\ProgramData\Temp:A5264343
AlternateDataStreams: C:\ProgramData\Temp:A7B70C4E
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD
AlternateDataStreams: C:\ProgramData\Temp:A8185163
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A851461E
AlternateDataStreams: C:\ProgramData\Temp:A866F8A3
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:AABECEFB
AlternateDataStreams: C:\ProgramData\Temp:AB03533D
AlternateDataStreams: C:\ProgramData\Temp:ABFEED8E
AlternateDataStreams: C:\ProgramData\Temp:AC73CDCE
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AF2F9D4A
AlternateDataStreams: C:\ProgramData\Temp:B08E1EB8
AlternateDataStreams: C:\ProgramData\Temp:B1381B34
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B190BE3A
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:B2FEAB71
AlternateDataStreams: C:\ProgramData\Temp:B3196E8D
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B648F38E
AlternateDataStreams: C:\ProgramData\Temp:B6E58523
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B73EC53A
AlternateDataStreams: C:\ProgramData\Temp:B762A0C2
AlternateDataStreams: C:\ProgramData\Temp:B790962B
AlternateDataStreams: C:\ProgramData\Temp:B86927F0
AlternateDataStreams: C:\ProgramData\Temp:B88DC997
AlternateDataStreams: C:\ProgramData\Temp:B942A5C5
AlternateDataStreams: C:\ProgramData\Temp:BA46F44F
AlternateDataStreams: C:\ProgramData\Temp:BABA07C2
AlternateDataStreams: C:\ProgramData\Temp:BC076721
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD0A043E
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BDE93B22
AlternateDataStreams: C:\ProgramData\Temp:BDF08FAF
AlternateDataStreams: C:\ProgramData\Temp:BF6A2C54
AlternateDataStreams: C:\ProgramData\Temp:BF6C81B2
AlternateDataStreams: C:\ProgramData\Temp:C07A6A6B
AlternateDataStreams: C:\ProgramData\Temp:C0913157
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C3702442
AlternateDataStreams: C:\ProgramData\Temp:C370B84F
AlternateDataStreams: C:\ProgramData\Temp:C37283B5
AlternateDataStreams: C:\ProgramData\Temp:C46848E8
AlternateDataStreams: C:\ProgramData\Temp:C49A5AD1
AlternateDataStreams: C:\ProgramData\Temp:C5AE4E07
AlternateDataStreams: C:\ProgramData\Temp:C5EB4127
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8
AlternateDataStreams: C:\ProgramData\Temp:C6920A5D
AlternateDataStreams: C:\ProgramData\Temp:C76CFF82
AlternateDataStreams: C:\ProgramData\Temp:C8182692
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA23BCFD
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:CB16385F
AlternateDataStreams: C:\ProgramData\Temp:CB299F13
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC45913B
AlternateDataStreams: C:\ProgramData\Temp:CC4C59B4
AlternateDataStreams: C:\ProgramData\Temp:CDCDE97C
AlternateDataStreams: C:\ProgramData\Temp:CE506F23
AlternateDataStreams: C:\ProgramData\Temp:D0AD4EA5
AlternateDataStreams: C:\ProgramData\Temp:D1D597D0
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1
AlternateDataStreams: C:\ProgramData\Temp:D93AABC7
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:DCA27D99
AlternateDataStreams: C:\ProgramData\Temp:DEDEEB2F
AlternateDataStreams: C:\ProgramData\Temp:DEEB5C70
AlternateDataStreams: C:\ProgramData\Temp:E0A09032
AlternateDataStreams: C:\ProgramData\Temp:E33C786A
AlternateDataStreams: C:\ProgramData\Temp:E3615992
AlternateDataStreams: C:\ProgramData\Temp:E4272706
AlternateDataStreams: C:\ProgramData\Temp:E47BBD7B
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E66247BD
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B
AlternateDataStreams: C:\ProgramData\Temp:E8074E20
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E87CF820
AlternateDataStreams: C:\ProgramData\Temp:E900132A
AlternateDataStreams: C:\ProgramData\Temp:E9900C74
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED51D3ED
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EE2DD6CC
AlternateDataStreams: C:\ProgramData\Temp:EE7A6A39
AlternateDataStreams: C:\ProgramData\Temp:EE9B2879
AlternateDataStreams: C:\ProgramData\Temp:EEB25EAE
AlternateDataStreams: C:\ProgramData\Temp:F0E908D5
AlternateDataStreams: C:\ProgramData\Temp:F135A76C
AlternateDataStreams: C:\ProgramData\Temp:F1F936DF
AlternateDataStreams: C:\ProgramData\Temp:F2B81C2E
AlternateDataStreams: C:\ProgramData\Temp:F2C34CD7
AlternateDataStreams: C:\ProgramData\Temp:F52A6209
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F72306CC
AlternateDataStreams: C:\ProgramData\Temp:F75FE298
AlternateDataStreams: C:\ProgramData\Temp:F817E159
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
AlternateDataStreams: C:\ProgramData\Temp:F8EBAB95
AlternateDataStreams: C:\ProgramData\Temp:F9153E10
AlternateDataStreams: C:\ProgramData\Temp:FAC7C0A8
AlternateDataStreams: C:\ProgramData\Temp:FACB65E7
AlternateDataStreams: C:\ProgramData\Temp:FB65A4AA
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
AlternateDataStreams: C:\ProgramData\Temp:FD11E093
AlternateDataStreams: C:\ProgramData\Temp:FD38E906
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
AlternateDataStreams: C:\ProgramData\Temp:FF9C44FE
AlternateDataStreams: C:\ProgramData\Temp:FFD38FD9

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7698 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^fay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GumNotes.lnk => C:\Windows\pss\GumNotes.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99E6F953-AF6C-444B-A65D-C6F4A50E21C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7C97B664-D242-4181-A388-913141AF54AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{36EDF6B6-41D1-4CDB-9994-519D9EA3056F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{6EAC32C1-81B5-4431-A19A-00FBCE45E624}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{579DEC31-559F-4FB2-B15B-924B666C09B8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{85B3CEC1-CE56-481B-961F-CD273B0E1CDB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{2D66649C-4C7D-4CFA-B160-4D21FFEE3316}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{E4371197-ABE3-450A-88F3-C741F6E55C2B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{79CD9701-1A28-4A13-8A22-2EDEEA8A003E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9870FEB0-DD8F-4DC6-83F9-FA8EE2E750D4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E4684629-C62D-4DBE-B5FE-E210D7B36643}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{035BC04F-B1F5-473C-A280-6B01D9C1AF34}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{9D3466EF-979F-4E41-BC3E-EFC37AD1281D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6078D94B-EDAF-4C09-BC12-11EBFB8C02A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{173CBDE3-28A9-46AA-9BA3-FF1720549C84}] => (Allow) svchost.exe
FirewallRules: [{43020B60-9C84-40E6-81A3-0E9DD73DFFE7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF4B8492-E491-4BDF-8B3D-0E7AE983C494}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{5BB7594C-D04C-4328-A3AB-E150371ED1E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{2C04A3F2-9BE3-454E-992D-7DA3735C8C10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{6D6B67FC-836E-4BF1-9656-2512E962FCB2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1750E239-2D6A-40DD-931D-73CA56735FFE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1D1C0E76-F5FF-4A7C-B239-A1027F145D18}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{8D5E0BB2-3EBB-4560-999F-19F7B7508B1F}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{15A32B58-A895-4578-AE12-50EE9252532E}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{88832019-E77A-45E9-B201-22E5068B4C91}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{EA5323CF-2458-4260-A84D-DBE11596C6B8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{49EE1AA9-2567-4821-BCF6-A9468C7228DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1532522F-00B2-4DBB-B023-8D2A0B8FC613}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{025D0AF4-7AF7-4E90-BD64-1F1EE27900AF}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{9987C6E0-A590-40BF-ABD9-B9F4F7F7B889}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{42EF4C04-54CD-495B-B9E4-2815D67A049D}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS0A92\OJJ4600_Full_14\setup\hpznui40.exe
FirewallRules: [{BFDA91D3-88E7-45EA-90E1-FA5F41986CDC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D0EDD75-5231-47A6-A06D-6081CAA2DA0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84C55885-7A9C-41B7-8B16-511727A73E5F}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{4440D0C0-4914-4868-8ECB-792E7442120D}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{62FA2E9D-BAC8-491B-8E02-C47CB713A9C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71EDB5D0-F8DD-4AD8-8B8A-72483AD4EA6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4DE330C-6B57-4531-A6D3-23FD60ECACF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7416686F-D355-4EEF-94DE-E3A7A13EB54B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3A5E8D1-B3C2-4B29-A473-7506A40FF677}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{89592540-A7CC-432C-A333-8DAB4225C347}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD7840D7-2E17-413E-8067-FE73F3083648}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{049A999E-E5A1-40A2-A2DC-7A5BA3C67986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{DB94FF00-2CFD-4E4E-8760-8E1036EFB335}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B1295AD0-642C-4D68-8AD2-8CA6674E06FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B46A62AF-7CAA-4ABA-8C46-9712C411CFE7}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{D10EEF1C-2A4D-42AB-AF40-C66C11EF9367}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{3DD6F610-673C-49E8-9211-667B47F9472F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E534FC5B-C239-477A-9018-35B481E5980C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2BE0B955-D12A-40BB-93F5-576C0F777925}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{80E6C622-56C6-4AE1-ADBA-7ED44809A06C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{60AB0DC1-0727-46EC-9787-F363B64A29CD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4ADFE367-4641-440F-AAE1-4868453B3087}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54DFA08B-7442-4223-B74B-07481EDA2D40}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{37A57A9F-FBC5-457A-AD4C-6BC68D33C678}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9518A4F6-BA04-4A21-973D-C0721B054C4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{93B6E022-D6A4-43B6-A61F-40A2538E23D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{920DC97B-888A-4D7B-B30E-89AC9F5550CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{)
Fantasy Mosaics 5 (HKLM-x32\...\BFG-Fantasy Mosaics 5) (Version: - )
Fantasy Mosaics 6: Into the Unknown (HKLM-x32\...\BFG-Fantasy Mosaics 6 - Into the Unknown) (Version: - )
Fantasy Mosaics 7: Our Home (HKLM-x32\...\BFG-Fantasy Mosaics 7 - Our Home) (Version: - )
Farm to Fork (HKLM-x32\...\BFG-Farm to Fork) (Version: - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Final Cut: Encore Collector's Edition (HKLM-x32\...\BFG-Final Cut - Encore Collector's Edition) (Version: - )
Garden Rescue (HKLM-x32\...\BFG-Garden Rescue) (Version: - )
Garden Rescue: Christmas Edition (HKLM-x32\...\BFG-Garden Rescue - Christmas Edition) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Grimm's Hatchery (HKLM-x32\...\BFG-Grimm's Hatchery) (Version: - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Holiday Jigsaw Valentine's Day (HKLM-x32\...\BFG-Holiday Jigsaw Valentines Day) (Version: - )
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP OfficeJet J4600 All-In-One Series (HKLM\...\{4945F319-A24D-454C-A411-F3689987315D}) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
HydraVision (x32 Version: 4.2.128.0 - ATI Technologies Inc.) Hidden
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Quest Solitaire (HKLM-x32\...\BFG-Jewel Quest Solitaire) (Version: - )
Jigsaw World Tour (HKLM-x32\...\BFG-Jigsaw World Tour) (Version: - )
Jigsaws Galore (HKLM-x32\...\BFG-Jigsaws Galore) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Mah-Jomino (HKLM-x32\...\BFG-Mah-Jomino) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mosaics Galore (HKLM-x32\...\BFG-Mosaics Galore) (Version: - )
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mr. Puzzle (HKLM-x32\...\BFG-Mr. Puzzle) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Kingdom for the Princess II (HKLM-x32\...\BFG-My Kingdom for the Princess II) (Version: - )
My Kingdom for the Princess III (HKLM-x32\...\BFG-My Kingdom for the Princess III) (Version: - )
Mystery Riddles (HKLM-x32\...\BFG-Mystery Riddles) (Version: - )
Nancy Drew - Curse of Blackmoor Manor (HKLM-x32\...\BFG-Nancy Drew - Curse of Blackmoor Manor) (Version: - )
Nancy Drew - Last Train to Blue Moon Canyon (HKLM-x32\...\BFG-Nancy Drew - Last Train to Blue Moon Canyon) (Version: - )
Nancy Drew - Secret Of The Old Clock (HKLM-x32\...\BFG-Nancy Drew - Secret Of The Old Clock) (Version: - )
Nancy Drew: Alibi in Ashes (HKLM-x32\...\BFG-Nancy Drew - Alibi in Ashes) (Version: - )
Nancy Drew: Ghost Dogs of Moon Lake (HKLM-x32\...\BFG-Nancy Drew - Ghost Dogs of Moon Lake) (Version: - )
Nancy Drew: Message in a Haunted Mansion (HKLM-x32\...\BFG-Nancy Drew - Message in a Haunted Mansion) (Version: - )
Nancy Drew: Secret of Shadow Ranch (HKLM-x32\...\BFG-Nancy Drew - Secret of Shadow Ranch) (Version: - )
Nancy Drew: Secret of the Scarlet Hand (HKLM-x32\...\BFG-Nancy Drew - Secret of the Scarlet Hand) (Version: - )
Nancy Drew: Shadow at the Water's Edge (HKLM-x32\...\BFG-Nancy Drew - Shadow at the Water's Edge) (Version: - )
Nancy Drew: The Captive Curse (HKLM-x32\...\BFG-Nancy Drew - The Captive Curse) (Version: - )
Nancy Drew: The Deadly Device (HKLM-x32\...\BFG-Nancy Drew - The Deadly Device) (Version: - )
Nancy Drew: The Final Scene (HKLM-x32\...\BFG-Nancy Drew - The Final Scene) (Version: - )
Nancy Drew: The Haunted Carousel (HKLM-x32\...\BFG-Nancy Drew - The Haunted Carousel) (Version: - )
Nancy Drew: The Silent Spy (HKLM-x32\...\BFG-Nancy Drew - The Silent Spy) (Version: - )
Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\BFG-Nancy Drew - Tomb of the Lost Queen) (Version: - )
Nancy Drew: Treasure in the Royal Tower (HKLM-x32\...\BFG-Nancy Drew - Treasure in the Royal Tower) (Version: - )
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Off the Record: Linden Shades (HKLM-x32\...\BFG-Off the Record - Linden Shades) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
Profiler: The Hopscotch Killer (HKLM-x32\...\BFG-Profiler - The Hopscotch Killer) (Version: - )
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Royal Jigsaw 2 (HKLM-x32\...\BFG-Royal Jigsaw 2) (Version: - )
Royal Jigsaw 3 (HKLM-x32\...\BFG-Royal Jigsaw 3) (Version: - )
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sudoku Latin Squares (HKLM-x32\...\BFG-Sudoku Latin Squares) (Version: - )
Surface: Alone in the Mist (HKLM-x32\...\BFG-Surface - Alone in the Mist) (Version: - )
System Requirements Lab Detection (HKLM-x32\...\{F0DA240C-897C-41D2-84C1-5D6AA0DE9469}) (Version: 6.1.4.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
Toolbar - Big Fish Games (HKLM-x32\...\bfgbartb) (Version: 2.1.0.13 - Big Fish Games, Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toy Defense 3 - Fantasy (HKLM-x32\...\BFG-Toy Defense 3 - Fantasy) (Version: - )
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Victorian Mysteries&reg;: The Yellow Room (HKLM-x32\...\BFG-Victorian Mysteries - The Yellow Room) (Version: - )
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Who Am I (HKLM-x32\...\BFG-Who Am I) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-07-2015 01:02:35 Scheduled Checkpoint
15-07-2015 03:00:15 Windows Update
16-07-2015 03:34:34 Windows Modules Installer
18-07-2015 08:18:26 Removed HP Advisor.
19-07-2015 08:08:49 JRT Pre-Junkware Removal
19-07-2015 08:59:04 JRT Pre-Junkware Removal
19-07-2015 10:39:50 Checkpoint by HitmanPro
19-07-2015 10:41:12 Checkpoint by HitmanPro
19-07-2015 11:18:10 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2011-11-04 08:47 - 00438159 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D631F9-6DCA-432C-A9C7-D407692F7D1C} - System32\Tasks\{179D2D17-B958-4B7C-8F8B-A6CBCFAE6F11} => pcalua.exe -a C:\Users\fay\Downloads\secrets-of-the-dark-temple-of-night_s1_l1_gF6256T1L1_d1406545218.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {0535DFE5-701A-471E-8BA1-E2CF3ABEB379} - System32\Tasks\{A676903C-C45B-43DD-B071-656C0D92EFA0} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {0A67F522-8CD5-4DD3-A529-ED518D1FC895} - System32\Tasks\{C84D2EF9-E08E-44A9-A7B6-2E86464BBC94} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p121211816_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {14DC0128-5252-4899-AC7E-A123E79E9408} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {1E13B6B2-2D0F-4DA0-AE7E-DE52AD8B92BE} - System32\Tasks\{79685DBF-5F4C-4AEA-AFB7-C1ED2DB41E0C} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O2CSLK4\bigfishgames_p112925717_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {1E90514A-EB91-4968-94D8-E553B637C41A} - System32\Tasks\{ED30F6FA-38B3-4725-BA43-1EF26CA831C6} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115435087_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {200F5A5A-A50D-4AAA-9A29-E523B1538E61} - System32\Tasks\{90D193A4-E211-4A06-9DD9-727E49FBC3A4} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTTLWFO\bigfishgames_p121269908_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {201A1A3B-E447-4504-A8C7-8CE574A9CA48} - System32\Tasks\{AA44B4F2-DAE0-4AE8-8E5E-6EC68617D43C} => pcalua.exe -a C:\Users\fay\Downloads\mystic-gateways-the-celestial-quest_s1_l1_gF5955T1L1_d1406544644.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2662C3F7-4CCD-4DED-B987-E3D19BFAB4D2} - System32\Tasks\{6B8A9F89-3147-423A-8493-B73FF25620FC} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(1).exe -d "C:\Program Files )F125263-5747-4826-A23B-704C51EBF05E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{A521F3C3-6E82-44F3-991C-6776296F08F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{1B9157CA-1256-4EE0-84A4-126EE3337886}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{C6537D7C-07D7-4204-B47A-8DCD4843882C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{764B26BD-C24E-4D5B-8865-8E068C8EE30D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5427480D-7E5A-4876-86AD-F3243C79F4A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BE4254B-E08D-4743-B391-24E81F1669BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC207AEF-AB44-49C3-B87A-7C97D7725578}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 10:32:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x72724174
Faulting process id: 0x97c
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (07/19/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003ec,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000316EF10.72). hr = 0x80070005, Access is denied.
.

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b08,(null),0,REG_BINARY,0000000002DFDD50.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {e84df962-b5c3-4367-a5d1-3f9789894f0d}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000348,(null),0,REG_BINARY,00000000095FDE50.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c733c054-6173-4c48-a056-88312a362179}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f0,(null),0,REG_BINARY,00000000017DE8F0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8e37b1dd-3bd1-49c1-ad0f-1c3627bdacef}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ac,(null),0,REG_BINARY,0000000001ACE970.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {8e3405d4-ba55-454d-b1ff-a8719fbcff4e}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000200EED0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {26649f3e-dd3e-4db5-93a5-398132a4b11d}


System errors:
=============
Error: (07/20/2015 10:32:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2015 10:28:19 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 10:28:19 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (07/20/2015 10:27:57 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 09:57:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 09:57:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 06:34:51 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 03:13:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
%%1053

Error: (07/20/2015 03:13:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

Error: (07/20/2015 01:00:21 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.


Microsoft Office:
=========================
Error: (07/20/2015 10:32:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000057272417497c01d0c2f84889303eC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown2abf246a-2eec-11e5-8ce2-18a905b8e4ce

Error: (07/19/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000003ec,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000316EF10.72)0x80070005, Access is denied.

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b08,(null),0,REG_BINARY,0000000002DFDD50.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {e84df962-b5c3-4367-a5d1-3f9789894f0d}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000348,(null),0,REG_BINARY,00000000095FDE50.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c733c054-6173-4c48-a056-88312a362179}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001f0,(null),0,REG_BINARY,00000000017DE8F0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8e37b1dd-3bd1-49c1-ad0f-1c3627bdacef}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001ac,(null),0,REG_BINARY,0000000001ACE970.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {8e3405d4-ba55-454d-b1ff-a8719fbcff4e}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000200EED0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {26649f3e-dd3e-4db5-93a5-398132a4b11d}


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 25%
Total physical RAM: 8183.89 MB
Available physical RAM: 6130.72 MB
Total Virtual: 16365.99 MB
Available Virtual: 14125.73 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920 GB) (Free:674.15 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.22 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 9A0D0322)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 3:25 pm

You are not getting all the information from the file into the post. Are you copying the file in sections?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 3:46 pm

In notepad, I clicked on Edit- Select All - Edit - Copy - then right click - paste into the subject box of quick reply.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Admin at 2015-07-20 11:31:44
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-765319908-1524800839-1392544109-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-765319908-1524800839-1392544109-500 - Administrator - Disabled)
fay (S-1-5-21-765319908-1524800839-1392544109-1000 - Limited - Enabled) => C:\Users\fay
Guest (S-1-5-21-765319908-1524800839-1392544109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-765319908-1524800839-1392544109-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art of Murder: Cards of Destiny (HKLM-x32\...\BFG-Art of Murder - Cards of Destiny) (Version: - )
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Big Fish Games Toolbar 2.0 (HKLM-x32\...\BfgBar) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brain Training for Dummies (HKLM-x32\...\BFG-Brain Training for Dummies) (Version: - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BVS Solitaire Collection (HKLM-x32\...\BFG-BVS Solitaire Collection) (Version: - )
calibre (HKLM-x32\...\{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}) (Version: 0.8.54 - Kovid Goyal)
Casebook (HKLM-x32\...\BFG-Casebook) (Version: - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - ATI) Hidden
City of Fools (HKLM-x32\...\BFG-City of Fools) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Delicious: Emily's Childhood Memories (HKLM-x32\...\BFG-Delicious - Emilys Childhood Memories) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dragon Keeper (HKLM-x32\...\BFG-Dragon Keeper) (Version: - )
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Fantasy Mosaics 4: Art of Color (HKLM-x32\...\BFG-Fantasy Mosaics 4 - Art of Color) (Version: - )
Fantasy Mosaics 5 (HKLM-x32\...\BFG-Fantasy Mosaics 5) (Version: - )
Fantasy Mosaics 6: Into the Unknown (HKLM-x32\...\BFG-Fantasy Mosaics 6 - Into the Unknown) (Version: - )
Fantasy Mosaics 7: Our Home (HKLM-x32\...\BFG-Fantasy Mosaics 7 - Our Home) (Version: - )
Farm to Fork (HKLM-x32\...\BFG-Farm to Fork) (Version: - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Final Cut: Encore Collector's Edition (HKLM-x32\...\BFG-Final Cut - Encore Collector's Edition) (Version: - )
Garden Rescue (HKLM-x32\...\BFG-Garden Rescue) (Version: - )
Garden Rescue: Christmas Edition (HKLM-x32\...\BFG-Garden Rescue - Christmas Edition) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Grimm's Hatchery (HKLM-x32\...\BFG-Grimm's Hatchery) (Version: - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Holiday Jigsaw Valentine's Day (HKLM-x32\...\BFG-Holiday Jigsaw Valentines Day) (Version: - )
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP OfficeJet J4600 All-In-One Series (HKLM\...\{4945F319-A24D-454C-A411-F3689987315D}) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
HydraVision (x32 Version: 4.2.128.0 - ATI Technologies Inc.) Hidden
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Quest Solitaire (HKLM-x32\...\BFG-Jewel Quest Solitaire) (Version: - )
Jigsaw World Tour (HKLM-x32\...\BFG-Jigsaw World Tour) (Version: - )
Jigsaws Galore (HKLM-x32\...\BFG-Jigsaws Galore) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Mah-Jomino (HKLM-x32\...\BFG-Mah-Jomino) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mosaics Galore (HKLM-x32\...\BFG-Mosaics Galore) (Version: - )
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mr. Puzzle (HKLM-x32\...\BFG-Mr. Puzzle) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Kingdom for the Princess II (HKLM-x32\...\BFG-My Kingdom for the Princess II) (Version: - )
My Kingdom for the Princess III (HKLM-x32\...\BFG-My Kingdom for the Princess III) (Version: - )
Mystery Riddles (HKLM-x32\...\BFG-Mystery Riddles) (Version: - )
Nancy Drew - Curse of Blackmoor Manor (HKLM-x32\...\BFG-Nancy Drew - Curse of Blackmoor Manor) (Version: - )
Nancy Drew - Last Train to Blue Moon Canyon (HKLM-x32\...\BFG-Nancy Drew - Last Train to Blue Moon Canyon) (Version: - )
Nancy Drew - Secret Of The Old Clock (HKLM-x32\...\BFG-Nancy Drew - Secret Of The Old Clock) (Version: - )
Nancy Drew: Alibi in Ashes (HKLM-x32\...\BFG-Nancy Drew - Alibi in Ashes) (Version: - )
Nancy Drew: Ghost Dogs of Moon Lake (HKLM-x32\...\BFG-Nancy Drew - Ghost Dogs of Moon Lake) (Version: - )
Nancy Drew: Message in a Haunted Mansion (HKLM-x32\...\BFG-Nancy Drew - Message in a Haunted Mansion) (Version: - )
Nancy Drew: Secret of Shadow Ranch (HKLM-x32\...\BFG-Nancy Drew - Secret of Shadow Ranch) (Version: - )
Nancy Drew: Secret of the Scarlet Hand (HKLM-x32\...\BFG-Nancy Drew - Secret of the Scarlet Hand) (Version: - )
Nancy Drew: Shadow at the Water's Edge (HKLM-x32\...\BFG-Nancy Drew - Shadow at the Water's Edge) (Version: - )
Nancy Drew: The Captive Curse (HKLM-x32\...\BFG-Nancy Drew - The Captive Curse) (Version: - )
Nancy Drew: The Deadly Device (HKLM-x32\...\BFG-Nancy Drew - The Deadly Device) (Version: - )
Nancy Drew: The Final Scene (HKLM-x32\...\BFG-Nancy Drew - The Final Scene) (Version: - )
Nancy Drew: The Haunted Carousel (HKLM-x32\...\BFG-Nancy Drew - The Haunted Carousel) (Version: - )
Nancy Drew: The Silent Spy (HKLM-x32\...\BFG-Nancy Drew - The Silent Spy) (Version: - )
Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\BFG-Nancy Drew - Tomb of the Lost Queen) (Version: - )
Nancy Drew: Treasure in the Royal Tower (HKLM-x32\...\BFG-Nancy Drew - Treasure in the Royal Tower) (Version: - )
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Off the Record: Linden Shades (HKLM-x32\...\BFG-Off the Record - Linden Shades) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
Profiler: The Hopscotch Killer (HKLM-x32\...\BFG-Profiler - The Hopscotch Killer) (Version: - )
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Royal Jigsaw 2 (HKLM-x32\...\BFG-Royal Jigsaw 2) (Version: - )
Royal Jigsaw 3 (HKLM-x32\...\BFG-Royal Jigsaw 3) (Version: - )
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sudoku Latin Squares (HKLM-x32\...\BFG-Sudoku Latin Squares) (Version: - )
Surface: Alone in the Mist (HKLM-x32\...\BFG-Surface - Alone in the Mist) (Version: - )
System Requirements Lab Detection (HKLM-x32\...\{F0DA240C-897C-41D2-84C1-5D6AA0DE9469}) (Version: 6.1.4.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
Toolbar - Big Fish Games (HKLM-x32\...\bfgbartb) (Version: 2.1.0.13 - Big Fish Games, Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toy Defense 3 - Fantasy (HKLM-x32\...\BFG-Toy Defense 3 - Fantasy) (Version: - )
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Victorian Mysteries&reg;: The Yellow Room (HKLM-x32\...\BFG-Victorian Mysteries - The Yellow Room) (Version: - )
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Who Am I (HKLM-x32\...\BFG-Who Am I) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-07-2015 01:02:35 Scheduled Checkpoint
15-07-2015 03:00:15 Windows Update
16-07-2015 03:34:34 Windows Modules Installer
18-07-2015 08:18:26 Removed HP Advisor.
19-07-2015 08:08:49 JRT Pre-Junkware Removal
19-07-2015 08:59:04 JRT Pre-Junkware Removal
19-07-2015 10:39:50 Checkpoint by HitmanPro
19-07-2015 10:41:12 Checkpoint by HitmanPro
19-07-2015 11:18:10 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2011-11-04 08:47 - 00438159 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D631F9-6DCA-432C-A9C7-D407692F7D1C} - System32\Tasks\{179D2D17-B958-4B7C-8F8B-A6CBCFAE6F11} => pcalua.exe -a C:\Users\fay\Downloads\secrets-of-the-dark-temple-of-night_s1_l1_gF6256T1L1_d1406545218.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {0535DFE5-701A-471E-8BA1-E2CF3ABEB379} - System32\Tasks\{A676903C-C45B-43DD-B071-656C0D92EFA0} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {0A67F522-8CD5-4DD3-A529-ED518D1FC895} - System32\Tasks\{C84D2EF9-E08E-44A9-A7B6-2E86464BBC94} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p121211816_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {14DC0128-5252-4899-AC7E-A123E79E9408} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {1E13B6B2-2D0F-4DA0-AE7E-DE52AD8B92BE} - System32\Tasks\{79685DBF-5F4C-4AEA-AFB7-C1ED2DB41E0C} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O2CSLK4\bigfishgames_p112925717_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {1E90514A-EB91-4968-94D8-E553B637C41A} - System32\Tasks\{ED30F6FA-38B3-4725-BA43-1EF26CA831C6} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115435087_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {200F5A5A-A50D-4AAA-9A29-E523B1538E61} - System32\Tasks\{90D193A4-E211-4A06-9DD9-727E49FBC3A4} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTTLWFO\bigfishgames_p121269908_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {201A1A3B-E447-4504-A8C7-8CE574A9CA48} - System32\Tasks\{AA44B4F2-DAE0-4AE8-8E5E-6EC68617D43C} => pcalua.exe -a C:\Users\fay\Downloads\mystic-gateways-the-celestial-quest_s1_l1_gF5955T1L1_d1406544644.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2662C3F7-4CCD-4DED-B987-E3D19BFAB4D2} - System32\Tasks\{6B8A9F89-3147-423A-8493-B73FF25620FC} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2F56CE89-336A-4302-900F-2944F51C5873} - System32\Tasks\{A1BD3732-1EA9-4A93-B02C-2CC6B40F324E} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {331D389E-E7AB-49DA-A475-08244BCE78AF} - System32\Tasks\{8828DAD1-AD23-4932-9305-64F24BEAA215} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {3921128F-4866-4DB6-8D98-B108FB61D69D} - System32\Tasks\{E0D9E4DB-64FC-4EBB-B5C6-489B3D6051A9} => pcalua.exe -a C:\Users\fay\Downloads\hidden-in-time-mirror-mirror_s1_l1_gF2875T1L1_d1400479493.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {46BF2FA4-A53C-46F5-9084-55067D3BFC26} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {4971A075-89B3-4CEF-9EC3-0F822EBEC7F2} - System32\Tasks\{A5F0B333-A364-4323-8BB1-7743EA5367D8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p116509884_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5013628E-4713-44A9-B6DB-CEF460CF633E} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {51226FB1-7086-4454-9252-6C474862FC53} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5518233C-C902-45BF-B482-6E62A8591552} - System32\Tasks\hpUtility.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\utils\hpUtility.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5AA3364F-C0CA-41DC-9515-36B221C87625} - System32\Tasks\{5E4DB0BD-12E7-4775-A91F-83D0743BA7A3} => pcalua.exe -a C:\Users\fay\Downloads\vampire-saga-welcome-to-hell-lock_s1_l1_gF6323T1L1_d1409609995.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5F88543B-EF07-4A89-852E-5B5DD44E9300} - System32\Tasks\{0BCC4E6D-7F8C-4981-AF70-C05CC4446B0B} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p113648313_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {60D25ED5-D881-4185-96BB-1ACEBC0CA784} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {6118F1B6-F630-4267-99AB-A094F947FC39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {6AF902CC-C709-4BFA-9F36-6DDD30E0BA6B} - System32\Tasks\{802F3528-2C30-4C3D-8C7B-61A2DD772380} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {7159177C-AFBF-4B9A-BDF8-F7C1031E51DB} - System32\Tasks\{C06BD782-1773-4F54-B72B-1DB68D94796F} => pcalua.exe -a C:\Users\fay\Downloads\AmazonMP3Installer(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {77AD753E-021D-4544-A72B-02A630F6E4FC} - System32\Tasks\AdobeAAMUpdater-1.0-fay-PC-fay => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {83492967-2AD2-49A2-9C5F-8F8C881A979B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {89E2A58F-EA47-4C56-B622-79929F6C3DDC} - System32\Tasks\{06D86160-58EE-41A5-B52C-04A46A9D6A4F} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {914371EC-C6FB-4BAD-82A1-14BD43CCC787} - System32\Tasks\{5BA80D19-F4C7-4C8B-B234-8B304F355546} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-realm_s1_l1_gF6706T1L1_d1405491713.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {98E9A0CC-5988-44F1-840B-B67B3BD62DC2} - System32\Tasks\HPCeeScheduleForfay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9DF3876E-65A1-445C-AE38-791E5852E9F5} - System32\Tasks\{B3F215A0-F039-4151-B68D-4F363733DE58} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115300164_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {9E6A56B8-718E-4348-B19A-66FE156712EA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {9F0159D1-FAB2-484D-B9E8-43425D049419} - System32\Tasks\{8E7C215D-2D1B-468B-BEAE-F8A5A8C1D283} => pcalua.exe -a C:\Users\fay\Downloads\millennium-secrets-roxannes-necklace_s1_l1_gF6717T1L1_d1406542766.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A0B47B41-ACD5-4F4D-9586-CE2EC7F62CA9} - System32\Tasks\{DAA93FDF-CCC9-4D15-AE86-62EDBBB30ACA} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p51110979_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A23682F2-A635-454F-9623-7F5C1C2CA1F9} - System32\Tasks\{2F539F0C-9984-41E1-877C-9D661BDCB7C2} => pcalua.exe -a C:\Users\fay\Downloads\awakening-the-goblin-kingdom_s1_l1_gF6755T1L1_d1503674067.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A3EC34E4-7E3A-4500-BE3A-28B7424EE626} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4635ABE-5A8E-47DB-A2B6-DD5DEFCB1A43} - System32\Tasks\{8DE967A1-00F6-4FAB-9162-BFDC44C65B99} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A82ABBA2-D46B-437B-9420-E37A19C3B15E} - System32\Tasks\{9DDD666C-4CCB-422C-AB36-58BEA293F1C9} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {AF1FE2BF-AAC2-40F4-8979-DAAA6F74B787} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B3122CC9-8D85-4E42-A60F-CD39AA114ED2} - System32\Tasks\{75E8AF22-6F83-40EF-B51E-694BD2BA1416} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p57039746_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BF10AD13-07D6-49FC-BA1A-748E36656D3D} - System32\Tasks\{3F7AC69A-CC6E-499A-9DF1-A8FB47F36D91} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {C1651896-AFBF-4428-AED5-A0A53038F5FE} - System32\Tasks\{CD20E675-475E-430D-A999-006AF7789AB0} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C4ECBDAD-60AD-4270-A195-07CFA543BA78} - System32\Tasks\{B765C452-2DD4-445C-B510-345FDB0428E3} => pcalua.exe -a C:\Users\fay\Downloads\paranormal-crime-brohood-crescent-snake-ce_s1_l1_gF6692T1L1_d1405578465.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CBF4DDE4-C6CE-4D0B-8F1D-6CB3197E57D9} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D1DD3460-E00C-4249-B638-BF9E85103837} - System32\Tasks\{D7EEFE36-135B-4C36-A4F4-B9AA4AF6A069} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV9PJ45W\bigfishgames_p113088645_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {D32D5A06-51A3-43E7-9D44-8E5F07273084} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {D34DF0F6-A5D9-4A50-A3E6-2F587FA15D20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E0FE40B2-E5EC-4991-9B1C-753E20A68281} - System32\Tasks\{50742193-4A2D-4B16-9B69-E724CC291934} => pcalua.exe -a C:\Users\fay\Downloads\grim-facade-mystery-of-venice_s1_l1_gF6711T1L1_d1400481364.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {E4A4C26E-CAAF-494E-AC05-CE16BCDDA3C7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E83628D6-CB42-4AE7-ABE1-70D002C3DD36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EAA96CAF-B2E4-4F6C-89D1-CDBD073223CD} - System32\Tasks\{2380937D-C008-4C71-A71A-D1ED317D88C2} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-adventures-the-witchs-prison_s1_l1_gF5962T1L1_d1409957749.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EB8DA958-E5FA-4E0B-8BF0-70C46F160A76} - System32\Tasks\{D3C8B2D6-638E-4694-B1C4-423659F5BBD8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115954290_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EC803519-5E73-4709-8CC1-08DA90B39C66} - System32\Tasks\{C93684CC-5C22-41F9-87E4-F5695A3C6FB7} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115215773_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {ED9359A4-C105-43F4-B1CA-4FF144F3EA27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {EE1231F4-9AFF-485E-8D04-F93DA4A1C7FD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {EF35A44F-A33A-4AC7-908A-DDD35C9BBA44} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForfay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (Whitelisted) ==============

2006-12-22 08:31 - 2006-12-22 08:31 - 00108712 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2009-09-19 17:38 - 2009-09-19 17:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-09-07 16:54 - 2009-09-07 16:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2012-06-19 17:23 - 2009-06-03 15:34 - 03764224 _____ () C:\Users\Admin\AppData\Roaming\PictureMover\Bin\Core.dll
2012-06-19 17:23 - 2009-06-03 15:43 - 01703936 _____ () C:\Users\Admin\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:00D77978
AlternateDataStreams: C:\ProgramData\Temp:02CC0035
AlternateDataStreams: C:\ProgramData\Temp:036AA5DD
AlternateDataStreams: C:\ProgramData\Temp:064877B6
AlternateDataStreams: C:\ProgramData\Temp:0696EC8E
AlternateDataStreams: C:\ProgramData\Temp:06C34166
AlternateDataStreams: C:\ProgramData\Temp:07CBFAD5
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B
AlternateDataStreams: C:\ProgramData\Temp:0BACBDD9
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0CEE6109
AlternateDataStreams: C:\ProgramData\Temp:0D454494
AlternateDataStreams: C:\ProgramData\Temp:0E10B960
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:0FAE191E
AlternateDataStreams: C:\ProgramData\Temp:101708D3
AlternateDataStreams: C:\ProgramData\Temp:109734F6
AlternateDataStreams: C:\ProgramData\Temp:10B970A9
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:11EF326F
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:12383CAE
AlternateDataStreams: C:\ProgramData\Temp:124322E4
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:1409277B
AlternateDataStreams: C:\ProgramData\Temp:14362DF8
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:15442FF2
AlternateDataStreams: C:\ProgramData\Temp:162E02F7
AlternateDataStreams: C:\ProgramData\Temp:16F24F2E
AlternateDataStreams: C:\ProgramData\Temp:17BBEBBB
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51
AlternateDataStreams: C:\ProgramData\Temp:195E8317
AlternateDataStreams: C:\ProgramData\Temp:19636FDD
AlternateDataStreams: C:\ProgramData\Temp:1999DD0A
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204
AlternateDataStreams: C:\ProgramData\Temp:1B47CB83
AlternateDataStreams: C:\ProgramData\Temp:1CDEDE11
AlternateDataStreams: C:\ProgramData\Temp:1D5FADCD
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:1E726FBA
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:1EEB23AD
AlternateDataStreams: C:\ProgramData\Temp:2121613F
AlternateDataStreams: C:\ProgramData\Temp:21527199
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0
AlternateDataStreams: C:\ProgramData\Temp:241FA548
AlternateDataStreams: C:\ProgramData\Temp:242E63C5
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:2679D5C1
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:27C3CD07
AlternateDataStreams: C:\ProgramData\Temp:29F0CA7D
AlternateDataStreams: C:\ProgramData\Temp:2A6DC3A2
AlternateDataStreams: C:\ProgramData\Temp:2A9AE786
AlternateDataStreams: C:\ProgramData\Temp:2AC146B9
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2D133896
AlternateDataStreams: C:\ProgramData\Temp:2E636DD9
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:2F474C84
AlternateDataStreams: C:\ProgramData\Temp:2F8138B7
AlternateDataStreams: C:\ProgramData\Temp:3086B95F
AlternateDataStreams: C:\ProgramData\Temp:3118E26B
AlternateDataStreams: C:\ProgramData\Temp:313DE64F
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:3433021E
AlternateDataStreams: C:\ProgramData\Temp:351850A5
AlternateDataStreams: C:\ProgramData\Temp:3571475C
AlternateDataStreams: C:\ProgramData\Temp:35A1F1D2
AlternateDataStreams: C:\ProgramData\Temp:3807D082
AlternateDataStreams: C:\ProgramData\Temp:38F6DFA8
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:39EDBD33
AlternateDataStreams: C:\ProgramData\Temp:3B454A5C
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:3CA557DB
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:3FD69132
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827
AlternateDataStreams: C:\ProgramData\Temp:4009F120
AlternateDataStreams: C:\ProgramData\Temp:409A775B
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:415E77AB
AlternateDataStreams: C:\ProgramData\Temp:426D1496
AlternateDataStreams: C:\ProgramData\Temp:426DA7EE
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:43AA121F
AlternateDataStreams: C:\ProgramData\Temp:43DA85AC
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:44E16D4A
AlternateDataStreams: C:\ProgramData\Temp:453190EC
AlternateDataStreams: C:\ProgramData\Temp:461BD06D
AlternateDataStreams: C:\ProgramData\Temp:46700142
AlternateDataStreams: C:\ProgramData\Temp:46CBC45C
AlternateDataStreams: C:\ProgramData\Temp:48BCFDB6
AlternateDataStreams: C:\ProgramData\Temp:48D2ED03
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:4B244549
AlternateDataStreams: C:\ProgramData\Temp:4BDE2F32
AlternateDataStreams: C:\ProgramData\Temp:4C16B46B
AlternateDataStreams: C:\ProgramData\Temp:4C21784C
AlternateDataStreams: C:\ProgramData\Temp:4C9782FB
AlternateDataStreams: C:\ProgramData\Temp:4D28BE4D
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:4E4ABF17
AlternateDataStreams: C:\ProgramData\Temp:4EFA2FC7
AlternateDataStreams: C:\ProgramData\Temp:500F73A8
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:51E66512
AlternateDataStreams: C:\ProgramData\Temp:538B96B5
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:53DF59D1
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:553056F1
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:56F368C9
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57F8999E
AlternateDataStreams: C:\ProgramData\Temp:58481C6F
AlternateDataStreams: C:\ProgramData\Temp:58B3FE52
AlternateDataStreams: C:\ProgramData\Temp:59289B4E
AlternateDataStreams: C:\ProgramData\Temp:59C64924
AlternateDataStreams: C:\ProgramData\Temp:5A5477A9
AlternateDataStreams: C:\ProgramData\Temp:5B51C28F
AlternateDataStreams: C:\ProgramData\Temp:5C0CABC7
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5D570144
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:5EDB5EE9
AlternateDataStreams: C:\ProgramData\Temp:60E755E6
AlternateDataStreams: C:\ProgramData\Temp:60F6E37A
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:62ECBD75
AlternateDataStreams: C:\ProgramData\Temp:63C29481
AlternateDataStreams: C:\ProgramData\Temp:6444B424
AlternateDataStreams: C:\ProgramData\Temp:664852B0
AlternateDataStreams: C:\ProgramData\Temp:6764D965
AlternateDataStreams: C:\ProgramData\Temp:68899984
AlternateDataStreams: C:\ProgramData\Temp:68A56598
AlternateDataStreams: C:\ProgramData\Temp:68C981DB
AlternateDataStreams: C:\ProgramData\Temp:697C843D
AlternateDataStreams: C:\ProgramData\Temp:6A3BA499
AlternateDataStreams: C:\ProgramData\Temp:6A6D4AF4
AlternateDataStreams: C:\ProgramData\Temp:6B50A605
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6C74C778
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6DEB5611
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:70BDB805
AlternateDataStreams: C:\ProgramData\Temp:71612023
AlternateDataStreams: C:\ProgramData\Temp:71A89A93
AlternateDataStreams: C:\ProgramData\Temp:71B89F61
AlternateDataStreams: C:\ProgramData\Temp:71F04C26
AlternateDataStreams: C:\ProgramData\Temp:7247FE29
AlternateDataStreams: C:\ProgramData\Temp:73CF0D7D
AlternateDataStreams: C:\ProgramData\Temp:74091520
AlternateDataStreams: C:\ProgramData\Temp:751D6870
AlternateDataStreams: C:\ProgramData\Temp:757A3049
AlternateDataStreams: C:\ProgramData\Temp:76466F4C
AlternateDataStreams: C:\ProgramData\Temp:785C7C53
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:7BA83BF4
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7D2A8910
AlternateDataStreams: C:\ProgramData\Temp:7DC5D762
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:7F62E6D0
AlternateDataStreams: C:\ProgramData\Temp:831C6B2D
AlternateDataStreams: C:\ProgramData\Temp:834DD57E
AlternateDataStreams: C:\ProgramData\Temp:85345626
AlternateDataStreams: C:\ProgramData\Temp:85EA4795
AlternateDataStreams: C:\ProgramData\Temp:867812B2
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:87E0E06D
AlternateDataStreams: C:\ProgramData\Temp:88981452
AlternateDataStreams: C:\ProgramData\Temp:895C5142
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:8A737214
AlternateDataStreams: C:\ProgramData\Temp:8AED9359
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8BAD6F90
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:8F2D2441
AlternateDataStreams: C:\ProgramData\Temp:902C848D
AlternateDataStreams: C:\ProgramData\Temp:905BCB57
AlternateDataStreams: C:\ProgramData\Temp:9110335E
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:92CA7E75
AlternateDataStreams: C:\ProgramData\Temp:9338F136
AlternateDataStreams: C:\ProgramData\Temp:94878DD7
AlternateDataStreams: C:\ProgramData\Temp:94B46CA2
AlternateDataStreams: C:\ProgramData\Temp:95198126
AlternateDataStreams: C:\ProgramData\Temp:96AFAB10
AlternateDataStreams: C:\ProgramData\Temp:9732698E
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:98982C88
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:997DA6D7
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:9C3AAD57
AlternateDataStreams: C:\ProgramData\Temp:9C4C9993
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D6EAEC3
AlternateDataStreams: C:\ProgramData\Temp:9D86EE01
AlternateDataStreams: C:\ProgramData\Temp:9EE6560D
AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A1023D41
AlternateDataStreams: C:\ProgramData\Temp:A13B696A
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A3750BE5
AlternateDataStreams: C:\ProgramData\Temp:A384652A
AlternateDataStreams: C:\ProgramData\Temp:A3F7C8F8
AlternateDataStreams: C:\ProgramData\Temp:A4CDE823
AlternateDataStreams: C:\ProgramData\Temp:A5264343
AlternateDataStreams: C:\ProgramData\Temp:A7B70C4E
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD
AlternateDataStreams: C:\ProgramData\Temp:A8185163
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A851461E
AlternateDataStreams: C:\ProgramData\Temp:A866F8A3
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:AABECEFB
AlternateDataStreams: C:\ProgramData\Temp:AB03533D
AlternateDataStreams: C:\ProgramData\Temp:ABFEED8E
AlternateDataStreams: C:\ProgramData\Temp:AC73CDCE
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AF2F9D4A
AlternateDataStreams: C:\ProgramData\Temp:B08E1EB8
AlternateDataStreams: C:\ProgramData\Temp:B1381B34
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B190BE3A
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:B2FEAB71
AlternateDataStreams: C:\ProgramData\Temp:B3196E8D
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B648F38E
AlternateDataStreams: C:\ProgramData\Temp:B6E58523
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B73EC53A
AlternateDataStreams: C:\ProgramData\Temp:B762A0C2
AlternateDataStreams: C:\ProgramData\Temp:B790962B
AlternateDataStreams: C:\ProgramData\Temp:B86927F0
AlternateDataStreams: C:\ProgramData\Temp:B88DC997
AlternateDataStreams: C:\ProgramData\Temp:B942A5C5
AlternateDataStreams: C:\ProgramData\Temp:BA46F44F
AlternateDataStreams: C:\ProgramData\Temp:BABA07C2
AlternateDataStreams: C:\ProgramData\Temp:BC076721
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD0A043E
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BDE93B22
AlternateDataStreams: C:\ProgramData\Temp:BDF08FAF
AlternateDataStreams: C:\ProgramData\Temp:BF6A2C54
AlternateDataStreams: C:\ProgramData\Temp:BF6C81B2
AlternateDataStreams: C:\ProgramData\Temp:C07A6A6B
AlternateDataStreams: C:\ProgramData\Temp:C0913157
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C3702442
AlternateDataStreams: C:\ProgramData\Temp:C370B84F
AlternateDataStreams: C:\ProgramData\Temp:C37283B5
AlternateDataStreams: C:\ProgramData\Temp:C46848E8
AlternateDataStreams: C:\ProgramData\Temp:C49A5AD1
AlternateDataStreams: C:\ProgramData\Temp:C5AE4E07
AlternateDataStreams: C:\ProgramData\Temp:C5EB4127
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8
AlternateDataStreams: C:\ProgramData\Temp:C6920A5D
AlternateDataStreams: C:\ProgramData\Temp:C76CFF82
AlternateDataStreams: C:\ProgramData\Temp:C8182692
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA23BCFD
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:CB16385F
AlternateDataStreams: C:\ProgramData\Temp:CB299F13
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC45913B
AlternateDataStreams: C:\ProgramData\Temp:CC4C59B4
AlternateDataStreams: C:\ProgramData\Temp:CDCDE97C
AlternateDataStreams: C:\ProgramData\Temp:CE506F23
AlternateDataStreams: C:\ProgramData\Temp:D0AD4EA5
AlternateDataStreams: C:\ProgramData\Temp:D1D597D0
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1
AlternateDataStreams: C:\ProgramData\Temp:D93AABC7
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:DCA27D99
AlternateDataStreams: C:\ProgramData\Temp:DEDEEB2F
AlternateDataStreams: C:\ProgramData\Temp:DEEB5C70
AlternateDataStreams: C:\ProgramData\Temp:E0A09032
AlternateDataStreams: C:\ProgramData\Temp:E33C786A
AlternateDataStreams: C:\ProgramData\Temp:E3615992
AlternateDataStreams: C:\ProgramData\Temp:E4272706
AlternateDataStreams: C:\ProgramData\Temp:E47BBD7B
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E66247BD
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B
AlternateDataStreams: C:\ProgramData\Temp:E8074E20
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E87CF820
AlternateDataStreams: C:\ProgramData\Temp:E900132A
AlternateDataStreams: C:\ProgramData\Temp:E9900C74
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED51D3ED
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EE2DD6CC
AlternateDataStreams: C:\ProgramData\Temp:EE7A6A39
AlternateDataStreams: C:\ProgramData\Temp:EE9B2879
AlternateDataStreams: C:\ProgramData\Temp:EEB25EAE
AlternateDataStreams: C:\ProgramData\Temp:F0E908D5
AlternateDataStreams: C:\ProgramData\Temp:F135A76C
AlternateDataStreams: C:\ProgramData\Temp:F1F936DF
AlternateDataStreams: C:\ProgramData\Temp:F2B81C2E
AlternateDataStreams: C:\ProgramData\Temp:F2C34CD7
AlternateDataStreams: C:\ProgramData\Temp:F52A6209
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F72306CC
AlternateDataStreams: C:\ProgramData\Temp:F75FE298
AlternateDataStreams: C:\ProgramData\Temp:F817E159
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
AlternateDataStreams: C:\ProgramData\Temp:F8EBAB95
AlternateDataStreams: C:\ProgramData\Temp:F9153E10
AlternateDataStreams: C:\ProgramData\Temp:FAC7C0A8
AlternateDataStreams: C:\ProgramData\Temp:FACB65E7
AlternateDataStreams: C:\ProgramData\Temp:FB65A4AA
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
AlternateDataStreams: C:\ProgramData\Temp:FD11E093
AlternateDataStreams: C:\ProgramData\Temp:FD38E906
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
AlternateDataStreams: C:\ProgramData\Temp:FF9C44FE
AlternateDataStreams: C:\ProgramData\Temp:FFD38FD9

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7698 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^fay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GumNotes.lnk => C:\Windows\pss\GumNotes.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99E6F953-AF6C-444B-A65D-C6F4A50E21C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7C97B664-D242-4181-A388-913141AF54AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{36EDF6B6-41D1-4CDB-9994-519D9EA3056F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{6EAC32C1-81B5-4431-A19A-00FBCE45E624}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{579DEC31-559F-4FB2-B15B-924B666C09B8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{85B3CEC1-CE56-481B-961F-CD273B0E1CDB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{2D66649C-4C7D-4CFA-B160-4D21FFEE3316}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{E4371197-ABE3-450A-88F3-C741F6E55C2B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{79CD9701-1A28-4A13-8A22-2EDEEA8A003E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9870FEB0-DD8F-4DC6-83F9-FA8EE2E750D4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E4684629-C62D-4DBE-B5FE-E210D7B36643}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{035BC04F-B1F5-473C-A280-6B01D9C1AF34}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{9D3466EF-979F-4E41-BC3E-EFC37AD1281D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6078D94B-EDAF-4C09-BC12-11EBFB8C02A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{173CBDE3-28A9-46AA-9BA3-FF1720549C84}] => (Allow) svchost.exe
FirewallRules: [{43020B60-9C84-40E6-81A3-0E9DD73DFFE7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF4B8492-E491-4BDF-8B3D-0E7AE983C494}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{5BB7594C-D04C-4328-A3AB-E150371ED1E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{2C04A3F2-9BE3-454E-992D-7DA3735C8C10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{6D6B67FC-836E-4BF1-9656-2512E962FCB2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1750E239-2D6A-40DD-931D-73CA56735FFE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1D1C0E76-F5FF-4A7C-B239-A1027F145D18}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{8D5E0BB2-3EBB-4560-999F-19F7B7508B1F}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{15A32B58-A895-4578-AE12-50EE9252532E}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{88832019-E77A-45E9-B201-22E5068B4C91}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{EA5323CF-2458-4260-A84D-DBE11596C6B8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{49EE1AA9-2567-4821-BCF6-A9468C7228DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1532522F-00B2-4DBB-B023-8D2A0B8FC613}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{025D0AF4-7AF7-4E90-BD64-1F1EE27900AF}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{9987C6E0-A590-40BF-ABD9-B9F4F7F7B889}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{42EF4C04-54CD-495B-B9E4-2815D67A049D}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS0A92\OJJ4600_Full_14\setup\hpznui40.exe
FirewallRules: [{BFDA91D3-88E7-45EA-90E1-FA5F41986CDC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D0EDD75-5231-47A6-A06D-6081CAA2DA0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84C55885-7A9C-41B7-8B16-511727A73E5F}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{4440D0C0-4914-4868-8ECB-792E7442120D}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{62FA2E9D-BAC8-491B-8E02-C47CB713A9C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71EDB5D0-F8DD-4AD8-8B8A-72483AD4EA6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4DE330C-6B57-4531-A6D3-23FD60ECACF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7416686F-D355-4EEF-94DE-E3A7A13EB54B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3A5E8D1-B3C2-4B29-A473-7506A40FF677}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{89592540-A7CC-432C-A333-8DAB4225C347}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD7840D7-2E17-413E-8067-FE73F3083648}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{049A999E-E5A1-40A2-A2DC-7A5BA3C67986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{DB94FF00-2CFD-4E4E-8760-8E1036EFB335}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B1295AD0-642C-4D68-8AD2-8CA6674E06FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B46A62AF-7CAA-4ABA-8C46-9712C411CFE7}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{D10EEF1C-2A4D-42AB-AF40-C66C11EF9367}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{3DD6F610-673C-49E8-9211-667B47F9472F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E534FC5B-C239-477A-9018-35B481E5980C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2BE0B955-D12A-40BB-93F5-576C0F777925}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{80E6C622-56C6-4AE1-ADBA-7ED44809A06C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{60AB0DC1-0727-46EC-9787-F363B64A29CD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4ADFE367-4641-440F-AAE1-4868453B3087}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54DFA08B-7442-4223-B74B-07481EDA2D40}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{37A57A9F-FBC5-457A-AD4C-6BC68D33C678}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9518A4F6-BA04-4A21-973D-C0721B054C4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{93B6E022-D6A4-43B6-A61F-40A2538E23D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{920DC97B-888A-4D7B-B30E-89AC9F5550CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{9F125263-5747-4826-A23B-704C51EBF05E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{A521F3C3-6E82-44F3-991C-6776296F08F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{1B9157CA-1256-4EE0-84A4-126EE3337886}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{C6537D7C-07D7-4204-B47A-8DCD4843882C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{764B26BD-C24E-4D5B-8865-8E068C8EE30D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5427480D-7E5A-4876-86AD-F3243C79F4A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BE4254B-E08D-4743-B391-24E81F1669BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC207AEF-AB44-49C3-B87A-7C97D7725578}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 10:32:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x72724174
Faulting process id: 0x97c
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (07/19/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003ec,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000316EF10.72). hr = 0x80070005, Access is denied.
.

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b08,(null),0,REG_BINARY,0000000002DFDD50.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {e84df962-b5c3-4367-a5d1-3f9789894f0d}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000348,(null),0,REG_BINARY,00000000095FDE50.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c733c054-6173-4c48-a056-88312a362179}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f0,(null),0,REG_BINARY,00000000017DE8F0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8e37b1dd-3bd1-49c1-ad0f-1c3627bdacef}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ac,(null),0,REG_BINARY,0000000001ACE970.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {8e3405d4-ba55-454d-b1ff-a8719fbcff4e}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000200EED0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {26649f3e-dd3e-4db5-93a5-398132a4b11d}


System errors:
=============
Error: (07/20/2015 10:32:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2015 10:28:19 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 10:28:19 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (07/20/2015 10:27:57 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 09:57:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 09:57:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 06:34:51 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/20/2015 03:13:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
%%1053

Error: (07/20/2015 03:13:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

Error: (07/20/2015 01:00:21 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.


Microsoft Office:
=========================
Error: (07/20/2015 10:32:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000057272417497c01d0c2f84889303eC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown2abf246a-2eec-11e5-8ce2-18a905b8e4ce

Error: (07/19/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000003ec,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000316EF10.72)0x80070005, Access is denied.

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b08,(null),0,REG_BINARY,0000000002DFDD50.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {e84df962-b5c3-4367-a5d1-3f9789894f0d}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000348,(null),0,REG_BINARY,00000000095FDE50.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c733c054-6173-4c48-a056-88312a362179}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001f0,(null),0,REG_BINARY,00000000017DE8F0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8e37b1dd-3bd1-49c1-ad0f-1c3627bdacef}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001ac,(null),0,REG_BINARY,0000000001ACE970.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {8e3405d4-ba55-454d-b1ff-a8719fbcff4e}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bd0,(null),0,REG_BINARY,000000000788E1A0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {e386891d-49b6-46cc-a762-7d223e65e9cc}

Error: (07/19/2015 10:45:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000200EED0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {26649f3e-dd3e-4db5-93a5-398132a4b11d}


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 25%
Total physical RAM: 8183.89 MB
Available physical RAM: 6130.72 MB
Total Virtual: 16365.99 MB
Available Virtual: 14125.73 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920 GB) (Free:674.15 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.22 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 9A0D0322)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » July 20th, 2015, 4:03 pm

Hi Fayfox,

    In your opening post you said you had run the following programs:
  1. adwcleaner
  2. junkware removal tool
  3. malwarebytes antimalware
  4. hitmanpro

I can understand not having logs from malwarebytes and hitmanpro.
I need you to find the other logs and post those.

Please post any and all files: AdwCleaner[S?].txt There should be at least 1; AdwCleaner[S1].txt
From this location: C:\

Please post this file: JRT.txt
From this location: C:\Users\Admin\Desktop
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 4:38 pm

There are several for adwcleaner: I've pasted the S1 thru S3, but I also found R0 thru R9 - do you want those files?

AdwCleaner[S0].txt
# AdwCleaner v4.208 - Logfile created 19/07/2015 at 08:09:29
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - FAY-PC
# Running from : C:\Users\fay\Downloads\adwcleaner_4.208 (1).exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : swdumon

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Users\Admin\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Admin\AppData\Local\PackageAware
Folder Deleted : C:\Users\Admin\AppData\Local\slimware utilities inc
Folder Deleted : C:\Users\Admin\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Admin\AppData\Roaming\iWin
Folder Deleted : C:\Users\fay\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\fay\AppData\Roaming\iWin
Folder Deleted : C:\Users\fay\AppData\Roaming\quickclick
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\drivers\swdumon.sys
File Deleted : C:\Users\Admin\Desktop\Find Drivers with DriverAgent.lnk
File Deleted : C:\Users\fay\AppData\Roaming\SBAMWsc.log

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F97DE5D7-6EBB-414E-8187-A32D103525AD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F97DE5D7-6EBB-414E-8187-A32D103525AD}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)

[t4b2x8kp.default\prefs.js] - Line Deleted : user_pref("ibxcomtb.defs", "<buttons>\n<button id=\"maps_search_mapquest\" position=\"101\" default=\"3\" type=\"simple\" action=\"hxxp://toolbar.inbox.com/link.aspx?code=maps_search_mapquest&amp;quer[...]
[t4b2x8kp.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80114&language=en&qkw=");

*************************

AdwCleaner[R0].txt - [3851 bytes] - [18/07/2015 13:37:46]
AdwCleaner[R1].txt - [4388 bytes] - [18/07/2015 13:45:41]
AdwCleaner[R2].txt - [3106 bytes] - [19/07/2015 07:45:16]
AdwCleaner[S0].txt - [3004 bytes] - [19/07/2015 08:09:29]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3063 bytes] ##########

AdwCleaner[S1].txt
# AdwCleaner v4.208 - Logfile created 19/07/2015 at 08:31:48
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - FAY-PC
# Running from : C:\Users\fay\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)

[t4b2x8kp.default\prefs.js] - Line Deleted : user_pref("ibxcomtb.defs", "<buttons>\n<button id=\"maps_search_mapquest\" position=\"101\" default=\"3\" type=\"simple\" action=\"hxxp://toolbar.inbox.com/link.aspx?code=maps_search_mapquest&amp;quer[...]
[t4b2x8kp.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80114&language=en&qkw=");

*************************

AdwCleaner[R0].txt - [3851 bytes] - [18/07/2015 13:37:46]
AdwCleaner[R1].txt - [4388 bytes] - [18/07/2015 13:45:41]
AdwCleaner[R2].txt - [3106 bytes] - [19/07/2015 07:45:16]
AdwCleaner[R3].txt - [1483 bytes] - [19/07/2015 08:18:37]
AdwCleaner[S0].txt - [3145 bytes] - [19/07/2015 08:09:29]
AdwCleaner[S1].txt - [1434 bytes] - [19/07/2015 08:31:48]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [1493 bytes] ##########

AdwCleaner[S3].txt
# AdwCleaner v4.208 - Logfile created 19/07/2015 at 10:54:11
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - FAY-PC
# Running from : C:\Users\fay\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [3851 bytes] - [18/07/2015 13:37:46]
AdwCleaner[R1].txt - [4388 bytes] - [18/07/2015 13:45:41]
AdwCleaner[R2].txt - [3106 bytes] - [19/07/2015 07:45:16]
AdwCleaner[R3].txt - [1483 bytes] - [19/07/2015 08:18:37]
AdwCleaner[R4].txt - [1601 bytes] - [19/07/2015 08:48:15]
AdwCleaner[R5].txt - [1332 bytes] - [19/07/2015 10:49:00]
AdwCleaner[S0].txt - [3145 bytes] - [19/07/2015 08:09:29]
AdwCleaner[S1].txt - [1571 bytes] - [19/07/2015 08:31:48]
AdwCleaner[S2].txt - [1689 bytes] - [19/07/2015 08:51:29]
AdwCleaner[S3].txt - [1261 bytes] - [19/07/2015 10:54:11]

########## EOF - \AdwCleaner\AdwCleaner[S3].txt - [1320 bytes] ##########
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 4:42 pm

I found the adwcleaner files by clicking on AdwCleaner - Quarantine - AdwCleaner. There is a Quarantine txt file if you need it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Sun 07/19/2015 at 8:58:55.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Failed to delete: [Task] C:\Windows\system32\tasks\DriverNavigator Scheduled Scan
Successfully deleted: [Task] C:\Windows\Tasks\DriverNavigator Scheduled Scan.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{C7C9FC25-88B0-4682-9C9F-2608E9117647}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C7C9FC25-88B0-4682-9C9F-2608E9117647}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F97DE5D7-6EBB-414E-8187-A32D103525AD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7C9FC25-88B0-4682-9C9F-2608E9117647}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C7C9FC25-88B0-4682-9C9F-2608E9117647}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\bfgbar
Successfully deleted: [Folder] C:\Program Files (x86)\bfgbartb
Successfully deleted: [Folder] C:\Program Files (x86)\fixcleaner
Successfully deleted: [Folder] C:\Users\Admin\Appdata\LocalLow\bfgbartb
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\AlawarEntertainment
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5pgaobxx.default\extensions\staged
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5pgaobxx.default\minidumps [10 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/19/2015 at 9:10:28.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » July 20th, 2015, 5:00 pm

Hitmanpro files:

Code: Select all
HitmanPro 3.7.9.242
www.hitmanpro.com

   Computer name . . . . : FAY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : fay-PC\Admin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-07-19 10:26:26
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 121

   Objects scanned . . . : 2,982,736
   Files scanned . . . . : 165,417
   Remnants scanned  . . : 868,786 files / 1,948,533 keys

Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\fay\AppData\Local\Google\Chrome\User Data\Default\Web Data

   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\smartbar\ (Rocketfuel) -> Deleted
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\smartbar\CT3008668\logs\ (Rocketfuel) -> Deleted
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\smartbar\CT3008668\logs\smartbarlog.txt (Rocketfuel) -> Deleted
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
   HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\AppDataLow\Software\Conduit\ (Conduit) -> Deleted
   HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ (Blekko) -> Deleted
   HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
   HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Yahoo\Companion\ (YahooToolbar) -> Deleted
   HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Yahoo\Companion\ (YahooToolbar) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2ZSEM6G9.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\82IVVKVY.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MAA086J2.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N06QS83C.txt
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:2o7.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:3227518.fls.doubleclick.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ad.360yield.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ad.auditude.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ad.e-kolay.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:adbrite.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:adinterax.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:adlegend.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.ad4game.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.betweendigital.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.bridgetrack.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.cpserve.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.mediade.sk
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.nba.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.nexage.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.p161.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.undertone.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:adtech.de
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:adtechus.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:advertising.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ar.atwola.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:at.atwola.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:atdmt.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:atwola.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:burstmedia.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:burstnet.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:c.atdmt.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:casalemedia.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:chitika.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:cisco.112.2o7.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:collective-media.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:dmtracker.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:doubleclick.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:emjcd.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ewscripps.112.2o7.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:fastclick.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:in.getclicky.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:interclick.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:kontera.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:media6degrees.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:mediaplex.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:mm.chitika.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:overture.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:pd0.imp.revsci.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:pointroll.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:pool-eu-ie.creative-serving.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:questionmarket.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:realmedia.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:realnetworks.112.2o7.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:revsci.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:ru4.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:server.cpmstar.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:serving-sys.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:smartadserver.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:specificclick.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:stat.dealtime.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:statcounter.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:stats.complex.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:track.adform.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:tradedoubler.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:tribalfusion.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:uk.sitestat.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:vitacost.122.2o7.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:wileypublishing.112.2o7.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\cookies.sqlite:zedo.com
   C:\Users\fay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\fay\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\fay\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\fay\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:accessvg.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:amazonlocal.122.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:amazonmerchants.122.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:care2.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:cbs.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:dmtracker.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:generalelectric.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:getclicky.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:giftscom.122.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:hearstmagazines.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:in.getclicky.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:interclick.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:invitemedia.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:microsoftsto.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:msnbc.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:newsday.122.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:realnetworks.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:ru4.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:static.getclicky.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:timeinc.122.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:warnerbros.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:wileypublishing.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:www.googleadservices.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:xiti.com







Code: Select all
HitmanPro 3.7.9.242
www.hitmanpro.com

   Computer name . . . . : FAY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : fay-PC\Admin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-07-19 16:56:02
   Scan mode . . . . . . : Quick
   Scan duration . . . . : 1m 37s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 3,769
   Files scanned . . . . : 3,769
   Remnants scanned  . . : 0 files / 0 keys







Code: Select all
HitmanPro 3.7.9.242
www.hitmanpro.com

   Computer name . . . . : FAY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : fay-PC\Admin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (29 days left)

   Scan date . . . . . . : 2015-07-20 09:59:53
   Scan mode . . . . . . : Quick
   Scan duration . . . . : 1m 44s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 3,798
   Files scanned . . . . : 3,798
   Remnants scanned  . . : 0 files / 0 keys







Code: Select all
HitmanPro 3.7.9.242
www.hitmanpro.com

   Computer name . . . . : FAY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : fay-PC\Admin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (29 days left)

   Scan date . . . . . . : 2015-07-20 15:15:59
   Scan mode . . . . . . : Quick
   Scan duration . . . . : 4m 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 3,865
   Files scanned . . . . : 3,865
   Remnants scanned  . . : 0 files / 0 keys


fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware