Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Proxy override...malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Proxy override...malware?

Unread postby fayfox » August 7th, 2015, 7:20 am

Hi wbg,
I will be leaving to go out of town in about four hours. I will be back Sunday morning. Didn't want you to think my computer was awol :)
Question: since this started with me updating my video driver, would getting it back to its previous version be worth trying? I don't know how that works or if you've already done that, but just a thought on which drivers might be causing issues. Could not close firefox after vipre started a scan, but otherwise my computer is running fine. I do not have mediaplayer running.
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

Re: Proxy override...malware?

Unread postby wannabeageek » August 7th, 2015, 7:38 am

Thanks for the update. If you are absolutely sure that the BIOS on your PC is American Megatrends Inc., we can start with this file: DrvAgent64.SYS, a Phoenix driver. However we just cannot delete it since we do not know what it replaced. I will be looking into this more.
We will look into your video drivers as well. Your video card should support The Witcher 2, but not at the highest resolution settings. This is what my hardware guy tells me.
See you back Sunday,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 7th, 2015, 8:20 am

Hi wbg,
I got the same info using cmd prompt ( wmic bios get manufacturer, smbiosbiosversion ). I just learned what the Pause/Break key on my keyboard is, and I tried that on reboot. There was not much on that screen, but nothing said BIOS. The screen I'm referring to has black background, like a DOS screen. A quick summary of what it said : Raid option...,(c)2010 Advanced Micro devices..., port and device name. Would it actually say BIOS? Anyway, I'm not absolutely sure about anything, so what would I need to do to be absolutely sure?
The Witcher 2 runs very choppy on my computer. Actually makes me motion sick just looking at it. I changed resolution settings to minimum settings, slightly better, but in no way playable.
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 7th, 2015, 10:04 am

Hey wbg,
Ran one last look for my BIOS brand before I hit the road. Hit F10 on reboot to enter BIOS setup. It said "BIOS REVISION: 5.09 01/22/10. There was no manufacturer listed. It should have been there, right? I'm pretty sure American Megatrends,Inc is it.
Have a great week-end.
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 8th, 2015, 10:22 am

Hi fayfox,

Did you ever install and use DriverAgent?

If so, this file: DrvAgent64.SYS, could be a leftover from a bad uninstall routine and may not be from a bad BIOS update.

Line entry from "AdwCleaner[S0].txt"
File Deleted : C:\Users\Admin\Desktop\Find Drivers with DriverAgent.lnk

DriverAgent is a Phoenix Technologies Inc. product.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 9th, 2015, 2:55 pm

Hi wbg,
I don't remember if I installed DriverAgent. I googled "how to find history of all programs installed" and on one result, it was mentioned that info on everything you've ever downloaded/deleted could be found at: Username-pc\username\searches\l...Locations.search-ms. I clicked on my start button, typed in Searches and two options popped up. Everywhere and Index. I chose everywhere, on type, I filtered for application and there are three references to a "driveragent-setup-987.exe". Also a DriverNavigator_Setup.exe. So, even though I don't remember installing it, it appears that I did. Neither of those applications are in my Programs list.
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 9th, 2015, 8:03 pm

Hi fayfox,

Run this fix and then run a new set of FRST logs. Give notepad extra time to copy before pasting logs.

Step 1.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
C:\Windows\SysWOW64\drivers\DrvAgent64.SYS
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


Step 2.
Run a New Scan With the Farbar Scan Tool
  • Right click on FRST64.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. When the tool opens click Yes to disclaimer.
  • Check the box for Addition.txt so it will produce that file again.
  • Press the Scan button.
  • When finished scanning, a new version of the logs FRST.txt and Addition.txt will be saved on your Desktop and opened in Notepad.
  • Please post the contents of both in your next replies.
Separate replies are fine.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 9th, 2015, 8:54 pm

Hi wbg!
Disabled internet/vipre for both scans.
Here are fixlog.txt and FRST.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Admin (2015-08-09 20:27:32) Run:6
Running from C:\Users\Admin\Downloads
Loaded Profiles: fay & Admin (Available Profiles: fay & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Windows\SysWOW64\drivers\DrvAgent64.SYS
EmptyTemp:

*****************

C:\Windows\SysWOW64\drivers\DrvAgent64.SYS => moved successfully.
EmptyTemp: => 35.7 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:27:47 ====



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Admin (administrator) on FAY-PC (09-08-2015 20:42:18)
Running from C:\Users\Admin\Downloads
Loaded Profiles: fay & Admin (Available Profiles: fay & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\sbamui.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\mantle.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [FixCleaner] => "C:\Program Files (x86)\FixCleaner\FixCleaner.exe" -boot
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [PhotoshopElements8SyncAgent] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe [1954456 2011-09-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-25] (Electronic Arts)
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [CCleaner Monitoring] => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-08-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-08-01]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2010-05-18]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\fay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GumNotes.lnk [2015-08-01]
ShortcutTarget: GumNotes.lnk -> C:\Program Files (x86)\GumNotes\GumNotes.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL =
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {F97DE5D7-6EBB-414E-8187-A32D103525AD} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2011-11-17] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1003: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-11] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-11]
FF HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-19] (SurfRight B.V.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-25] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 06:48 - 2015-08-07 07:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-06 00:27 - 2015-08-06 00:27 - 00010138 _____ C:\Users\Admin\Desktop\HitmanPro_20150806_0026.log
2015-08-05 22:14 - 2015-08-05 22:14 - 00000744 _____ C:\Users\Admin\Desktop\JRT.txt
2015-08-05 20:46 - 2015-08-05 16:57 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Admin\Desktop\JRT.exe
2015-08-05 20:23 - 2015-08-05 20:23 - 00000000 ____D C:\Users\fay\AppData\Roaming\HP
2015-08-05 19:35 - 2015-08-05 19:35 - 00000000 ____D C:\Users\fay\AppData\Roaming\GameHouse
2015-08-05 19:21 - 2015-08-05 19:21 - 00000000 ____D C:\Users\fay\AppData\Roaming\PhotoshopdotcomInspirationBrowser
2015-08-05 18:54 - 2015-08-05 18:54 - 00000858 _____ C:\Users\fay\.recently-used.xbel
2015-08-01 04:11 - 2015-08-01 04:11 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-08-01 04:09 - 2015-08-01 04:09 - 00679936 _____ C:\Users\fay\Downloads\Detection(3).msi
2015-08-01 04:05 - 2015-08-01 04:06 - 00679936 _____ C:\Users\fay\Downloads\Detection(2).msi
2015-07-30 22:28 - 2015-07-30 22:28 - 00001128 _____ C:\Users\Admin\Desktop\FRST64 - Shortcut.lnk
2015-07-30 17:27 - 2015-07-30 17:27 - 00002966 _____ C:\Windows\System32\Tasks\VIPRE Upgrade Task
2015-07-30 00:35 - 2015-07-30 00:35 - 00044998 _____ C:\Users\fay\Desktop\MTB.txt
2015-07-30 00:33 - 2015-07-30 00:33 - 00891392 _____ (Farbar) C:\Users\fay\Desktop\MiniToolBox.exe
2015-07-28 22:06 - 2015-08-02 23:47 - 00074434 _____ C:\Users\fay\Downloads\SystemLook.txt
2015-07-28 22:04 - 2015-07-28 22:04 - 00000773 _____ C:\Users\fay\Desktop\SystemLook_x64.exe - Shortcut.lnk
2015-07-28 22:02 - 2015-07-28 22:03 - 00165376 _____ C:\Users\fay\Downloads\SystemLook_x64.exe
2015-07-28 04:04 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 04:04 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 04:04 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 04:04 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-26 21:22 - 2015-07-26 21:22 - 00509440 _____ (Tech Support Guy System) C:\Users\fay\Desktop\SysInfo.exe
2015-07-26 17:05 - 2015-07-26 17:05 - 00947008 _____ C:\Windows\Minidump\072615-25724-01.dmp
2015-07-26 14:14 - 2015-07-26 14:14 - 00001378 _____ C:\Users\Admin\Desktop\eset2.txt
2015-07-26 08:53 - 2015-07-26 08:53 - 00001206 _____ C:\Users\fay\Desktop\adwcleaner_4.208.exe - Shortcut.lnk
2015-07-26 08:53 - 2015-07-26 08:53 - 00001083 _____ C:\Users\fay\Desktop\JRT.exe - Shortcut.lnk
2015-07-26 07:51 - 2015-08-06 07:17 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 03:03 - 2015-07-25 03:03 - 00001083 _____ C:\Users\fay\Desktop\OTL.exe - Shortcut.lnk
2015-07-25 00:21 - 2015-07-25 00:21 - 00090304 _____ C:\Users\fay\Downloads\Extras.Txt
2015-07-25 00:20 - 2015-07-25 00:20 - 00134184 _____ C:\Users\fay\Downloads\OTL.Txt
2015-07-25 00:08 - 2015-07-25 00:08 - 00602112 _____ (OldTimer Tools) C:\Users\fay\Downloads\OTL.exe
2015-07-24 17:35 - 2015-08-09 20:31 - 00000000 ___RD C:\Users\fay\iCloudDrive
2015-07-24 17:35 - 2015-07-24 17:35 - 00000000 ____D C:\Users\fay\AppData\Local\Apple Inc
2015-07-24 17:20 - 2015-07-24 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-07-21 21:22 - 2015-07-27 18:56 - 00000000 ____D C:\Users\fay\Documents\MalwareStuff
2015-07-21 04:45 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 04:45 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 04:45 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 04:45 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 04:45 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 04:45 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 04:45 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 04:45 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 04:45 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 04:45 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 20:17 - 2015-07-20 20:17 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-20 18:51 - 2015-08-05 05:59 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2015-07-20 18:46 - 2015-07-20 18:46 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FAY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-20 18:42 - 2015-07-20 18:42 - 00000000 ____D C:\RegBackup
2015-07-20 18:39 - 2015-07-20 18:39 - 01367040 _____ (Indigo Rose Corporation) C:\Users\Admin\Desktop\uninstall.exe
2015-07-20 18:39 - 2015-07-20 18:39 - 00325960 _____ C:\Users\Admin\Desktop\lua5.1.dll
2015-07-20 18:39 - 2015-07-20 18:39 - 00001510 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Admin\Desktop\Uninstall
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Admin\Desktop\files
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Admin\Desktop\color_presets
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-20 18:37 - 2015-07-20 18:37 - 04720448 _____ C:\Users\Admin\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-20 11:42 - 2015-07-20 11:43 - 05198336 _____ (AVAST Software) C:\Users\Admin\Downloads\aswMBR.exe
2015-07-20 11:37 - 2015-08-06 21:09 - 00000000 ____D C:\Users\Admin\Documents\MalwareRemoval
2015-07-20 11:31 - 2015-08-01 18:12 - 00061844 _____ C:\Users\Admin\Downloads\Addition.txt
2015-07-20 11:30 - 2015-08-09 20:43 - 00020370 _____ C:\Users\Admin\Downloads\FRST.txt
2015-07-20 11:29 - 2015-08-09 20:42 - 00000000 ____D C:\FRST
2015-07-20 11:26 - 2015-08-05 05:59 - 02169856 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-07-20 06:44 - 2015-07-20 06:43 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-20 06:43 - 2015-07-20 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-20 06:43 - 2015-07-20 06:43 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-20 06:31 - 2015-07-20 06:32 - 05490752 _____ (Secunia) C:\Users\fay\Downloads\PSISetup.exe
2015-07-19 17:04 - 2015-07-19 17:05 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Admin\Downloads\JRT.exe
2015-07-19 17:03 - 2015-07-19 17:04 - 02248704 _____ C:\Users\Admin\Downloads\adwcleaner_4.208.exe
2015-07-19 16:55 - 2015-07-19 16:55 - 00000000 ____D C:\Users\Admin\AppData\Local\GWX
2015-07-19 14:36 - 2015-07-19 14:56 - 00026929 _____ C:\Users\Admin\Desktop\attach.txt
2015-07-19 14:36 - 2015-07-19 14:54 - 00023071 _____ C:\Users\Admin\Desktop\dds.txt
2015-07-19 14:35 - 2015-07-19 14:35 - 00688992 ____R (Swearware) C:\Users\fay\Downloads\dds.scr
2015-07-19 10:26 - 2015-07-19 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-19 10:26 - 2015-07-19 11:24 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-19 10:26 - 2015-07-19 10:26 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-07-19 09:12 - 2015-07-19 09:12 - 00002377 _____ C:\Users\Admin\Downloads\JRT.txt
2015-07-19 08:46 - 2015-07-19 10:40 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-19 08:45 - 2015-07-19 08:46 - 11032736 _____ (SurfRight B.V.) C:\Users\fay\Downloads\HitmanPro_x64.exe
2015-07-19 08:08 - 2015-07-19 08:08 - 01798288 _____ (Malwarebytes Corporation) C:\Users\fay\Downloads\JRT.exe
2015-07-18 14:12 - 2015-07-18 14:12 - 00127504 _____ C:\Users\fay\Documents\bookmarks_7_18_15.html
2015-07-18 13:45 - 2015-07-18 13:45 - 02248704 _____ C:\Users\fay\Downloads\adwcleaner_4.208 (1).exe
2015-07-18 13:37 - 2015-08-05 20:12 - 00000000 ____D C:\AdwCleaner
2015-07-18 13:36 - 2015-07-18 13:36 - 02248704 _____ C:\Users\fay\Downloads\adwcleaner_4.208.exe
2015-07-18 13:21 - 2015-07-18 13:21 - 04152184 _____ (Reason Software Company Inc.) C:\Users\fay\Downloads\setup-dlcm.exe
2015-07-18 13:21 - 2015-07-18 13:21 - 00000000 ____D C:\Program Files\Reason
2015-07-16 07:48 - 2015-07-16 07:48 - 00000000 ____D C:\Users\fay\AppData\Roaming\VisualShape
2015-07-15 12:04 - 2015-07-15 12:04 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-15 03:32 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 03:32 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 03:32 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 03:32 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 03:32 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 03:32 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 03:32 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 03:32 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 03:32 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 03:32 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 03:32 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 03:32 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 03:32 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 03:32 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 03:32 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 03:32 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 03:32 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 03:32 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 03:32 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 03:32 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 03:32 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 03:32 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 03:32 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 03:32 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 03:32 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 03:32 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 03:32 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 03:32 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 03:32 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 03:32 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 03:32 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 03:32 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 03:32 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 03:32 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 03:32 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 03:32 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 03:32 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 03:32 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 03:32 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 03:32 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 03:32 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 03:32 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 03:32 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 03:32 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 03:32 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 03:32 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 03:32 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 03:32 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 03:32 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 03:32 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 03:32 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 03:32 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 03:32 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 03:31 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 03:31 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 03:31 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 03:31 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 03:31 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 03:31 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 03:31 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 03:31 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 03:31 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 03:31 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 03:31 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 03:31 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 03:31 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 03:31 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 03:31 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 03:31 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 03:31 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 03:31 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 03:31 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 03:31 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 03:31 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 03:31 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 03:31 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 03:31 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 03:31 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 03:31 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 03:31 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 03:30 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 03:30 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 03:30 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 03:30 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 03:30 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 03:30 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 03:30 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 03:30 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 03:30 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 03:30 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 03:30 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 03:30 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 03:30 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 03:30 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 03:30 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 03:30 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 03:30 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 03:30 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 03:30 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 03:30 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-12 17:26 - 2015-07-12 17:26 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\bigfishgames_p238514316_s1_l1.exe
2015-07-12 17:26 - 2015-07-12 17:26 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\bigfishgames_p238514316_s1_l1 (1).exe
2015-07-12 15:35 - 2015-07-12 15:35 - 00002210 _____ C:\Users\Public\Desktop\Play Delicious - Emilys Childhood Memories.lnk
2015-07-12 15:33 - 2015-07-12 15:35 - 00000000 ____D C:\Program Files (x86)\Delicious - Emilys Childhood Memories
2015-07-12 15:33 - 2015-07-12 15:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Childhood Memories
2015-07-12 15:33 - 2015-07-12 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Childhood Memories
2015-07-12 14:50 - 2015-07-12 14:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VisualShape
2015-07-12 14:50 - 2015-07-12 14:50 - 00000000 ____D C:\ProgramData\VisualShape
2015-07-12 13:50 - 2015-07-12 15:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GameHouse
2015-07-12 13:49 - 2015-07-12 13:49 - 00001937 _____ C:\Users\Public\Desktop\Play Farm to Fork.lnk
2015-07-12 13:48 - 2015-07-12 13:49 - 00000000 ____D C:\Program Files (x86)\Farm to Fork
2015-07-12 13:48 - 2015-07-12 13:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm to Fork
2015-07-12 13:48 - 2015-07-12 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm to Fork
2015-07-11 20:07 - 2015-07-11 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-11 20:07 - 2015-07-11 20:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-11 10:53 - 2015-07-11 10:53 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\easter-eggztravaganza-2_s1_l1_gF7597T1L1_d2488663256.exe
2015-07-11 10:46 - 2015-07-11 10:46 - 00237568 _____ (Big Fish Games) C:\Users\fay\Downloads\easter-eggztravaganza-2_s1_l1_gF7597T1L1_d2488661125.exe
2015-07-10 09:39 - 2015-08-01 05:45 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-09 20:42 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-09 20:42 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-09 20:36 - 2010-05-19 13:13 - 01215445 _____ C:\Windows\WindowsUpdate.log
2015-08-09 20:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 20:29 - 2010-06-10 06:13 - 00539924 _____ C:\Windows\PFRO.log
2015-08-09 20:29 - 2009-07-14 00:51 - 00055293 _____ C:\Windows\setupact.log
2015-08-09 20:09 - 2013-04-18 03:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-07 07:56 - 2012-04-27 06:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-05 22:40 - 2010-05-18 20:56 - 00000000 ____D C:\ProgramData\Temp
2015-08-05 22:38 - 2010-09-15 21:10 - 00000000 ____D C:\Users\fay\Documents\My Kindle Content
2015-08-05 22:37 - 2015-01-04 17:54 - 00002219 _____ C:\Users\fay\Desktop\Kindle.lnk
2015-08-05 22:12 - 2012-06-19 17:22 - 00000000 ____D C:\Users\Admin
2015-08-05 20:41 - 2010-11-26 09:48 - 00000000 ____D C:\Users\fay\Documents\Account Info
2015-08-05 20:05 - 2015-06-08 18:52 - 00118784 _____ C:\Users\fay\Documents\HYG.mdb
2015-08-05 20:04 - 2015-06-08 18:52 - 00102400 _____ C:\Users\fay\Documents\HygOrder.mdb
2015-08-05 20:00 - 2012-07-07 10:14 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-05 19:35 - 2013-08-12 18:34 - 00000000 ____D C:\Users\fay\AppData\Roaming\BVS Solitaire Collection
2015-08-05 19:29 - 2013-08-03 13:19 - 00000000 ____D C:\Users\fay\Documents\Family Tree Maker
2015-08-05 19:11 - 2012-06-02 10:20 - 00000000 ____D C:\Users\fay\Documents\Calibre Library
2015-08-05 19:07 - 2012-12-02 12:38 - 00000000 ____D C:\Program Files (x86)\Sudoku - Latin Squares
2015-08-05 18:55 - 2011-11-01 15:47 - 00000000 ____D C:\Users\fay\.gimp-2.6
2015-08-05 18:54 - 2011-11-01 15:49 - 00000000 ____D C:\Users\fay\AppData\Roaming\gtk-2.0
2015-08-05 18:54 - 2010-09-08 11:58 - 00000000 ____D C:\Users\fay
2015-08-04 01:00 - 2010-09-10 06:46 - 00003170 _____ C:\Windows\System32\Tasks\HPCeeScheduleForfay
2015-08-04 01:00 - 2010-09-10 06:46 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForfay.job
2015-08-01 23:19 - 2014-01-29 18:14 - 00000000 ____D C:\Users\fay\AppData\Roaming\VIPRE
2015-08-01 17:36 - 2011-11-26 12:22 - 00000000 ____D C:\Windows\pss
2015-08-01 05:58 - 2010-05-18 21:14 - 00000000 ____D C:\Windows\Panther
2015-07-31 16:56 - 2010-05-19 13:12 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-07-28 20:18 - 2014-05-06 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-26 17:05 - 2011-04-18 01:52 - 966412425 _____ C:\Windows\MEMORY.DMP
2015-07-26 17:05 - 2011-04-18 01:52 - 00000000 ____D C:\Windows\Minidump
2015-07-26 08:58 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-25 07:57 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 18:05 - 2012-10-31 18:01 - 00000000 ____D C:\Users\fay\AppData\Roaming\Apple Computer
2015-07-24 18:02 - 2014-02-02 08:21 - 00000000 ____D C:\Users\fay\AppData\Local\Apple Computer
2015-07-24 17:20 - 2013-04-05 08:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-22 04:00 - 2009-07-14 00:45 - 00343664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 17:52 - 2014-11-22 16:47 - 00000276 __RSH C:\Users\fay\ntuser.pol
2015-07-20 20:44 - 2014-01-31 02:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VIPRE
2015-07-20 18:51 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-20 18:46 - 2012-05-17 22:51 - 00000796 _____ C:\Users\Admin\Desktop\Settings.ini
2015-07-20 09:59 - 2011-11-01 12:40 - 00000000 ____D C:\Users\fay\Documents\Computer Tools
2015-07-20 06:43 - 2014-07-28 05:28 - 00000000 ____D C:\ProgramData\Oracle
2015-07-19 18:00 - 2015-01-08 07:46 - 00000000 ____D C:\Users\Admin\Documents\Account Info
2015-07-19 16:55 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-19 12:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2015-07-19 11:24 - 2014-01-31 02:40 - 00000000 ____D C:\Program Files (x86)\VIPRE
2015-07-19 11:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 11:23 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-19 11:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-18 14:25 - 2015-01-10 06:06 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-18 14:24 - 2015-01-10 06:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2015-07-18 14:24 - 2014-11-30 21:43 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-07-18 14:24 - 2014-05-23 19:37 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
2015-07-18 14:24 - 2014-05-23 19:37 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
2015-07-18 08:23 - 2010-05-18 20:38 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-18 08:07 - 2010-09-08 12:00 - 00000000 ____D C:\Users\fay\AppData\Local\Hewlett-Packard
2015-07-16 19:03 - 2013-08-04 06:16 - 00000000 ____D C:\BigFishCache
2015-07-16 06:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 04:05 - 2014-04-09 03:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-16 04:05 - 2011-12-05 04:16 - 00001698 _____ C:\Windows\SysWOW64\CountScans.XML
2015-07-16 04:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 04:01 - 2015-04-15 03:33 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 05:09 - 2013-04-18 03:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 05:09 - 2012-06-02 10:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 05:09 - 2011-05-25 05:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 03:03 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-12 15:38 - 2010-11-24 05:38 - 00000000 ____D C:\Users\fay\Documents\Recipes
2015-07-12 15:16 - 2015-05-26 08:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Western Software Technologies
2015-07-11 20:07 - 2012-11-15 02:12 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-11 20:07 - 2012-10-30 22:19 - 00000000 ____D C:\Windows\Patches
2015-07-11 20:06 - 2014-04-09 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 20:06 - 2012-06-15 19:51 - 00001032 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 20:06 - 2011-05-01 08:36 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-11 20:06 - 2010-09-11 07:06 - 00001077 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-11 10:57 - 2012-12-02 21:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Elephant Games

==================== Files in the root of some directories =======

2014-03-23 11:45 - 2014-03-23 11:47 - 0000011 _____ () C:\Users\Admin\AppData\Roaming\log.txt
2013-06-16 12:27 - 2013-06-16 12:27 - 0000037 ___SH () C:\Users\Admin\AppData\Local\70149b02515b3bb20dd492.47983420
2010-09-11 01:14 - 2010-09-11 01:45 - 0003897 _____ () C:\ProgramData\doicrane_save.log
2012-03-11 11:34 - 2012-03-11 12:28 - 0001464 _____ () C:\ProgramData\hpzinstall.log
2014-04-13 21:23 - 2014-04-13 22:23 - 0000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2010-09-24 03:13 - 2010-09-24 03:13 - 0000059 _____ () C:\ProgramData\user.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 02:51

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 9th, 2015, 8:56 pm

And here is Addition.txt:


Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Admin (2015-08-09 20:43:23)
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-765319908-1524800839-1392544109-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-765319908-1524800839-1392544109-500 - Administrator - Disabled)
fay (S-1-5-21-765319908-1524800839-1392544109-1000 - Limited - Enabled) => C:\Users\fay
Guest (S-1-5-21-765319908-1524800839-1392544109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-765319908-1524800839-1392544109-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Disabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Disabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Disabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art of Murder: Cards of Destiny (HKLM-x32\...\BFG-Art of Murder - Cards of Destiny) (Version: - )
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brain Training for Dummies (HKLM-x32\...\BFG-Brain Training for Dummies) (Version: - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BVS Solitaire Collection (HKLM-x32\...\BFG-BVS Solitaire Collection) (Version: - )
calibre (HKLM-x32\...\{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}) (Version: 0.8.54 - Kovid Goyal)
Casebook (HKLM-x32\...\BFG-Casebook) (Version: - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - ATI) Hidden
City of Fools (HKLM-x32\...\BFG-City of Fools) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Delicious: Emily's Childhood Memories (HKLM-x32\...\BFG-Delicious - Emilys Childhood Memories) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dragon Keeper (HKLM-x32\...\BFG-Dragon Keeper) (Version: - )
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Fantasy Mosaics 4: Art of Color (HKLM-x32\...\BFG-Fantasy Mosaics 4 - Art of Color) (Version: - )
Fantasy Mosaics 5 (HKLM-x32\...\BFG-Fantasy Mosaics 5) (Version: - )
Fantasy Mosaics 6: Into the Unknown (HKLM-x32\...\BFG-Fantasy Mosaics 6 - Into the Unknown) (Version: - )
Fantasy Mosaics 7: Our Home (HKLM-x32\...\BFG-Fantasy Mosaics 7 - Our Home) (Version: - )
Farm to Fork (HKLM-x32\...\BFG-Farm to Fork) (Version: - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Garden Rescue (HKLM-x32\...\BFG-Garden Rescue) (Version: - )
Garden Rescue: Christmas Edition (HKLM-x32\...\BFG-Garden Rescue - Christmas Edition) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Grimm's Hatchery (HKLM-x32\...\BFG-Grimm's Hatchery) (Version: - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Holiday Jigsaw Valentine's Day (HKLM-x32\...\BFG-Holiday Jigsaw Valentines Day) (Version: - )
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP OfficeJet J4600 All-In-One Series (HKLM\...\{4945F319-A24D-454C-A411-F3689987315D}) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
HydraVision (x32 Version: 4.2.128.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jigsaw World Tour (HKLM-x32\...\BFG-Jigsaw World Tour) (Version: - )
Jigsaws Galore (HKLM-x32\...\BFG-Jigsaws Galore) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Mah-Jomino (HKLM-x32\...\BFG-Mah-Jomino) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mosaics Galore (HKLM-x32\...\BFG-Mosaics Galore) (Version: - )
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mr. Puzzle (HKLM-x32\...\BFG-Mr. Puzzle) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Kingdom for the Princess II (HKLM-x32\...\BFG-My Kingdom for the Princess II) (Version: - )
My Kingdom for the Princess III (HKLM-x32\...\BFG-My Kingdom for the Princess III) (Version: - )
Mystery Riddles (HKLM-x32\...\BFG-Mystery Riddles) (Version: - )
Nancy Drew - Curse of Blackmoor Manor (HKLM-x32\...\BFG-Nancy Drew - Curse of Blackmoor Manor) (Version: - )
Nancy Drew - Last Train to Blue Moon Canyon (HKLM-x32\...\BFG-Nancy Drew - Last Train to Blue Moon Canyon) (Version: - )
Nancy Drew - Secret Of The Old Clock (HKLM-x32\...\BFG-Nancy Drew - Secret Of The Old Clock) (Version: - )
Nancy Drew: Alibi in Ashes (HKLM-x32\...\BFG-Nancy Drew - Alibi in Ashes) (Version: - )
Nancy Drew: Ghost Dogs of Moon Lake (HKLM-x32\...\BFG-Nancy Drew - Ghost Dogs of Moon Lake) (Version: - )
Nancy Drew: Message in a Haunted Mansion (HKLM-x32\...\BFG-Nancy Drew - Message in a Haunted Mansion) (Version: - )
Nancy Drew: Secret of Shadow Ranch (HKLM-x32\...\BFG-Nancy Drew - Secret of Shadow Ranch) (Version: - )
Nancy Drew: Secret of the Scarlet Hand (HKLM-x32\...\BFG-Nancy Drew - Secret of the Scarlet Hand) (Version: - )
Nancy Drew: Shadow at the Water's Edge (HKLM-x32\...\BFG-Nancy Drew - Shadow at the Water's Edge) (Version: - )
Nancy Drew: The Captive Curse (HKLM-x32\...\BFG-Nancy Drew - The Captive Curse) (Version: - )
Nancy Drew: The Deadly Device (HKLM-x32\...\BFG-Nancy Drew - The Deadly Device) (Version: - )
Nancy Drew: The Final Scene (HKLM-x32\...\BFG-Nancy Drew - The Final Scene) (Version: - )
Nancy Drew: The Haunted Carousel (HKLM-x32\...\BFG-Nancy Drew - The Haunted Carousel) (Version: - )
Nancy Drew: The Silent Spy (HKLM-x32\...\BFG-Nancy Drew - The Silent Spy) (Version: - )
Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\BFG-Nancy Drew - Tomb of the Lost Queen) (Version: - )
Nancy Drew: Treasure in the Royal Tower (HKLM-x32\...\BFG-Nancy Drew - Treasure in the Royal Tower) (Version: - )
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Royal Jigsaw 2 (HKLM-x32\...\BFG-Royal Jigsaw 2) (Version: - )
Royal Jigsaw 3 (HKLM-x32\...\BFG-Royal Jigsaw 3) (Version: - )
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sudoku Latin Squares (HKLM-x32\...\BFG-Sudoku Latin Squares) (Version: - )
System Requirements Lab Detection (HKLM-x32\...\{B86FEEC7-510F-45C2-A681-E355E4CF8898}) (Version: 6.1.6.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toy Defense 3 - Fantasy (HKLM-x32\...\BFG-Toy Defense 3 - Fantasy) (Version: - )
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Who Am I (HKLM-x32\...\BFG-Who Am I) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

01-08-2015 03:48:26 Windows Update
01-08-2015 04:09:58 Installed System Requirements Lab Detection
04-08-2015 19:39:28 Windows Update
05-08-2015 22:10:51 JRT Pre-Junkware Removal
09-08-2015 12:44:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2011-11-04 08:47 - 00438159 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D631F9-6DCA-432C-A9C7-D407692F7D1C} - System32\Tasks\{179D2D17-B958-4B7C-8F8B-A6CBCFAE6F11} => pcalua.exe -a C:\Users\fay\Downloads\secrets-of-the-dark-temple-of-night_s1_l1_gF6256T1L1_d1406545218.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {0535DFE5-701A-471E-8BA1-E2CF3ABEB379} - System32\Tasks\{A676903C-C45B-43DD-B071-656C0D92EFA0} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {0A67F522-8CD5-4DD3-A529-ED518D1FC895} - System32\Tasks\{C84D2EF9-E08E-44A9-A7B6-2E86464BBC94} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p121211816_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {14DC0128-5252-4899-AC7E-A123E79E9408} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {1E13B6B2-2D0F-4DA0-AE7E-DE52AD8B92BE} - System32\Tasks\{79685DBF-5F4C-4AEA-AFB7-C1ED2DB41E0C} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O2CSLK4\bigfishgames_p112925717_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {1E90514A-EB91-4968-94D8-E553B637C41A} - System32\Tasks\{ED30F6FA-38B3-4725-BA43-1EF26CA831C6} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115435087_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {200F5A5A-A50D-4AAA-9A29-E523B1538E61} - System32\Tasks\{90D193A4-E211-4A06-9DD9-727E49FBC3A4} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTTLWFO\bigfishgames_p121269908_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {201A1A3B-E447-4504-A8C7-8CE574A9CA48} - System32\Tasks\{AA44B4F2-DAE0-4AE8-8E5E-6EC68617D43C} => pcalua.exe -a C:\Users\fay\Downloads\mystic-gateways-the-celestial-quest_s1_l1_gF5955T1L1_d1406544644.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2662C3F7-4CCD-4DED-B987-E3D19BFAB4D2} - System32\Tasks\{6B8A9F89-3147-423A-8493-B73FF25620FC} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2F56CE89-336A-4302-900F-2944F51C5873} - System32\Tasks\{A1BD3732-1EA9-4A93-B02C-2CC6B40F324E} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {331D389E-E7AB-49DA-A475-08244BCE78AF} - System32\Tasks\{8828DAD1-AD23-4932-9305-64F24BEAA215} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {3921128F-4866-4DB6-8D98-B108FB61D69D} - System32\Tasks\{E0D9E4DB-64FC-4EBB-B5C6-489B3D6051A9} => pcalua.exe -a C:\Users\fay\Downloads\hidden-in-time-mirror-mirror_s1_l1_gF2875T1L1_d1400479493.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {46BF2FA4-A53C-46F5-9084-55067D3BFC26} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {4971A075-89B3-4CEF-9EC3-0F822EBEC7F2} - System32\Tasks\{A5F0B333-A364-4323-8BB1-7743EA5367D8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p116509884_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5013628E-4713-44A9-B6DB-CEF460CF633E} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {51226FB1-7086-4454-9252-6C474862FC53} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5518233C-C902-45BF-B482-6E62A8591552} - System32\Tasks\hpUtility.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\utils\hpUtility.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5AA3364F-C0CA-41DC-9515-36B221C87625} - System32\Tasks\{5E4DB0BD-12E7-4775-A91F-83D0743BA7A3} => pcalua.exe -a C:\Users\fay\Downloads\vampire-saga-welcome-to-hell-lock_s1_l1_gF6323T1L1_d1409609995.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5F88543B-EF07-4A89-852E-5B5DD44E9300} - System32\Tasks\{0BCC4E6D-7F8C-4981-AF70-C05CC4446B0B} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p113648313_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {60D25ED5-D881-4185-96BB-1ACEBC0CA784} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {6118F1B6-F630-4267-99AB-A094F947FC39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {6AF902CC-C709-4BFA-9F36-6DDD30E0BA6B} - System32\Tasks\{802F3528-2C30-4C3D-8C7B-61A2DD772380} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {7159177C-AFBF-4B9A-BDF8-F7C1031E51DB} - System32\Tasks\{C06BD782-1773-4F54-B72B-1DB68D94796F} => pcalua.exe -a C:\Users\fay\Downloads\AmazonMP3Installer(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {77AD753E-021D-4544-A72B-02A630F6E4FC} - System32\Tasks\AdobeAAMUpdater-1.0-fay-PC-fay => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {83492967-2AD2-49A2-9C5F-8F8C881A979B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {89E2A58F-EA47-4C56-B622-79929F6C3DDC} - System32\Tasks\{06D86160-58EE-41A5-B52C-04A46A9D6A4F} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {914371EC-C6FB-4BAD-82A1-14BD43CCC787} - System32\Tasks\{5BA80D19-F4C7-4C8B-B234-8B304F355546} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-realm_s1_l1_gF6706T1L1_d1405491713.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {920FF7C6-18A8-4A3A-A80B-ABC07F799B8D} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe [2015-07-30] (ThreatTrack Security Inc.)
Task: {98E9A0CC-5988-44F1-840B-B67B3BD62DC2} - System32\Tasks\HPCeeScheduleForfay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9DF3876E-65A1-445C-AE38-791E5852E9F5} - System32\Tasks\{B3F215A0-F039-4151-B68D-4F363733DE58} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115300164_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {9E6A56B8-718E-4348-B19A-66FE156712EA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {9F0159D1-FAB2-484D-B9E8-43425D049419} - System32\Tasks\{8E7C215D-2D1B-468B-BEAE-F8A5A8C1D283} => pcalua.exe -a C:\Users\fay\Downloads\millennium-secrets-roxannes-necklace_s1_l1_gF6717T1L1_d1406542766.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A0B47B41-ACD5-4F4D-9586-CE2EC7F62CA9} - System32\Tasks\{DAA93FDF-CCC9-4D15-AE86-62EDBBB30ACA} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p51110979_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A23682F2-A635-454F-9623-7F5C1C2CA1F9} - System32\Tasks\{2F539F0C-9984-41E1-877C-9D661BDCB7C2} => pcalua.exe -a C:\Users\fay\Downloads\awakening-the-goblin-kingdom_s1_l1_gF6755T1L1_d1503674067.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A3EC34E4-7E3A-4500-BE3A-28B7424EE626} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4635ABE-5A8E-47DB-A2B6-DD5DEFCB1A43} - System32\Tasks\{8DE967A1-00F6-4FAB-9162-BFDC44C65B99} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A82ABBA2-D46B-437B-9420-E37A19C3B15E} - System32\Tasks\{9DDD666C-4CCB-422C-AB36-58BEA293F1C9} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {B3122CC9-8D85-4E42-A60F-CD39AA114ED2} - System32\Tasks\{75E8AF22-6F83-40EF-B51E-694BD2BA1416} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p57039746_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BF10AD13-07D6-49FC-BA1A-748E36656D3D} - System32\Tasks\{3F7AC69A-CC6E-499A-9DF1-A8FB47F36D91} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {C1651896-AFBF-4428-AED5-A0A53038F5FE} - System32\Tasks\{CD20E675-475E-430D-A999-006AF7789AB0} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C4ECBDAD-60AD-4270-A195-07CFA543BA78} - System32\Tasks\{B765C452-2DD4-445C-B510-345FDB0428E3} => pcalua.exe -a C:\Users\fay\Downloads\paranormal-crime-brohood-crescent-snake-ce_s1_l1_gF6692T1L1_d1405578465.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CBF4DDE4-C6CE-4D0B-8F1D-6CB3197E57D9} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D1DD3460-E00C-4249-B638-BF9E85103837} - System32\Tasks\{D7EEFE36-135B-4C36-A4F4-B9AA4AF6A069} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV9PJ45W\bigfishgames_p113088645_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {D32D5A06-51A3-43E7-9D44-8E5F07273084} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {D34DF0F6-A5D9-4A50-A3E6-2F587FA15D20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E0FE40B2-E5EC-4991-9B1C-753E20A68281} - System32\Tasks\{50742193-4A2D-4B16-9B69-E724CC291934} => pcalua.exe -a C:\Users\fay\Downloads\grim-facade-mystery-of-venice_s1_l1_gF6711T1L1_d1400481364.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {E83628D6-CB42-4AE7-ABE1-70D002C3DD36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EAA96CAF-B2E4-4F6C-89D1-CDBD073223CD} - System32\Tasks\{2380937D-C008-4C71-A71A-D1ED317D88C2} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-adventures-the-witchs-prison_s1_l1_gF5962T1L1_d1409957749.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EB8DA958-E5FA-4E0B-8BF0-70C46F160A76} - System32\Tasks\{D3C8B2D6-638E-4694-B1C4-423659F5BBD8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115954290_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EC803519-5E73-4709-8CC1-08DA90B39C66} - System32\Tasks\{C93684CC-5C22-41F9-87E4-F5695A3C6FB7} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115215773_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {ED9359A4-C105-43F4-B1CA-4FF144F3EA27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForfay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (Whitelisted) ==============

2006-12-22 08:31 - 2006-12-22 08:31 - 00108712 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2009-09-19 17:38 - 2009-09-19 17:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2009-09-14 19:17 - 2009-09-14 19:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-09-07 16:54 - 2009-09-07 16:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2010-09-08 12:08 - 2009-06-03 15:34 - 03764224 _____ () C:\Users\fay\AppData\Roaming\PictureMover\Bin\Core.dll
2010-09-08 12:08 - 2009-06-03 15:43 - 01703936 _____ () C:\Users\fay\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A4CDE823
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:B790962B
AlternateDataStreams: C:\ProgramData\Temp:C3702442
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:DEEB5C70
AlternateDataStreams: C:\ProgramData\Temp:F0E908D5

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7698 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\fay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99E6F953-AF6C-444B-A65D-C6F4A50E21C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7C97B664-D242-4181-A388-913141AF54AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{36EDF6B6-41D1-4CDB-9994-519D9EA3056F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{6EAC32C1-81B5-4431-A19A-00FBCE45E624}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{579DEC31-559F-4FB2-B15B-924B666C09B8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{85B3CEC1-CE56-481B-961F-CD273B0E1CDB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{2D66649C-4C7D-4CFA-B160-4D21FFEE3316}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{E4371197-ABE3-450A-88F3-C741F6E55C2B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{79CD9701-1A28-4A13-8A22-2EDEEA8A003E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9870FEB0-DD8F-4DC6-83F9-FA8EE2E750D4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E4684629-C62D-4DBE-B5FE-E210D7B36643}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{035BC04F-B1F5-473C-A280-6B01D9C1AF34}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{9D3466EF-979F-4E41-BC3E-EFC37AD1281D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6078D94B-EDAF-4C09-BC12-11EBFB8C02A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{173CBDE3-28A9-46AA-9BA3-FF1720549C84}] => (Allow) svchost.exe
FirewallRules: [{43020B60-9C84-40E6-81A3-0E9DD73DFFE7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF4B8492-E491-4BDF-8B3D-0E7AE983C494}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{5BB7594C-D04C-4328-A3AB-E150371ED1E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{2C04A3F2-9BE3-454E-992D-7DA3735C8C10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{6D6B67FC-836E-4BF1-9656-2512E962FCB2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1750E239-2D6A-40DD-931D-73CA56735FFE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1D1C0E76-F5FF-4A7C-B239-A1027F145D18}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{8D5E0BB2-3EBB-4560-999F-19F7B7508B1F}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{15A32B58-A895-4578-AE12-50EE9252532E}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{88832019-E77A-45E9-B201-22E5068B4C91}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{EA5323CF-2458-4260-A84D-DBE11596C6B8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{49EE1AA9-2567-4821-BCF6-A9468C7228DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1532522F-00B2-4DBB-B023-8D2A0B8FC613}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{025D0AF4-7AF7-4E90-BD64-1F1EE27900AF}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{9987C6E0-A590-40BF-ABD9-B9F4F7F7B889}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{42EF4C04-54CD-495B-B9E4-2815D67A049D}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS0A92\OJJ4600_Full_14\setup\hpznui40.exe
FirewallRules: [{BFDA91D3-88E7-45EA-90E1-FA5F41986CDC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D0EDD75-5231-47A6-A06D-6081CAA2DA0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84C55885-7A9C-41B7-8B16-511727A73E5F}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{4440D0C0-4914-4868-8ECB-792E7442120D}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{62FA2E9D-BAC8-491B-8E02-C47CB713A9C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71EDB5D0-F8DD-4AD8-8B8A-72483AD4EA6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4DE330C-6B57-4531-A6D3-23FD60ECACF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7416686F-D355-4EEF-94DE-E3A7A13EB54B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3A5E8D1-B3C2-4B29-A473-7506A40FF677}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{89592540-A7CC-432C-A333-8DAB4225C347}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD7840D7-2E17-413E-8067-FE73F3083648}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{049A999E-E5A1-40A2-A2DC-7A5BA3C67986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{DB94FF00-2CFD-4E4E-8760-8E1036EFB335}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B1295AD0-642C-4D68-8AD2-8CA6674E06FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B46A62AF-7CAA-4ABA-8C46-9712C411CFE7}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{D10EEF1C-2A4D-42AB-AF40-C66C11EF9367}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{3DD6F610-673C-49E8-9211-667B47F9472F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E534FC5B-C239-477A-9018-35B481E5980C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2BE0B955-D12A-40BB-93F5-576C0F777925}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{80E6C622-56C6-4AE1-ADBA-7ED44809A06C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{60AB0DC1-0727-46EC-9787-F363B64A29CD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4ADFE367-4641-440F-AAE1-4868453B3087}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54DFA08B-7442-4223-B74B-07481EDA2D40}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{37A57A9F-FBC5-457A-AD4C-6BC68D33C678}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9518A4F6-BA04-4A21-973D-C0721B054C4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{93B6E022-D6A4-43B6-A61F-40A2538E23D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{920DC97B-888A-4D7B-B30E-89AC9F5550CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{9F125263-5747-4826-A23B-704C51EBF05E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{A521F3C3-6E82-44F3-991C-6776296F08F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{1B9157CA-1256-4EE0-84A4-126EE3337886}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{C6537D7C-07D7-4204-B47A-8DCD4843882C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{764B26BD-C24E-4D5B-8865-8E068C8EE30D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5427480D-7E5A-4876-86AD-F3243C79F4A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BE4254B-E08D-4743-B391-24E81F1669BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC207AEF-AB44-49C3-B87A-7C97D7725578}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/09/2015 04:21:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7ec

Start Time: 01d0d2c059aff161

Termination Time: 31

Application Path: C:\Windows\Explorer.EXE

Report Id: 32b15dfd-3ed4-11e5-850b-a89947e0930a

Error: (08/09/2015 01:35:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:35:43 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
Instantiating VSS server

Error: (08/09/2015 01:25:25 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:25:25 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
Instantiating VSS server

Error: (08/09/2015 01:15:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:15:16 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
Instantiating VSS server

Error: (08/06/2015 11:18:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPTouchSmartMusic.exe version 3.1.1.3422 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 474

Start Time: 01d0d0b0a6d2b065

Termination Time: 16

Application Path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe

Report Id: ba6b3c4f-3cb2-11e5-8f2e-18a905b8e4ce

Error: (08/06/2015 08:10:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPTouchSmartMusic.exe version 3.1.1.3422 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8a8

Start Time: 01d0d09f322b1801

Termination Time: 38

Application Path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe

Report Id: 8a2382fd-3c98-11e5-801b-18a905b8e4ce


System errors:
=============
Error: (08/09/2015 08:36:30 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/09/2015 08:36:30 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/09/2015 08:36:30 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/09/2015 08:23:50 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/09/2015 04:21:25 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/09/2015 04:21:25 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/09/2015 04:20:51 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/09/2015 04:18:56 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/09/2015 04:18:56 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/09/2015 04:18:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.


Microsoft Office:
=========================
Error: (08/09/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/09/2015 04:21:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175677ec01d0d2c059aff16131C:\Windows\Explorer.EXE32b15dfd-3ed4-11e5-850b-a89947e0930a

Error: (08/09/2015 01:35:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:35:43 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:25:25 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:25:25 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:15:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:15:16 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/06/2015 11:18:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPTouchSmartMusic.exe3.1.1.342247401d0d0b0a6d2b06516C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exeba6b3c4f-3cb2-11e5-8f2e-18a905b8e4ce

Error: (08/06/2015 08:10:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPTouchSmartMusic.exe3.1.1.34228a801d0d09f322b180138C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe8a2382fd-3c98-11e5-801b-18a905b8e4ce


CodeIntegrity:
===================================
Date: 2015-08-09 14:28:24.685
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:28:24.655
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:28:24.635
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:56.858
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:56.858
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:56.838
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:50.258
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:50.248
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:50.218
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:50.218
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 23%
Total physical RAM: 8183.89 MB
Available physical RAM: 6286.13 MB
Total Virtual: 16365.99 MB
Available Virtual: 14364.46 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920 GB) (Free:675.39 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.22 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 9A0D0322)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 10th, 2015, 6:20 pm

Hi wbg,
My computer performed an improper shut down while I was at work today. I left it running, but had closed all programs. I was running MediaPlayer,firefox and notepad simultaneously this morning, and everything was working fine. No power outage or blinks today, no blinking clocks demanding to be reset. Another computer has been on all day and is still on. On July 26, I went out for a few hours and when I came back my computer was off, an improper shut down. We had a storm that day, so even though no clocks were blinking, I thought maybe a small power blink had caused my computer to shut down. Maybe not??
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 10th, 2015, 6:26 pm

Hi fayfox,

Please run and post the results.

MiniToolBox
If you do not have this on your desktop, please download MiniToolBox.exe and save it to your Desktop.

  • Right click on MiniToolBox and select " Run as administrator " to run it.
  • Check the following in the list:
    • List last 10 Event Viewer Errors.
    • List Minidump Files.
    • List Restore Points.
  • Click Go.
  • A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  • Please post the contents of the Result.txt in your next Reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 10th, 2015, 6:38 pm

Here it is wbg:

MiniToolBox by Farbar Version: 25-07-2015 01
Ran by Admin (administrator) on 10-08-2015 at 18:35:51
Running from "C:\Users\fay\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Model: BK169AAR-ABA HPE-210f Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/09/2015 07:00:01 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/09/2015 04:21:25 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7ec

Start Time: 01d0d2c059aff161

Termination Time: 31

Application Path: C:\Windows\Explorer.EXE

Report Id: 32b15dfd-3ed4-11e5-850b-a89947e0930a

Error: (08/09/2015 01:35:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:35:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
Instantiating VSS server

Error: (08/09/2015 01:25:25 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:25:25 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
Instantiating VSS server

Error: (08/09/2015 01:15:16 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:15:16 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
Instantiating VSS server

Error: (08/06/2015 11:18:33 PM) (Source: Application Hang) (User: )
Description: The program HPTouchSmartMusic.exe version 3.1.1.3422 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 474

Start Time: 01d0d0b0a6d2b065

Termination Time: 16

Application Path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe

Report Id: ba6b3c4f-3cb2-11e5-8f2e-18a905b8e4ce

Error: (08/06/2015 08:10:29 PM) (Source: Application Hang) (User: )
Description: The program HPTouchSmartMusic.exe version 3.1.1.3422 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8a8

Start Time: 01d0d09f322b1801

Termination Time: 38

Application Path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe

Report Id: 8a2382fd-3c98-11e5-801b-18a905b8e4ce


System errors:
=============
Error: (08/10/2015 05:56:48 PM) (Source: NetBT) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/10/2015 05:56:48 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/10/2015 05:56:45 PM) (Source: NetBT) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/10/2015 05:56:29 PM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa800759ba10, 0xfffff8000403e518, 0xfffffa800dec2110)C:\Windows\MEMORY.DMP081015-25162-01

Error: (08/10/2015 05:56:02 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:57:02 AM on ‎8/‎10/‎2015 was unexpected.

Error: (08/10/2015 08:58:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/10/2015 05:19:36 AM) (Source: NetBT) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/10/2015 12:26:42 AM) (Source: NetBT) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/10/2015 12:26:42 AM) (Source: NetBT) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/10/2015 12:26:42 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.


Microsoft Office Sessions:
=========================
Error: (08/09/2015 07:00:01 PM) (Source: Windows Backup)(User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/09/2015 04:21:25 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175677ec01d0d2c059aff16131C:\Windows\Explorer.EXE32b15dfd-3ed4-11e5-850b-a89947e0930a

Error: (08/09/2015 01:35:43 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:35:43 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:25:25 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:25:25 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:15:16 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/09/2015 01:15:16 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007041d, The service did not respond to the start or control request in a timely fashion.


Operation:
Instantiating VSS server

Error: (08/06/2015 11:18:33 PM) (Source: Application Hang)(User: )
Description: HPTouchSmartMusic.exe3.1.1.342247401d0d0b0a6d2b06516C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exeba6b3c4f-3cb2-11e5-8f2e-18a905b8e4ce

Error: (08/06/2015 08:10:29 PM) (Source: Application Hang)(User: )
Description: HPTouchSmartMusic.exe3.1.1.34228a801d0d09f322b180138C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe8a2382fd-3c98-11e5-801b-18a905b8e4ce


CodeIntegrity Errors:
===================================
Date: 2015-08-09 14:28:24.685
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:28:24.655
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:28:24.635
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:56.858
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:56.858
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:56.838
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:50.258
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:50.248
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:50.218
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 14:27:50.218
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

========================= Minidump Files ==================================

C:\Windows\Minidump\020214-30326-01.dmp
C:\Windows\Minidump\031314-20514-01.dmp
C:\Windows\Minidump\041811-27892-01.dmp
C:\Windows\Minidump\050111-21528-01.dmp
C:\Windows\Minidump\050513-59171-01.dmp
C:\Windows\Minidump\052511-28126-01.dmp
C:\Windows\Minidump\060614-18954-01.dmp
C:\Windows\Minidump\071213-20670-01.dmp
C:\Windows\Minidump\072611-18470-01.dmp
C:\Windows\Minidump\072615-25724-01.dmp
C:\Windows\Minidump\080214-27144-01.dmp
C:\Windows\Minidump\080413-27300-01.dmp
C:\Windows\Minidump\081015-25162-01.dmp
C:\Windows\Minidump\090213-20841-01.dmp
C:\Windows\Minidump\091811-17550-01.dmp
C:\Windows\Minidump\092011-19468-01.dmp
C:\Windows\Minidump\092211-16520-01.dmp
C:\Windows\Minidump\092414-31387-01.dmp
C:\Windows\Minidump\102011-22152-01.dmp
C:\Windows\Minidump\102111-16848-01.dmp
C:\Windows\Minidump\102211-15459-01.dmp
C:\Windows\Minidump\110111-19312-01.dmp
C:\Windows\Minidump\110711-23743-01.dmp
C:\Windows\Minidump\111311-19156-01.dmp
C:\Windows\Minidump\112314-23509-01.dmp
========================= Restore Points ==================================

01-08-2015 07:48:26 Windows Update
01-08-2015 08:09:58 Installed System Requirements Lab Detection
04-08-2015 23:39:28 Windows Update
06-08-2015 02:10:51 JRT Pre-Junkware Removal
09-08-2015 16:44:53 Windows Update

**** End of log ****
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 10th, 2015, 8:23 pm

Hi fayfox,

Who is your ISP?

What type of modem did they provide?

What type of router do you have?

Please post this file as an attachment: C:\Windows\Minidump\081015-25162-01.dmp
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 10th, 2015, 9:11 pm

Hi wbg,
ISP = Charter Communications
modem = Motorola SURFboard model SB6121
router = Linksys Smart Wi-Fi router N900 Media Stream, EA4500
I could not attach the file. Message "You don't have permission to open this file. Contact the file owner or an administrator to obtain permission." Logged on to admin acct, thinking that would work, same message. Had to let HitmanPro run scan before I could do anything. So, how do I give this file permission for me to upload?
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 10th, 2015, 11:02 pm

Hi wbg,
I copied the dmp file to desktop, then was able to upload. It was successful this time when I clicked Browse, highlighted the file, clicked open. Then I clicked Add the file and a message appeared under Post a reply that said : The extension dmp is not allowed. Did I do something in the wrong order?
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware