Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Proxy override...malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Proxy override...malware?

Unread postby wannabeageek » July 30th, 2015, 10:10 pm

Hi fayfox,

I have been working with computers since 1986 and have yet to find a program that completely uninstalls from Windows.

Please run the following fix.
I will have more tomorrow.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
C:\Program Files (x86)\Spybot - Search & Destroy
C:\ProgramData\Spybot - Search & Destroy
C:\Users\All Users\Spybot - Search & Destroy
C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res
C:\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res
C:\Users\fay\AppData\LocalLow\bfgbartb\BfgBarTb_2.2.0.10.exe
C:\Users\fay\AppData\LocalLow\bfgbartb\Update\Normal\bfg-update20200010.zip
C:\Users\fay\AppData\LocalLow\bfgbartb\Update\Silent\bfg-update20200010.zip
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Re: Proxy override...malware?

Unread postby fayfox » July 30th, 2015, 10:55 pm

I'll be here. Thanks wbg.
Spybot icon is gone from sys tray :)


Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by fay (2015-07-30 22:34:55) Run:2
Running from C:\Users\Admin\Downloads
Loaded Profiles: fay & Admin (Available Profiles: fay & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\Spybot - Search & Destroy
C:\ProgramData\Spybot - Search & Destroy
C:\Users\All Users\Spybot - Search & Destroy
C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res
C:\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res
C:\Users\fay\AppData\LocalLow\bfgbartb\BfgBarTb_2.2.0.10.exe
C:\Users\fay\AppData\LocalLow\bfgbartb\Update\Normal\bfg-update20200010.zip
C:\Users\fay\AppData\LocalLow\bfgbartb\Update\Silent\bfg-update20200010.zip
EmptyTemp:

*****************


"C:\Program Files (x86)\Spybot - Search & Destroy" folder move:

Could not move "C:\Program Files (x86)\Spybot - Search & Destroy" => Scheduled to move on reboot.

C:\ProgramData\Spybot - Search & Destroy => moved successfully.
"C:\Users\All Users\Spybot - Search & Destroy" => File/Folder not found.
Could not move "C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res" => Scheduled to move on reboot.
Could not move "C:\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res" => Scheduled to move on reboot.
C:\Users\fay\AppData\LocalLow\bfgbartb\BfgBarTb_2.2.0.10.exe => moved successfully.
C:\Users\fay\AppData\LocalLow\bfgbartb\Update\Normal\bfg-update20200010.zip => moved successfully.
C:\Users\fay\AppData\LocalLow\bfgbartb\Update\Silent\bfg-update20200010.zip => moved successfully.
EmptyTemp: => 1.5 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-30 22:48:04)<=

==> ATTENTION: System is not rebooted.
C:\Program Files (x86)\Spybot - Search & Destroy => moved successfully
C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res => moved successfully
C:\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res => Is moved successfully

==== End of Fixlog 22:48:04 ====
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 1st, 2015, 12:40 am

Hi fayfax,

Do you recall which drivers/programs/hardware were updated by Slimware?

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
  • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
    Code: Select all
    :filefind
    *Slimware*
    
    :folderfind
    *Slimware*
    
    :Regfind
    Slimware
    



  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 5:05 am

Hi wbg,
Few things to discuss.
I was trying to run The Witcher2. I went to Systemrequirementslab.com and ran their program to see if my system would run the game. On the results page, my video card did not pass and there was a link to update the video driver - ATI Radeon HD 5450. I don't know if any other drivers were automatically updated.
Looking thru my notes, I came across a password for Realplayer. It's not in my programs list, so I'm assuming I unistalled that program too.
My computer is running better, it's taking longer before it freezes. This last freeze I was able to almost get it to restart noramlly. On trying to shut down, a message stated it was waiting for explorer.exe to close. I wasn't sure if that was Internet Explorerer it was talking about, and since I had not opened IE I wanted to see if it was a program that ran on startup. It wasn't but I noticed a few things that maybe shouldn't be there?
~CCleaner Monitoring (not checked to run on startup)
~HPADVISOR ( checked to run)
~gumnotes (not checked to run)
~hpsysdrv application (checked to run)
I know I deleted the first two. The last two I looked to see if they were in my programs list and neither were there.

When I restarted this last time, I noticed a red x on the speaker icon. When I hovered over it with the mouse, message said "The Audio Service is not running". I played a music video and my volume seemed just fine.
Hope this helps.


SystemLook 30.07.11 by jpshortstuff
Log created at 02:47 on 01/08/2015 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "*Slimware*"
No files found.

========== folderfind ==========

Searching for "*Slimware*"
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\slimware utilities inc d------ [12:10 19/07/2015]

========== Regfind ==========

Searching for "Slimware"
[HKEY_CURRENT_USER\Software\SlimWare Utilities Inc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SlimWare Utilities Inc]
[HKEY_USERS\S-1-5-21-765319908-1524800839-1392544109-1003\Software\SlimWare Utilities Inc]

-= EOF =-
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 1st, 2015, 12:11 pm

Hi fayfox,

  1. Run this fix.
  2. Next, open "MSCONFIG.EXE" and under the general tab select "Normal Startup. Click Apply then reboot your computer.
  3. Run a new FRST scan of your computer.

Step 1.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
[HKEY_CURRENT_USER\Software\SlimWare Utilities Inc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SlimWare Utilities Inc]

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


Step 2.
  • Open "MSCONFIG.EXE" by coping MSCONFIG.EXE and pasting in the Start Menu run bar and hitting enter.
  • Under the "General" tab select "Normal startup".
  • Click Apply then reboot your computer.


Step 3.
Run a New Scan With the Farbar Scan Tool
  • Right click on FRST64.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. When the tool opens click Yes to disclaimer.
  • Check the box for Addition.txt so it will produce that file again.
  • Press the Scan button.
  • When finished scanning, a new version of the logs FRST.txt and Addition.txt will be saved on your Desktop and opened in Notepad.
  • Please post the contents of both in your next replies.
Separate replies are fine.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 12:21 pm

Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Admin (2015-08-01 12:17:47) Run:3
Running from C:\Users\Admin\Downloads
Loaded Profiles: fay & Admin (Available Profiles: fay & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
[HKEY_CURRENT_USER\Software\SlimWare Utilities Inc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SlimWare Utilities Inc]

Hey wbg,
Here is fixlog step 1.

*****************

[HKEY_CURRENT_USER\Software\SlimWare Utilities Inc] => Error: No automatic fix found for this entry.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SlimWare Utilities Inc] => Error: No automatic fix found for this entry.

==== End of Fixlog 12:17:47 ====
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 12:42 pm

Here's FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by Admin (administrator) on FAY-PC (01-08-2015 12:32:59)
Running from C:\Users\Admin\Downloads
Loaded Profiles: fay & Admin (Available Profiles: fay & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [FixCleaner] => "C:\Program Files (x86)\FixCleaner\FixCleaner.exe" -boot
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [PhotoshopElements8SyncAgent] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe [1954456 2011-09-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-25] (Electronic Arts)
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [CCleaner Monitoring] => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2010-05-18]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-07-20]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=chr-bfg&q={searchTerms}&ei=UTF-8
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80114&lng=en
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL =
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {F97DE5D7-6EBB-414E-8187-A32D103525AD} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Toolbar: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2011-11-17] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1003: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-11] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-11]
FF HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-19] (SurfRight B.V.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-25] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 04:11 - 2015-08-01 04:11 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-08-01 04:09 - 2015-08-01 04:09 - 00679936 _____ C:\Users\fay\Downloads\Detection(3).msi
2015-08-01 04:05 - 2015-08-01 04:06 - 00679936 _____ C:\Users\fay\Downloads\Detection(2).msi
2015-08-01 01:00 - 2015-08-01 01:00 - 00000000 _____ C:\Windows\system32\SBRC.dat
2015-07-30 22:28 - 2015-07-30 22:28 - 00001128 _____ C:\Users\Admin\Desktop\FRST64 - Shortcut.lnk
2015-07-30 17:27 - 2015-07-30 17:27 - 00002966 _____ C:\Windows\System32\Tasks\VIPRE Upgrade Task
2015-07-30 00:35 - 2015-07-30 00:35 - 00044998 _____ C:\Users\fay\Desktop\MTB.txt
2015-07-30 00:33 - 2015-07-30 00:33 - 00891392 _____ (Farbar) C:\Users\fay\Desktop\MiniToolBox.exe
2015-07-28 22:06 - 2015-08-01 03:01 - 00001308 _____ C:\Users\fay\Downloads\SystemLook.txt
2015-07-28 22:04 - 2015-07-28 22:04 - 00000773 _____ C:\Users\fay\Desktop\SystemLook_x64.exe - Shortcut.lnk
2015-07-28 22:02 - 2015-07-28 22:03 - 00165376 _____ C:\Users\fay\Downloads\SystemLook_x64.exe
2015-07-28 04:04 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 04:04 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 04:04 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 04:04 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-26 21:22 - 2015-07-26 21:22 - 00509440 _____ (Tech Support Guy System) C:\Users\fay\Desktop\SysInfo.exe
2015-07-26 17:05 - 2015-07-26 17:05 - 00947008 _____ C:\Windows\Minidump\072615-25724-01.dmp
2015-07-26 14:14 - 2015-07-26 14:14 - 00001378 _____ C:\Users\Admin\Desktop\eset2.txt
2015-07-26 08:53 - 2015-07-26 08:53 - 00001206 _____ C:\Users\fay\Desktop\adwcleaner_4.208.exe - Shortcut.lnk
2015-07-26 08:53 - 2015-07-26 08:53 - 00001083 _____ C:\Users\fay\Desktop\JRT.exe - Shortcut.lnk
2015-07-26 07:51 - 2015-07-30 05:34 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 03:03 - 2015-07-25 03:03 - 00001083 _____ C:\Users\fay\Desktop\OTL.exe - Shortcut.lnk
2015-07-25 00:21 - 2015-07-25 00:21 - 00090304 _____ C:\Users\fay\Downloads\Extras.Txt
2015-07-25 00:20 - 2015-07-25 00:20 - 00134184 _____ C:\Users\fay\Downloads\OTL.Txt
2015-07-25 00:08 - 2015-07-25 00:08 - 00602112 _____ (OldTimer Tools) C:\Users\fay\Downloads\OTL.exe
2015-07-24 17:35 - 2015-08-01 12:26 - 00000000 ___RD C:\Users\fay\iCloudDrive
2015-07-24 17:35 - 2015-07-24 17:35 - 00000000 ____D C:\Users\fay\AppData\Local\Apple Inc
2015-07-24 17:20 - 2015-07-24 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-07-21 21:22 - 2015-07-27 18:56 - 00000000 ____D C:\Users\fay\Documents\MalwareStuff
2015-07-21 04:45 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 04:45 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 04:45 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 04:45 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 04:45 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 04:45 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 04:45 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 04:45 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 04:45 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 04:45 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 20:17 - 2015-07-20 20:17 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-20 19:12 - 2015-07-20 19:12 - 00000008 __RSH C:\Users\Admin\ntuser.pol
2015-07-20 18:51 - 2015-07-30 22:20 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2015-07-20 18:46 - 2015-07-20 18:46 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FAY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-20 18:42 - 2015-07-20 18:42 - 00000000 ____D C:\RegBackup
2015-07-20 18:39 - 2015-07-20 18:39 - 01367040 _____ (Indigo Rose Corporation) C:\Users\Admin\Desktop\uninstall.exe
2015-07-20 18:39 - 2015-07-20 18:39 - 00325960 _____ C:\Users\Admin\Desktop\lua5.1.dll
2015-07-20 18:39 - 2015-07-20 18:39 - 00001510 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Admin\Desktop\Uninstall
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Admin\Desktop\files
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Admin\Desktop\color_presets
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-20 18:37 - 2015-07-20 18:37 - 04720448 _____ C:\Users\Admin\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-20 11:42 - 2015-07-20 11:43 - 05198336 _____ (AVAST Software) C:\Users\Admin\Downloads\aswMBR.exe
2015-07-20 11:37 - 2015-07-26 14:16 - 00000000 ____D C:\Users\Admin\Documents\MalwareRemoval
2015-07-20 11:31 - 2015-07-20 11:32 - 00085876 _____ C:\Users\Admin\Downloads\Addition.txt
2015-07-20 11:30 - 2015-08-01 12:33 - 00020451 _____ C:\Users\Admin\Downloads\FRST.txt
2015-07-20 11:29 - 2015-08-01 12:33 - 00000000 ____D C:\FRST
2015-07-20 11:26 - 2015-07-30 22:20 - 02168832 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-07-20 06:44 - 2015-07-20 06:43 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-20 06:43 - 2015-07-20 06:44 - 00000630 _____ C:\Windows\SecuniaPackage.log
2015-07-20 06:43 - 2015-07-20 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-20 06:43 - 2015-07-20 06:43 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-20 06:35 - 2015-07-20 06:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Secunia PSI
2015-07-20 06:34 - 2015-07-20 06:34 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-07-20 06:34 - 2015-07-20 06:34 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-07-20 06:31 - 2015-07-20 06:32 - 05490752 _____ (Secunia) C:\Users\fay\Downloads\PSISetup.exe
2015-07-19 17:04 - 2015-07-19 17:05 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Admin\Downloads\JRT.exe
2015-07-19 17:03 - 2015-07-19 17:04 - 02248704 _____ C:\Users\Admin\Downloads\adwcleaner_4.208.exe
2015-07-19 16:55 - 2015-07-19 16:55 - 00000000 ____D C:\Users\Admin\AppData\Local\GWX
2015-07-19 14:36 - 2015-07-19 14:56 - 00026929 _____ C:\Users\Admin\Desktop\attach.txt
2015-07-19 14:36 - 2015-07-19 14:54 - 00023071 _____ C:\Users\Admin\Desktop\dds.txt
2015-07-19 14:35 - 2015-07-19 14:35 - 00688992 ____R (Swearware) C:\Users\fay\Downloads\dds.scr
2015-07-19 10:26 - 2015-07-19 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-19 10:26 - 2015-07-19 11:24 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-19 10:26 - 2015-07-19 10:26 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-07-19 09:12 - 2015-07-19 09:12 - 00002377 _____ C:\Users\Admin\Downloads\JRT.txt
2015-07-19 09:10 - 2015-07-19 09:10 - 00002377 _____ C:\Users\Admin\Desktop\JRT.txt
2015-07-19 08:46 - 2015-07-19 10:40 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-19 08:45 - 2015-07-19 08:46 - 11032736 _____ (SurfRight B.V.) C:\Users\fay\Downloads\HitmanPro_x64.exe
2015-07-19 08:08 - 2015-07-19 08:08 - 01798288 _____ (Malwarebytes Corporation) C:\Users\fay\Downloads\JRT.exe
2015-07-18 14:12 - 2015-07-18 14:12 - 00127504 _____ C:\Users\fay\Documents\bookmarks_7_18_15.html
2015-07-18 13:45 - 2015-07-18 13:45 - 02248704 _____ C:\Users\fay\Downloads\adwcleaner_4.208 (1).exe
2015-07-18 13:37 - 2015-07-28 19:03 - 00000000 ____D C:\AdwCleaner
2015-07-18 13:36 - 2015-07-18 13:36 - 02248704 _____ C:\Users\fay\Downloads\adwcleaner_4.208.exe
2015-07-18 13:21 - 2015-07-18 13:21 - 04152184 _____ (Reason Software Company Inc.) C:\Users\fay\Downloads\setup-dlcm.exe
2015-07-18 13:21 - 2015-07-18 13:21 - 00000000 ____D C:\Program Files\Reason
2015-07-16 07:48 - 2015-07-16 07:48 - 00000000 ____D C:\Users\fay\AppData\Roaming\VisualShape
2015-07-15 12:04 - 2015-07-15 12:04 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-15 03:32 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 03:32 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 03:32 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 03:32 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 03:32 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 03:32 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 03:32 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 03:32 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 03:32 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 03:32 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 03:32 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 03:32 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 03:32 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 03:32 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 03:32 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 03:32 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 03:32 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 03:32 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 03:32 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 03:32 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 03:32 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 03:32 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 03:32 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 03:32 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 03:32 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 03:32 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 03:32 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 03:32 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 03:32 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 03:32 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 03:32 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 03:32 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 03:32 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 03:32 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 03:32 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 03:32 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 03:32 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 03:32 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 03:32 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 03:32 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 03:32 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 03:32 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 03:32 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 03:32 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 03:32 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 03:32 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 03:32 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 03:32 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 03:32 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 03:32 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 03:32 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 03:32 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 03:32 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 03:31 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 03:31 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 03:31 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 03:31 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 03:31 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 03:31 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 03:31 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 03:31 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 03:31 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 03:31 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 03:31 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 03:31 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 03:31 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 03:31 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 03:31 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 03:31 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 03:31 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 03:31 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 03:31 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 03:31 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 03:31 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 03:31 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 03:31 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 03:31 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 03:31 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 03:31 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 03:31 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 03:30 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 03:30 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 03:30 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 03:30 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 03:30 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 03:30 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 03:30 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 03:30 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 03:30 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 03:30 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 03:30 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 03:30 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 03:30 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 03:30 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 03:30 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 03:30 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 03:30 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 03:30 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 03:30 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 03:30 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-12 17:26 - 2015-07-12 17:26 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\bigfishgames_p238514316_s1_l1.exe
2015-07-12 17:26 - 2015-07-12 17:26 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\bigfishgames_p238514316_s1_l1 (1).exe
2015-07-12 15:35 - 2015-07-12 15:35 - 00002210 _____ C:\Users\Public\Desktop\Play Delicious - Emilys Childhood Memories.lnk
2015-07-12 15:33 - 2015-07-12 15:35 - 00000000 ____D C:\Program Files (x86)\Delicious - Emilys Childhood Memories
2015-07-12 15:33 - 2015-07-12 15:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Childhood Memories
2015-07-12 15:33 - 2015-07-12 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Childhood Memories
2015-07-12 14:50 - 2015-07-12 14:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VisualShape
2015-07-12 14:50 - 2015-07-12 14:50 - 00000000 ____D C:\ProgramData\VisualShape
2015-07-12 13:50 - 2015-07-12 15:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GameHouse
2015-07-12 13:49 - 2015-07-12 13:49 - 00001937 _____ C:\Users\Public\Desktop\Play Farm to Fork.lnk
2015-07-12 13:48 - 2015-07-12 13:49 - 00000000 ____D C:\Program Files (x86)\Farm to Fork
2015-07-12 13:48 - 2015-07-12 13:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm to Fork
2015-07-12 13:48 - 2015-07-12 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm to Fork
2015-07-11 20:07 - 2015-07-11 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-11 20:07 - 2015-07-11 20:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-11 10:53 - 2015-07-11 10:53 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\easter-eggztravaganza-2_s1_l1_gF7597T1L1_d2488663256.exe
2015-07-11 10:46 - 2015-07-11 10:46 - 00237568 _____ (Big Fish Games) C:\Users\fay\Downloads\easter-eggztravaganza-2_s1_l1_gF7597T1L1_d2488661125.exe
2015-07-10 09:39 - 2015-08-01 05:45 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 12:29 - 2010-05-19 13:13 - 01778248 _____ C:\Windows\WindowsUpdate.log
2015-08-01 12:25 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-01 12:24 - 2009-07-14 00:51 - 00053445 _____ C:\Windows\setupact.log
2015-08-01 12:09 - 2013-04-18 03:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-01 09:08 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-01 09:08 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-01 05:58 - 2010-05-18 21:14 - 00000000 ____D C:\Windows\Panther
2015-08-01 03:41 - 2010-11-26 09:48 - 00000000 ____D C:\Users\fay\Documents\Account Info
2015-07-31 16:56 - 2010-05-19 13:12 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-07-30 22:48 - 2013-08-03 11:54 - 00000000 ___HD C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
2015-07-30 22:38 - 2010-06-10 06:13 - 00538580 _____ C:\Windows\PFRO.log
2015-07-28 20:18 - 2014-05-06 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-26 17:05 - 2011-04-18 01:52 - 966412425 _____ C:\Windows\MEMORY.DMP
2015-07-26 17:05 - 2011-04-18 01:52 - 00000000 ____D C:\Windows\Minidump
2015-07-26 09:03 - 2010-05-18 20:56 - 00000000 ____D C:\ProgramData\Temp
2015-07-26 08:58 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-26 08:55 - 2012-07-07 10:14 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-25 07:57 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 18:05 - 2012-10-31 18:01 - 00000000 ____D C:\Users\fay\AppData\Roaming\Apple Computer
2015-07-24 18:02 - 2014-02-02 08:21 - 00000000 ____D C:\Users\fay\AppData\Local\Apple Computer
2015-07-24 17:35 - 2010-09-08 11:58 - 00000000 ____D C:\Users\fay
2015-07-24 17:20 - 2013-04-05 08:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-23 07:04 - 2012-06-19 17:22 - 00000000 ____D C:\Users\Admin
2015-07-22 04:00 - 2009-07-14 00:45 - 00343664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 17:52 - 2014-11-22 16:47 - 00000276 __RSH C:\Users\fay\ntuser.pol
2015-07-20 20:44 - 2014-01-31 02:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VIPRE
2015-07-20 18:51 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-20 18:46 - 2012-05-17 22:51 - 00000796 _____ C:\Users\Admin\Desktop\Settings.ini
2015-07-20 09:59 - 2011-11-01 12:40 - 00000000 ____D C:\Users\fay\Documents\Computer Tools
2015-07-20 06:43 - 2014-07-28 05:28 - 00000000 ____D C:\ProgramData\Oracle
2015-07-19 18:00 - 2015-01-08 07:46 - 00000000 ____D C:\Users\Admin\Documents\Account Info
2015-07-19 16:55 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-19 12:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2015-07-19 11:24 - 2014-01-31 02:40 - 00000000 ____D C:\Program Files (x86)\VIPRE
2015-07-19 11:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 11:23 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-19 11:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-18 14:25 - 2015-01-10 06:06 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-18 14:24 - 2015-01-10 06:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2015-07-18 14:24 - 2014-11-30 21:43 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-07-18 14:24 - 2014-05-23 19:37 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
2015-07-18 14:24 - 2014-05-23 19:37 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
2015-07-18 08:30 - 2011-11-26 12:22 - 00000000 ____D C:\Windows\pss
2015-07-18 08:23 - 2010-05-18 20:38 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-18 08:07 - 2010-09-08 12:00 - 00000000 ____D C:\Users\fay\AppData\Local\Hewlett-Packard
2015-07-16 19:03 - 2013-08-04 06:16 - 00000000 ____D C:\BigFishCache
2015-07-16 06:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 04:05 - 2014-04-09 03:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-16 04:05 - 2012-04-27 06:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-16 04:05 - 2011-12-05 04:16 - 00001698 _____ C:\Windows\SysWOW64\CountScans.XML
2015-07-16 04:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 04:01 - 2015-04-15 03:33 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 05:09 - 2013-04-18 03:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 05:09 - 2012-06-02 10:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 05:09 - 2011-05-25 05:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 03:03 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-12 15:38 - 2010-11-24 05:38 - 00000000 ____D C:\Users\fay\Documents\Recipes
2015-07-12 15:16 - 2015-05-26 08:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Western Software Technologies
2015-07-11 20:07 - 2012-11-15 02:12 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-11 20:07 - 2012-10-30 22:19 - 00000000 ____D C:\Windows\Patches
2015-07-11 20:06 - 2014-04-09 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 20:06 - 2012-06-15 19:51 - 00001032 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 20:06 - 2011-05-01 08:36 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-11 20:06 - 2010-09-11 07:06 - 00001077 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-11 20:05 - 2015-01-14 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-11 10:57 - 2012-12-02 21:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Elephant Games
2015-07-05 01:00 - 2010-09-10 06:46 - 00003170 _____ C:\Windows\System32\Tasks\HPCeeScheduleForfay
2015-07-05 01:00 - 2010-09-10 06:46 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForfay.job

==================== Files in the root of some directories =======

2014-03-23 11:45 - 2014-03-23 11:47 - 0000011 _____ () C:\Users\Admin\AppData\Roaming\log.txt
2013-06-16 12:27 - 2013-06-16 12:27 - 0000037 ___SH () C:\Users\Admin\AppData\Local\70149b02515b3bb20dd492.47983420
2010-09-11 01:14 - 2010-09-11 01:45 - 0003897 _____ () C:\ProgramData\doicrane_save.log
2012-03-11 11:34 - 2012-03-11 12:28 - 0001464 _____ () C:\ProgramData\hpzinstall.log
2014-04-13 21:23 - 2014-04-13 22:23 - 0000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2010-09-24 03:13 - 2010-09-24 03:13 - 0000059 _____ () C:\ProgramData\user.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 00:22

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 12:44 pm

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Admin (2015-08-01 12:34:15)
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-765319908-1524800839-1392544109-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-765319908-1524800839-1392544109-500 - Administrator - Disabled)
fay (S-1-5-21-765319908-1524800839-1392544109-1000 - Limited - Enabled) => C:\Users\fay
Guest (S-1-5-21-765319908-1524800839-1392544109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-765319908-1524800839-1392544109-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art of Murder: Cards of Destiny (HKLM-x32\...\BFG-Art of Murder - Cards of Destiny) (Version: - )
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brain Training for Dummies (HKLM-x32\...\BFG-Brain Training for Dummies) (Version: - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BVS Solitaire Collection (HKLM-x32\...\BFG-BVS Solitaire Collection) (Version: - )
calibre (HKLM-x32\...\{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}) (Version: 0.8.54 - Kovid Goyal)
Casebook (HKLM-x32\...\BFG-Casebook) (Version: - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - ATI) Hidden
City of Fools (HKLM-x32\...\BFG-City of Fools) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Delicious: Emily's Childhood Memories (HKLM-x32\...\BFG-Delicious - Emilys Childhood Memories) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dragon Keeper (HKLM-x32\...\BFG-Dragon Keeper) (Version: - )
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Fantasy Mosaics 4: Art of Color (HKLM-x32\...\BFG-Fantasy Mosaics 4 - Art of Color) (Version: - )
Fantasy Mosaics 5 (HKLM-x32\...\BFG-Fantasy Mosaics 5) (Version: - )
Fantasy Mosaics 6: Into the Unknown (HKLM-x32\...\BFG-Fantasy Mosaics 6 - Into the Unknown) (Version: - )
Fantasy Mosaics 7: Our Home (HKLM-x32\...\BFG-Fantasy Mosaics 7 - Our Home) (Version: - )
Farm to Fork (HKLM-x32\...\BFG-Farm to Fork) (Version: - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Garden Rescue (HKLM-x32\...\BFG-Garden Rescue) (Version: - )
Garden Rescue: Christmas Edition (HKLM-x32\...\BFG-Garden Rescue - Christmas Edition) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Grimm's Hatchery (HKLM-x32\...\BFG-Grimm's Hatchery) (Version: - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Holiday Jigsaw Valentine's Day (HKLM-x32\...\BFG-Holiday Jigsaw Valentines Day) (Version: - )
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP OfficeJet J4600 All-In-One Series (HKLM\...\{4945F319-A24D-454C-A411-F3689987315D}) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
HydraVision (x32 Version: 4.2.128.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jigsaw World Tour (HKLM-x32\...\BFG-Jigsaw World Tour) (Version: - )
Jigsaws Galore (HKLM-x32\...\BFG-Jigsaws Galore) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Mah-Jomino (HKLM-x32\...\BFG-Mah-Jomino) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mosaics Galore (HKLM-x32\...\BFG-Mosaics Galore) (Version: - )
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mr. Puzzle (HKLM-x32\...\BFG-Mr. Puzzle) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Kingdom for the Princess II (HKLM-x32\...\BFG-My Kingdom for the Princess II) (Version: - )
My Kingdom for the Princess III (HKLM-x32\...\BFG-My Kingdom for the Princess III) (Version: - )
Mystery Riddles (HKLM-x32\...\BFG-Mystery Riddles) (Version: - )
Nancy Drew - Curse of Blackmoor Manor (HKLM-x32\...\BFG-Nancy Drew - Curse of Blackmoor Manor) (Version: - )
Nancy Drew - Last Train to Blue Moon Canyon (HKLM-x32\...\BFG-Nancy Drew - Last Train to Blue Moon Canyon) (Version: - )
Nancy Drew - Secret Of The Old Clock (HKLM-x32\...\BFG-Nancy Drew - Secret Of The Old Clock) (Version: - )
Nancy Drew: Alibi in Ashes (HKLM-x32\...\BFG-Nancy Drew - Alibi in Ashes) (Version: - )
Nancy Drew: Ghost Dogs of Moon Lake (HKLM-x32\...\BFG-Nancy Drew - Ghost Dogs of Moon Lake) (Version: - )
Nancy Drew: Message in a Haunted Mansion (HKLM-x32\...\BFG-Nancy Drew - Message in a Haunted Mansion) (Version: - )
Nancy Drew: Secret of Shadow Ranch (HKLM-x32\...\BFG-Nancy Drew - Secret of Shadow Ranch) (Version: - )
Nancy Drew: Secret of the Scarlet Hand (HKLM-x32\...\BFG-Nancy Drew - Secret of the Scarlet Hand) (Version: - )
Nancy Drew: Shadow at the Water's Edge (HKLM-x32\...\BFG-Nancy Drew - Shadow at the Water's Edge) (Version: - )
Nancy Drew: The Captive Curse (HKLM-x32\...\BFG-Nancy Drew - The Captive Curse) (Version: - )
Nancy Drew: The Deadly Device (HKLM-x32\...\BFG-Nancy Drew - The Deadly Device) (Version: - )
Nancy Drew: The Final Scene (HKLM-x32\...\BFG-Nancy Drew - The Final Scene) (Version: - )
Nancy Drew: The Haunted Carousel (HKLM-x32\...\BFG-Nancy Drew - The Haunted Carousel) (Version: - )
Nancy Drew: The Silent Spy (HKLM-x32\...\BFG-Nancy Drew - The Silent Spy) (Version: - )
Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\BFG-Nancy Drew - Tomb of the Lost Queen) (Version: - )
Nancy Drew: Treasure in the Royal Tower (HKLM-x32\...\BFG-Nancy Drew - Treasure in the Royal Tower) (Version: - )
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Royal Jigsaw 2 (HKLM-x32\...\BFG-Royal Jigsaw 2) (Version: - )
Royal Jigsaw 3 (HKLM-x32\...\BFG-Royal Jigsaw 3) (Version: - )
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sudoku Latin Squares (HKLM-x32\...\BFG-Sudoku Latin Squares) (Version: - )
System Requirements Lab Detection (HKLM-x32\...\{B86FEEC7-510F-45C2-A681-E355E4CF8898}) (Version: 6.1.6.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toy Defense 3 - Fantasy (HKLM-x32\...\BFG-Toy Defense 3 - Fantasy) (Version: - )
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Who Am I (HKLM-x32\...\BFG-Who Am I) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-07-2015 20:15:48 Windows Update
01-08-2015 03:48:26 Windows Update
01-08-2015 04:09:58 Installed System Requirements Lab Detection

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2011-11-04 08:47 - 00438159 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D631F9-6DCA-432C-A9C7-D407692F7D1C} - System32\Tasks\{179D2D17-B958-4B7C-8F8B-A6CBCFAE6F11} => pcalua.exe -a C:\Users\fay\Downloads\secrets-of-the-dark-temple-of-night_s1_l1_gF6256T1L1_d1406545218.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {0535DFE5-701A-471E-8BA1-E2CF3ABEB379} - System32\Tasks\{A676903C-C45B-43DD-B071-656C0D92EFA0} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {0A67F522-8CD5-4DD3-A529-ED518D1FC895} - System32\Tasks\{C84D2EF9-E08E-44A9-A7B6-2E86464BBC94} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p121211816_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {14DC0128-5252-4899-AC7E-A123E79E9408} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {1E13B6B2-2D0F-4DA0-AE7E-DE52AD8B92BE} - System32\Tasks\{79685DBF-5F4C-4AEA-AFB7-C1ED2DB41E0C} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O2CSLK4\bigfishgames_p112925717_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {1E90514A-EB91-4968-94D8-E553B637C41A} - System32\Tasks\{ED30F6FA-38B3-4725-BA43-1EF26CA831C6} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115435087_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {200F5A5A-A50D-4AAA-9A29-E523B1538E61} - System32\Tasks\{90D193A4-E211-4A06-9DD9-727E49FBC3A4} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTTLWFO\bigfishgames_p121269908_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {201A1A3B-E447-4504-A8C7-8CE574A9CA48} - System32\Tasks\{AA44B4F2-DAE0-4AE8-8E5E-6EC68617D43C} => pcalua.exe -a C:\Users\fay\Downloads\mystic-gateways-the-celestial-quest_s1_l1_gF5955T1L1_d1406544644.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2662C3F7-4CCD-4DED-B987-E3D19BFAB4D2} - System32\Tasks\{6B8A9F89-3147-423A-8493-B73FF25620FC} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2F56CE89-336A-4302-900F-2944F51C5873} - System32\Tasks\{A1BD3732-1EA9-4A93-B02C-2CC6B40F324E} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {331D389E-E7AB-49DA-A475-08244BCE78AF} - System32\Tasks\{8828DAD1-AD23-4932-9305-64F24BEAA215} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {3921128F-4866-4DB6-8D98-B108FB61D69D} - System32\Tasks\{E0D9E4DB-64FC-4EBB-B5C6-489B3D6051A9} => pcalua.exe -a C:\Users\fay\Downloads\hidden-in-time-mirror-mirror_s1_l1_gF2875T1L1_d1400479493.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {46BF2FA4-A53C-46F5-9084-55067D3BFC26} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {4971A075-89B3-4CEF-9EC3-0F822EBEC7F2} - System32\Tasks\{A5F0B333-A364-4323-8BB1-7743EA5367D8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p116509884_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5013628E-4713-44A9-B6DB-CEF460CF633E} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {51226FB1-7086-4454-9252-6C474862FC53} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5518233C-C902-45BF-B482-6E62A8591552} - System32\Tasks\hpUtility.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\utils\hpUtility.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5AA3364F-C0CA-41DC-9515-36B221C87625} - System32\Tasks\{5E4DB0BD-12E7-4775-A91F-83D0743BA7A3} => pcalua.exe -a C:\Users\fay\Downloads\vampire-saga-welcome-to-hell-lock_s1_l1_gF6323T1L1_d1409609995.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5F88543B-EF07-4A89-852E-5B5DD44E9300} - System32\Tasks\{0BCC4E6D-7F8C-4981-AF70-C05CC4446B0B} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p113648313_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {60D25ED5-D881-4185-96BB-1ACEBC0CA784} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {6118F1B6-F630-4267-99AB-A094F947FC39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {6AF902CC-C709-4BFA-9F36-6DDD30E0BA6B} - System32\Tasks\{802F3528-2C30-4C3D-8C7B-61A2DD772380} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {7159177C-AFBF-4B9A-BDF8-F7C1031E51DB} - System32\Tasks\{C06BD782-1773-4F54-B72B-1DB68D94796F} => pcalua.exe -a C:\Users\fay\Downloads\AmazonMP3Installer(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {77AD753E-021D-4544-A72B-02A630F6E4FC} - System32\Tasks\AdobeAAMUpdater-1.0-fay-PC-fay => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {83492967-2AD2-49A2-9C5F-8F8C881A979B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {89E2A58F-EA47-4C56-B622-79929F6C3DDC} - System32\Tasks\{06D86160-58EE-41A5-B52C-04A46A9D6A4F} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {914371EC-C6FB-4BAD-82A1-14BD43CCC787} - System32\Tasks\{5BA80D19-F4C7-4C8B-B234-8B304F355546} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-realm_s1_l1_gF6706T1L1_d1405491713.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {920FF7C6-18A8-4A3A-A80B-ABC07F799B8D} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe [2015-07-30] (ThreatTrack Security Inc.)
Task: {98E9A0CC-5988-44F1-840B-B67B3BD62DC2} - System32\Tasks\HPCeeScheduleForfay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9DF3876E-65A1-445C-AE38-791E5852E9F5} - System32\Tasks\{B3F215A0-F039-4151-B68D-4F363733DE58} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115300164_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {9E6A56B8-718E-4348-B19A-66FE156712EA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {9F0159D1-FAB2-484D-B9E8-43425D049419} - System32\Tasks\{8E7C215D-2D1B-468B-BEAE-F8A5A8C1D283} => pcalua.exe -a C:\Users\fay\Downloads\millennium-secrets-roxannes-necklace_s1_l1_gF6717T1L1_d1406542766.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A0B47B41-ACD5-4F4D-9586-CE2EC7F62CA9} - System32\Tasks\{DAA93FDF-CCC9-4D15-AE86-62EDBBB30ACA} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p51110979_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A23682F2-A635-454F-9623-7F5C1C2CA1F9} - System32\Tasks\{2F539F0C-9984-41E1-877C-9D661BDCB7C2} => pcalua.exe -a C:\Users\fay\Downloads\awakening-the-goblin-kingdom_s1_l1_gF6755T1L1_d1503674067.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A3EC34E4-7E3A-4500-BE3A-28B7424EE626} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4635ABE-5A8E-47DB-A2B6-DD5DEFCB1A43} - System32\Tasks\{8DE967A1-00F6-4FAB-9162-BFDC44C65B99} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A82ABBA2-D46B-437B-9420-E37A19C3B15E} - System32\Tasks\{9DDD666C-4CCB-422C-AB36-58BEA293F1C9} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {AF1FE2BF-AAC2-40F4-8979-DAAA6F74B787} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B3122CC9-8D85-4E42-A60F-CD39AA114ED2} - System32\Tasks\{75E8AF22-6F83-40EF-B51E-694BD2BA1416} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p57039746_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BF10AD13-07D6-49FC-BA1A-748E36656D3D} - System32\Tasks\{3F7AC69A-CC6E-499A-9DF1-A8FB47F36D91} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {C1651896-AFBF-4428-AED5-A0A53038F5FE} - System32\Tasks\{CD20E675-475E-430D-A999-006AF7789AB0} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C4ECBDAD-60AD-4270-A195-07CFA543BA78} - System32\Tasks\{B765C452-2DD4-445C-B510-345FDB0428E3} => pcalua.exe -a C:\Users\fay\Downloads\paranormal-crime-brohood-crescent-snake-ce_s1_l1_gF6692T1L1_d1405578465.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CBF4DDE4-C6CE-4D0B-8F1D-6CB3197E57D9} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D1DD3460-E00C-4249-B638-BF9E85103837} - System32\Tasks\{D7EEFE36-135B-4C36-A4F4-B9AA4AF6A069} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV9PJ45W\bigfishgames_p113088645_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {D32D5A06-51A3-43E7-9D44-8E5F07273084} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {D34DF0F6-A5D9-4A50-A3E6-2F587FA15D20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E0FE40B2-E5EC-4991-9B1C-753E20A68281} - System32\Tasks\{50742193-4A2D-4B16-9B69-E724CC291934} => pcalua.exe -a C:\Users\fay\Downloads\grim-facade-mystery-of-venice_s1_l1_gF6711T1L1_d1400481364.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {E4A4C26E-CAAF-494E-AC05-CE16BCDDA3C7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E83628D6-CB42-4AE7-ABE1-70D002C3DD36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EAA96CAF-B2E4-4F6C-89D1-CDBD073223CD} - System32\Tasks\{2380937D-C008-4C71-A71A-D1ED317D88C2} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-adventures-the-witchs-prison_s1_l1_gF5962T1L1_d1409957749.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EB8DA958-E5FA-4E0B-8BF0-70C46F160A76} - System32\Tasks\{D3C8B2D6-638E-4694-B1C4-423659F5BBD8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115954290_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EC803519-5E73-4709-8CC1-08DA90B39C66} - System32\Tasks\{C93684CC-5C22-41F9-87E4-F5695A3C6FB7} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115215773_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {ED9359A4-C105-43F4-B1CA-4FF144F3EA27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {EE1231F4-9AFF-485E-8D04-F93DA4A1C7FD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {EF35A44F-A33A-4AC7-908A-DDD35C9BBA44} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForfay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (Whitelisted) ==============

2006-12-22 08:31 - 2006-12-22 08:31 - 00108712 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2009-09-19 17:38 - 2009-09-19 17:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2009-09-14 19:17 - 2009-09-14 19:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-09-07 16:54 - 2009-09-07 16:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2011-09-01 03:22 - 2011-09-01 03:22 - 03040920 _____ () C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtCore4.dll
2011-09-01 03:22 - 2011-09-01 03:22 - 10729624 _____ () C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtGui4.dll
2011-09-01 03:27 - 2011-09-01 03:27 - 00286360 _____ () C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtPlugins\imageformats\qjpeg4.dll
2010-09-08 12:08 - 2009-06-03 15:34 - 03764224 _____ () C:\Users\fay\AppData\Roaming\PictureMover\Bin\Core.dll
2010-09-08 12:08 - 2009-06-03 15:43 - 01703936 _____ () C:\Users\fay\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7698 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\fay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^fay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GumNotes.lnk => C:\Windows\pss\GumNotes.lnk.Startup
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99E6F953-AF6C-444B-A65D-C6F4A50E21C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7C97B664-D242-4181-A388-913141AF54AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{36EDF6B6-41D1-4CDB-9994-519D9EA3056F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{6EAC32C1-81B5-4431-A19A-00FBCE45E624}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{579DEC31-559F-4FB2-B15B-924B666C09B8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{85B3CEC1-CE56-481B-961F-CD273B0E1CDB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{2D66649C-4C7D-4CFA-B160-4D21FFEE3316}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{E4371197-ABE3-450A-88F3-C741F6E55C2B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{79CD9701-1A28-4A13-8A22-2EDEEA8A003E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9870FEB0-DD8F-4DC6-83F9-FA8EE2E750D4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E4684629-C62D-4DBE-B5FE-E210D7B36643}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{035BC04F-B1F5-473C-A280-6B01D9C1AF34}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{9D3466EF-979F-4E41-BC3E-EFC37AD1281D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6078D94B-EDAF-4C09-BC12-11EBFB8C02A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{173CBDE3-28A9-46AA-9BA3-FF1720549C84}] => (Allow) svchost.exe
FirewallRules: [{43020B60-9C84-40E6-81A3-0E9DD73DFFE7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF4B8492-E491-4BDF-8B3D-0E7AE983C494}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{5BB7594C-D04C-4328-A3AB-E150371ED1E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{2C04A3F2-9BE3-454E-992D-7DA3735C8C10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{6D6B67FC-836E-4BF1-9656-2512E962FCB2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1750E239-2D6A-40DD-931D-73CA56735FFE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1D1C0E76-F5FF-4A7C-B239-A1027F145D18}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{8D5E0BB2-3EBB-4560-999F-19F7B7508B1F}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{15A32B58-A895-4578-AE12-50EE9252532E}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{88832019-E77A-45E9-B201-22E5068B4C91}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{EA5323CF-2458-4260-A84D-DBE11596C6B8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{49EE1AA9-2567-4821-BCF6-A9468C7228DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1532522F-00B2-4DBB-B023-8D2A0B8FC613}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{025D0AF4-7AF7-4E90-BD64-1F1EE27900AF}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{9987C6E0-A590-40BF-ABD9-B9F4F7F7B889}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{42EF4C04-54CD-495B-B9E4-2815D67A049D}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS0A92\OJJ4600_Full_14\setup\hpznui40.exe
FirewallRules: [{BFDA91D3-88E7-45EA-90E1-FA5F41986CDC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D0EDD75-5231-47A6-A06D-6081CAA2DA0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84C55885-7A9C-41B7-8B16-511727A73E5F}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{4440D0C0-4914-4868-8ECB-792E7442120D}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{62FA2E9D-BAC8-491B-8E02-C47CB713A9C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71EDB5D0-F8DD-4AD8-8B8A-72483AD4EA6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4DE330C-6B57-4531-A6D3-23FD60ECACF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7416686F-D355-4EEF-94DE-E3A7A13EB54B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3A5E8D1-B3C2-4B29-A473-7506A40FF677}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{89592540-A7CC-432C-A333-8DAB4225C347}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD7840D7-2E17-413E-8067-FE73F3083648}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{049A999E-E5A1-40A2-A2DC-7A5BA3C67986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{DB94FF00-2CFD-4E4E-8760-8E1036EFB335}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B1295AD0-642C-4D68-8AD2-8CA6674E06FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B46A62AF-7CAA-4ABA-8C46-9712C411CFE7}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{D10EEF1C-2A4D-42AB-AF40-C66C11EF9367}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{3DD6F610-673C-49E8-9211-667B47F9472F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E534FC5B-C239-477A-9018-35B481E5980C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2BE0B955-D12A-40BB-93F5-576C0F777925}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{80E6C622-56C6-4AE1-ADBA-7ED44809A06C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{60AB0DC1-0727-46EC-9787-F363B64A29CD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4ADFE367-4641-440F-AAE1-4868453B3087}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54DFA08B-7442-4223-B74B-07481EDA2D40}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{37A57A9F-FBC5-457A-AD4C-6BC68D33C678}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9518A4F6-BA04-4A21-973D-C0721B054C4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{93B6E022-D6A4-43B6-A61F-40A2538E23D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{920DC97B-888A-4D7B-B30E-89AC9F5550CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{9F125263-5747-4826-A23B-704C51EBF05E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{A521F3C3-6E82-44F3-991C-6776296F08F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{1B9157CA-1256-4EE0-84A4-126EE3337886}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{C6537D7C-07D7-4204-B47A-8DCD4843882C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{764B26BD-C24E-4D5B-8865-8E068C8EE30D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5427480D-7E5A-4876-86AD-F3243C79F4A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BE4254B-E08D-4743-B391-24E81F1669BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC207AEF-AB44-49C3-B87A-7C97D7725578}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2015 12:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0xc0000005
Fault offset: 0x00049b14
Faulting process id: 0xbc4
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (08/01/2015 04:08:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: fay-PC)
Description: Product: System Requirements Lab Detection -- A later version of System Requirements Lab Detection is already installed. Setup will now exit.

Error: (08/01/2015 03:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0x40000015
Fault offset: 0x00093534
Faulting process id: 0x860
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (08/01/2015 03:25:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 155c

Start Time: 01d0cc27d847159f

Termination Time: 16

Application Path: C:\WINDOWS\notepad.exe

Report Id: 4701bb8d-381e-11e5-926e-18a905b8e4ce

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/01/2015 12:31:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (08/01/2015 12:26:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:26:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:26:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/01/2015 12:23:13 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:23:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:23:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:17:21 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:17:21 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:15:00 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.


Microsoft Office:
=========================
Error: (08/01/2015 12:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c000000500049b14bc401d0cc76c34970c5C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeb3f38a64-386a-11e5-8112-18a905b8e4ce

Error: (08/01/2015 04:08:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: fay-PC)
Description: Product: System Requirements Lab Detection -- A later version of System Requirements Lab Detection is already installed. Setup will now exit.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2015 03:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353486001d0cc2c96c9f89cC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeaf7a4ca4-3820-11e5-8a3f-18a905b8e4ce

Error: (08/01/2015 03:25:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notepad.exe6.1.7600.16385155c01d0cc27d847159f16C:\WINDOWS\notepad.exe4701bb8d-381e-11e5-926e-18a905b8e4ce

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 31%
Total physical RAM: 8183.89 MB
Available physical RAM: 5610.55 MB
Total Virtual: 16365.99 MB
Available Virtual: 13815.88 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920 GB) (Free:676.51 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.22 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 9A0D0322)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 1st, 2015, 2:35 pm

Did you complete Step 2?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 3:24 pm

Yes I did.
After I clicked apply, the settings went right back to what they were before. Was that supposed to happen? Then I restarted the computer and went to step 3.
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 1st, 2015, 5:19 pm

Hi fayfox,

Was that supposed to happen?
No.

Repeat Step 2, only first disable your Anti-Virus/Anti-SPyware program; ThreatTrack Security VIPRE.

So,

  1. Unplug your computer from the network via the "Ethernet" cable.
  2. Disable your Anti-Virus/Anti-SPyware program - ThreatTrack Security VIPRE.
  3. Open "MSCONFIG.EXE" by coping MSCONFIG.EXE and pasting in the Start Menu run bar and hitting enter.
  4. Under the "General" tab select "Normal startup".
  5. Click Apply then reboot your computer.
  6. Verify that your AV/SP program is active
  7. Plug the "Ethernet" cable back in.
  8. Run and post another set of FRST LOGs per instructions in Step 3.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 6:18 pm

Hey wbg,
Disabled viper, internet. Settings stayed on normal startup when I clicked apply this time. Rebooted and redid step 3.
FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by Admin (administrator) on FAY-PC (01-08-2015 18:08:46)
Running from C:\Users\Admin\Downloads
Loaded Profiles: fay & Admin (Available Profiles: fay & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\mantle.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [FixCleaner] => "C:\Program Files (x86)\FixCleaner\FixCleaner.exe" -boot
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [PhotoshopElements8SyncAgent] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe [1954456 2011-09-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-25] (Electronic Arts)
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [CCleaner Monitoring] => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-08-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-08-01]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2010-05-18]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-07-20]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\fay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GumNotes.lnk [2015-08-01]
ShortcutTarget: GumNotes.lnk -> C:\Program Files (x86)\GumNotes\GumNotes.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=chr-bfg&q={searchTerms}&ei=UTF-8
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80114&lng=en
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {EA9C6CE8-23A1-4609-AB9A-691BF3B7DA69} URL =
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {F97DE5D7-6EBB-414E-8187-A32D103525AD} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Toolbar: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2011-11-17] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-765319908-1524800839-1392544109-1003: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-11] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-11]
FF HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-19] (SurfRight B.V.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-25] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 04:11 - 2015-08-01 04:11 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-08-01 04:09 - 2015-08-01 04:09 - 00679936 _____ C:\Users\fay\Downloads\Detection(3).msi
2015-08-01 04:05 - 2015-08-01 04:06 - 00679936 _____ C:\Users\fay\Downloads\Detection(2).msi
2015-08-01 01:00 - 2015-08-01 01:00 - 00000000 _____ C:\Windows\system32\SBRC.dat
2015-07-30 22:28 - 2015-07-30 22:28 - 00001128 _____ C:\Users\Admin\Desktop\FRST64 - Shortcut.lnk
2015-07-30 17:27 - 2015-07-30 17:27 - 00002966 _____ C:\Windows\System32\Tasks\VIPRE Upgrade Task
2015-07-30 00:35 - 2015-07-30 00:35 - 00044998 _____ C:\Users\fay\Desktop\MTB.txt
2015-07-30 00:33 - 2015-07-30 00:33 - 00891392 _____ (Farbar) C:\Users\fay\Desktop\MiniToolBox.exe
2015-07-28 22:06 - 2015-08-01 03:01 - 00001308 _____ C:\Users\fay\Downloads\SystemLook.txt
2015-07-28 22:04 - 2015-07-28 22:04 - 00000773 _____ C:\Users\fay\Desktop\SystemLook_x64.exe - Shortcut.lnk
2015-07-28 22:02 - 2015-07-28 22:03 - 00165376 _____ C:\Users\fay\Downloads\SystemLook_x64.exe
2015-07-28 04:04 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 04:04 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 04:04 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 04:04 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 04:04 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-26 21:22 - 2015-07-26 21:22 - 00509440 _____ (Tech Support Guy System) C:\Users\fay\Desktop\SysInfo.exe
2015-07-26 17:05 - 2015-07-26 17:05 - 00947008 _____ C:\Windows\Minidump\072615-25724-01.dmp
2015-07-26 14:14 - 2015-07-26 14:14 - 00001378 _____ C:\Users\Admin\Desktop\eset2.txt
2015-07-26 08:53 - 2015-07-26 08:53 - 00001206 _____ C:\Users\fay\Desktop\adwcleaner_4.208.exe - Shortcut.lnk
2015-07-26 08:53 - 2015-07-26 08:53 - 00001083 _____ C:\Users\fay\Desktop\JRT.exe - Shortcut.lnk
2015-07-26 07:51 - 2015-07-30 05:34 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 03:03 - 2015-07-25 03:03 - 00001083 _____ C:\Users\fay\Desktop\OTL.exe - Shortcut.lnk
2015-07-25 00:21 - 2015-07-25 00:21 - 00090304 _____ C:\Users\fay\Downloads\Extras.Txt
2015-07-25 00:20 - 2015-07-25 00:20 - 00134184 _____ C:\Users\fay\Downloads\OTL.Txt
2015-07-25 00:08 - 2015-07-25 00:08 - 00602112 _____ (OldTimer Tools) C:\Users\fay\Downloads\OTL.exe
2015-07-24 17:35 - 2015-08-01 17:38 - 00000000 ___RD C:\Users\fay\iCloudDrive
2015-07-24 17:35 - 2015-07-24 17:35 - 00000000 ____D C:\Users\fay\AppData\Local\Apple Inc
2015-07-24 17:20 - 2015-07-24 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-07-21 21:22 - 2015-07-27 18:56 - 00000000 ____D C:\Users\fay\Documents\MalwareStuff
2015-07-21 04:45 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 04:45 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 04:45 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 04:45 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 04:45 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 04:45 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 04:45 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 04:45 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 04:45 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 04:45 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 20:17 - 2015-07-20 20:17 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-20 19:12 - 2015-07-20 19:12 - 00000008 __RSH C:\Users\Admin\ntuser.pol
2015-07-20 18:51 - 2015-07-30 22:20 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2015-07-20 18:46 - 2015-07-20 18:46 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FAY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-20 18:42 - 2015-07-20 18:42 - 00000000 ____D C:\RegBackup
2015-07-20 18:39 - 2015-07-20 18:39 - 01367040 _____ (Indigo Rose Corporation) C:\Users\Admin\Desktop\uninstall.exe
2015-07-20 18:39 - 2015-07-20 18:39 - 00325960 _____ C:\Users\Admin\Desktop\lua5.1.dll
2015-07-20 18:39 - 2015-07-20 18:39 - 00001510 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Admin\Desktop\Uninstall
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Admin\Desktop\files
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Admin\Desktop\color_presets
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-20 18:37 - 2015-07-20 18:37 - 04720448 _____ C:\Users\Admin\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-20 11:42 - 2015-07-20 11:43 - 05198336 _____ (AVAST Software) C:\Users\Admin\Downloads\aswMBR.exe
2015-07-20 11:37 - 2015-07-26 14:16 - 00000000 ____D C:\Users\Admin\Documents\MalwareRemoval
2015-07-20 11:31 - 2015-08-01 12:35 - 00062438 _____ C:\Users\Admin\Downloads\Addition.txt
2015-07-20 11:30 - 2015-08-01 18:09 - 00021198 _____ C:\Users\Admin\Downloads\FRST.txt
2015-07-20 11:29 - 2015-08-01 18:09 - 00000000 ____D C:\FRST
2015-07-20 11:26 - 2015-07-30 22:20 - 02168832 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-07-20 06:44 - 2015-07-20 06:43 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-20 06:43 - 2015-07-20 06:44 - 00000630 _____ C:\Windows\SecuniaPackage.log
2015-07-20 06:43 - 2015-07-20 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-20 06:43 - 2015-07-20 06:43 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-20 06:35 - 2015-07-20 06:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Secunia PSI
2015-07-20 06:34 - 2015-07-20 06:34 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-07-20 06:34 - 2015-07-20 06:34 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-07-20 06:31 - 2015-07-20 06:32 - 05490752 _____ (Secunia) C:\Users\fay\Downloads\PSISetup.exe
2015-07-19 17:04 - 2015-07-19 17:05 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Admin\Downloads\JRT.exe
2015-07-19 17:03 - 2015-07-19 17:04 - 02248704 _____ C:\Users\Admin\Downloads\adwcleaner_4.208.exe
2015-07-19 16:55 - 2015-07-19 16:55 - 00000000 ____D C:\Users\Admin\AppData\Local\GWX
2015-07-19 14:36 - 2015-07-19 14:56 - 00026929 _____ C:\Users\Admin\Desktop\attach.txt
2015-07-19 14:36 - 2015-07-19 14:54 - 00023071 _____ C:\Users\Admin\Desktop\dds.txt
2015-07-19 14:35 - 2015-07-19 14:35 - 00688992 ____R (Swearware) C:\Users\fay\Downloads\dds.scr
2015-07-19 10:26 - 2015-07-19 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-19 10:26 - 2015-07-19 11:24 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-19 10:26 - 2015-07-19 10:26 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-07-19 09:12 - 2015-07-19 09:12 - 00002377 _____ C:\Users\Admin\Downloads\JRT.txt
2015-07-19 09:10 - 2015-07-19 09:10 - 00002377 _____ C:\Users\Admin\Desktop\JRT.txt
2015-07-19 08:46 - 2015-07-19 10:40 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-19 08:45 - 2015-07-19 08:46 - 11032736 _____ (SurfRight B.V.) C:\Users\fay\Downloads\HitmanPro_x64.exe
2015-07-19 08:08 - 2015-07-19 08:08 - 01798288 _____ (Malwarebytes Corporation) C:\Users\fay\Downloads\JRT.exe
2015-07-18 14:12 - 2015-07-18 14:12 - 00127504 _____ C:\Users\fay\Documents\bookmarks_7_18_15.html
2015-07-18 13:45 - 2015-07-18 13:45 - 02248704 _____ C:\Users\fay\Downloads\adwcleaner_4.208 (1).exe
2015-07-18 13:37 - 2015-07-28 19:03 - 00000000 ____D C:\AdwCleaner
2015-07-18 13:36 - 2015-07-18 13:36 - 02248704 _____ C:\Users\fay\Downloads\adwcleaner_4.208.exe
2015-07-18 13:21 - 2015-07-18 13:21 - 04152184 _____ (Reason Software Company Inc.) C:\Users\fay\Downloads\setup-dlcm.exe
2015-07-18 13:21 - 2015-07-18 13:21 - 00000000 ____D C:\Program Files\Reason
2015-07-16 07:48 - 2015-07-16 07:48 - 00000000 ____D C:\Users\fay\AppData\Roaming\VisualShape
2015-07-15 12:04 - 2015-07-15 12:04 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-15 03:32 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 03:32 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 03:32 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 03:32 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 03:32 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 03:32 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 03:32 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 03:32 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 03:32 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 03:32 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 03:32 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 03:32 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 03:32 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 03:32 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 03:32 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 03:32 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 03:32 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 03:32 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 03:32 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 03:32 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 03:32 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 03:32 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 03:32 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 03:32 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 03:32 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 03:32 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 03:32 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 03:32 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 03:32 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 03:32 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 03:32 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 03:32 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 03:32 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 03:32 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 03:32 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 03:32 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 03:32 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 03:32 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 03:32 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 03:32 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 03:32 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 03:32 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 03:32 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 03:32 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 03:32 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 03:32 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 03:32 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 03:32 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 03:32 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 03:32 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 03:32 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 03:32 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 03:32 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 03:32 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 03:32 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 03:31 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 03:31 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 03:31 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 03:31 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 03:31 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 03:31 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 03:31 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 03:31 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 03:31 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 03:31 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 03:31 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 03:31 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 03:31 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 03:31 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 03:31 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 03:31 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 03:31 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 03:31 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 03:31 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 03:31 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 03:31 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 03:31 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 03:31 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 03:31 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 03:31 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 03:31 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 03:31 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 03:31 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 03:31 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 03:31 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 03:31 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 03:30 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 03:30 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 03:30 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 03:30 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 03:30 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 03:30 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 03:30 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 03:30 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 03:30 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 03:30 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 03:30 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 03:30 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 03:30 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 03:30 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 03:30 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 03:30 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 03:30 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 03:30 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 03:30 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 03:30 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 03:30 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 03:30 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 03:30 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-12 17:26 - 2015-07-12 17:26 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\bigfishgames_p238514316_s1_l1.exe
2015-07-12 17:26 - 2015-07-12 17:26 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\bigfishgames_p238514316_s1_l1 (1).exe
2015-07-12 15:35 - 2015-07-12 15:35 - 00002210 _____ C:\Users\Public\Desktop\Play Delicious - Emilys Childhood Memories.lnk
2015-07-12 15:33 - 2015-07-12 15:35 - 00000000 ____D C:\Program Files (x86)\Delicious - Emilys Childhood Memories
2015-07-12 15:33 - 2015-07-12 15:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Childhood Memories
2015-07-12 15:33 - 2015-07-12 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Childhood Memories
2015-07-12 14:50 - 2015-07-12 14:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VisualShape
2015-07-12 14:50 - 2015-07-12 14:50 - 00000000 ____D C:\ProgramData\VisualShape
2015-07-12 13:50 - 2015-07-12 15:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GameHouse
2015-07-12 13:49 - 2015-07-12 13:49 - 00001937 _____ C:\Users\Public\Desktop\Play Farm to Fork.lnk
2015-07-12 13:48 - 2015-07-12 13:49 - 00000000 ____D C:\Program Files (x86)\Farm to Fork
2015-07-12 13:48 - 2015-07-12 13:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm to Fork
2015-07-12 13:48 - 2015-07-12 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm to Fork
2015-07-11 20:07 - 2015-07-11 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-11 20:07 - 2015-07-11 20:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-11 10:53 - 2015-07-11 10:53 - 00237568 _____ (Big Fish Games) C:\Users\Admin\Downloads\easter-eggztravaganza-2_s1_l1_gF7597T1L1_d2488663256.exe
2015-07-11 10:46 - 2015-07-11 10:46 - 00237568 _____ (Big Fish Games) C:\Users\fay\Downloads\easter-eggztravaganza-2_s1_l1_gF7597T1L1_d2488661125.exe
2015-07-10 09:39 - 2015-08-01 05:45 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 18:09 - 2013-04-18 03:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-01 17:46 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-01 17:46 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-01 17:41 - 2010-05-19 13:13 - 01784127 _____ C:\Windows\WindowsUpdate.log
2015-08-01 17:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-01 17:37 - 2009-07-14 00:51 - 00053501 _____ C:\Windows\setupact.log
2015-08-01 17:36 - 2011-11-26 12:22 - 00000000 ____D C:\Windows\pss
2015-08-01 05:58 - 2010-05-18 21:14 - 00000000 ____D C:\Windows\Panther
2015-08-01 03:41 - 2010-11-26 09:48 - 00000000 ____D C:\Users\fay\Documents\Account Info
2015-07-31 16:56 - 2010-05-19 13:12 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-07-30 22:48 - 2013-08-03 11:54 - 00000000 ___HD C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
2015-07-30 22:38 - 2010-06-10 06:13 - 00538580 _____ C:\Windows\PFRO.log
2015-07-28 20:18 - 2014-05-06 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-26 17:05 - 2011-04-18 01:52 - 966412425 _____ C:\Windows\MEMORY.DMP
2015-07-26 17:05 - 2011-04-18 01:52 - 00000000 ____D C:\Windows\Minidump
2015-07-26 09:03 - 2010-05-18 20:56 - 00000000 ____D C:\ProgramData\Temp
2015-07-26 08:58 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-26 08:55 - 2012-07-07 10:14 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-25 07:57 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 18:05 - 2012-10-31 18:01 - 00000000 ____D C:\Users\fay\AppData\Roaming\Apple Computer
2015-07-24 18:02 - 2014-02-02 08:21 - 00000000 ____D C:\Users\fay\AppData\Local\Apple Computer
2015-07-24 17:35 - 2010-09-08 11:58 - 00000000 ____D C:\Users\fay
2015-07-24 17:20 - 2013-04-05 08:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-23 07:04 - 2012-06-19 17:22 - 00000000 ____D C:\Users\Admin
2015-07-22 04:00 - 2009-07-14 00:45 - 00343664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 17:52 - 2014-11-22 16:47 - 00000276 __RSH C:\Users\fay\ntuser.pol
2015-07-20 20:44 - 2014-01-31 02:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VIPRE
2015-07-20 18:51 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-20 18:46 - 2012-05-17 22:51 - 00000796 _____ C:\Users\Admin\Desktop\Settings.ini
2015-07-20 09:59 - 2011-11-01 12:40 - 00000000 ____D C:\Users\fay\Documents\Computer Tools
2015-07-20 06:43 - 2014-07-28 05:28 - 00000000 ____D C:\ProgramData\Oracle
2015-07-19 18:00 - 2015-01-08 07:46 - 00000000 ____D C:\Users\Admin\Documents\Account Info
2015-07-19 16:55 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-19 12:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2015-07-19 11:24 - 2014-01-31 02:40 - 00000000 ____D C:\Program Files (x86)\VIPRE
2015-07-19 11:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 11:23 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-19 11:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-18 14:25 - 2015-01-10 06:06 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-18 14:24 - 2015-01-10 06:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2015-07-18 14:24 - 2014-11-30 21:43 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-07-18 14:24 - 2014-05-23 19:37 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
2015-07-18 14:24 - 2014-05-23 19:37 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
2015-07-18 08:23 - 2010-05-18 20:38 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-18 08:07 - 2010-09-08 12:00 - 00000000 ____D C:\Users\fay\AppData\Local\Hewlett-Packard
2015-07-16 19:03 - 2013-08-04 06:16 - 00000000 ____D C:\BigFishCache
2015-07-16 06:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 04:05 - 2014-04-09 03:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-16 04:05 - 2012-04-27 06:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-16 04:05 - 2011-12-05 04:16 - 00001698 _____ C:\Windows\SysWOW64\CountScans.XML
2015-07-16 04:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 04:01 - 2015-04-15 03:33 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 05:09 - 2013-04-18 03:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 05:09 - 2012-06-02 10:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 05:09 - 2011-05-25 05:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 03:03 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-12 15:38 - 2010-11-24 05:38 - 00000000 ____D C:\Users\fay\Documents\Recipes
2015-07-12 15:16 - 2015-05-26 08:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Western Software Technologies
2015-07-11 20:07 - 2012-11-15 02:12 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-11 20:07 - 2012-10-30 22:19 - 00000000 ____D C:\Windows\Patches
2015-07-11 20:06 - 2014-04-09 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 20:06 - 2012-06-15 19:51 - 00001032 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 20:06 - 2011-05-01 08:36 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-11 20:06 - 2010-09-11 07:06 - 00001077 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-11 20:05 - 2015-01-14 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-11 10:57 - 2012-12-02 21:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Elephant Games
2015-07-05 01:00 - 2010-09-10 06:46 - 00003170 _____ C:\Windows\System32\Tasks\HPCeeScheduleForfay
2015-07-05 01:00 - 2010-09-10 06:46 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForfay.job

==================== Files in the root of some directories =======

2014-03-23 11:45 - 2014-03-23 11:47 - 0000011 _____ () C:\Users\Admin\AppData\Roaming\log.txt
2013-06-16 12:27 - 2013-06-16 12:27 - 0000037 ___SH () C:\Users\Admin\AppData\Local\70149b02515b3bb20dd492.47983420
2010-09-11 01:14 - 2010-09-11 01:45 - 0003897 _____ () C:\ProgramData\doicrane_save.log
2012-03-11 11:34 - 2012-03-11 12:28 - 0001464 _____ () C:\ProgramData\hpzinstall.log
2014-04-13 21:23 - 2014-04-13 22:23 - 0000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2010-09-24 03:13 - 2010-09-24 03:13 - 0000059 _____ () C:\ProgramData\user.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 00:22

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 6:19 pm

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Admin (2015-08-01 18:10:05)
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-765319908-1524800839-1392544109-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-765319908-1524800839-1392544109-500 - Administrator - Disabled)
fay (S-1-5-21-765319908-1524800839-1392544109-1000 - Limited - Enabled) => C:\Users\fay
Guest (S-1-5-21-765319908-1524800839-1392544109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-765319908-1524800839-1392544109-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art of Murder: Cards of Destiny (HKLM-x32\...\BFG-Art of Murder - Cards of Destiny) (Version: - )
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brain Training for Dummies (HKLM-x32\...\BFG-Brain Training for Dummies) (Version: - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BVS Solitaire Collection (HKLM-x32\...\BFG-BVS Solitaire Collection) (Version: - )
calibre (HKLM-x32\...\{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}) (Version: 0.8.54 - Kovid Goyal)
Casebook (HKLM-x32\...\BFG-Casebook) (Version: - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - ATI) Hidden
City of Fools (HKLM-x32\...\BFG-City of Fools) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Delicious: Emily's Childhood Memories (HKLM-x32\...\BFG-Delicious - Emilys Childhood Memories) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dragon Keeper (HKLM-x32\...\BFG-Dragon Keeper) (Version: - )
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Fantasy Mosaics 4: Art of Color50 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2015 12:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0xc0000005
Fault offset: 0x00049b14
Faulting process id: 0xbc4
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (08/01/2015 04:08:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: fay-PC)
Description: Product: System Requirements Lab Detection -- A later version of System Requirements Lab Detection is already installed. Setup will now exit.

Error: (08/01/2015 03:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0x40000015
Fault offset: 0x00093534
Faulting process id: 0x860
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (08/01/2015 03:25:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 155c

Start Time: 01d0cc27d847159f

Termination Time: 16

Application Path: C:\WINDOWS\notepad.exe

Report Id: 4701bb8d-381e-11e5-926e-18a905b8e4ce

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/01/2015 06:02:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 06:02:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 06:02:36 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/01/2015 05:43:42 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 05:43:42 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 05:43:42 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/01/2015 12:31:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (08/01/2015 12:26:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:26:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:26:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.


Microsoft Office:
=========================
Error: (08/01/2015 12:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c000000500049b14bc401d0cc76c34970c5C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeb3f38a64-386a-11e5-8112-18a905b8e4ce

Error: (08/01/2015 04:08:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: fay-PC)
Description: Product: System Requirements Lab Detection -- A later version of System Requirements Lab Detection is already installed. Setup will now exit.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2015 03:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353486001d0cc2c96c9f89cC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeaf7a4ca4-3820-11e5-8a3f-18a905b8e4ce

Error: (08/01/2015 03:25:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notepad.exe6.1.7600.16385155c01d0cc27d847159f16C:\WINDOWS\notepad.exe4701bb8d-381e-11e5-926e-18a905b8e4ce

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 25%
Total physical RAM: 8183.89 MB
Available physical RAM: 6065.97 MB
Total Virtual: 16365.99 MB
Available Virtual: 14443.91 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920 GB) (Free:676.51 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.22 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 9A0D0322)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 1st, 2015, 7:39 pm

Repost the Addtion.txt log
It is missing pieces.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 7:48 pm

I closed Addition.txt, then reopened. I copied by clicking on Edit-Select All-Edit-Copy. right clicked in subject window - paste.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Admin (2015-08-01 18:10:05)
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-765319908-1524800839-1392544109-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-765319908-1524800839-1392544109-500 - Administrator - Disabled)
fay (S-1-5-21-765319908-1524800839-1392544109-1000 - Limited - Enabled) => C:\Users\fay
Guest (S-1-5-21-765319908-1524800839-1392544109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-765319908-1524800839-1392544109-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art of Murder: Cards of Destiny (HKLM-x32\...\BFG-Art of Murder - Cards of Destiny) (Version: - )
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brain Training for Dummies (HKLM-x32\...\BFG-Brain Training for Dummies) (Version: - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BVS Solitaire Collection (HKLM-x32\...\BFG-BVS Solitaire Collection) (Version: - )
calibre (HKLM-x32\...\{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}) (Version: 0.8.54 - Kovid Goyal)
Casebook (HKLM-x32\...\BFG-Casebook) (Version: - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - ATI) Hidden
City of Fools (HKLM-x32\...\BFG-City of Fools) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Delicious: Emily's Childhood Memories (HKLM-x32\...\BFG-Delicious - Emilys Childhood Memories) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dragon Keeper (HKLM-x32\...\BFG-Dragon Keeper) (Version: - )
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Ma- System32\Tasks\{E0D9E4DB-64FC-4EBB-B5C6-489B3D6051A9} => pcalua.exe -a C:\Users\fay\Downloads\hidden-in-time-mirror-mirror_s1_l1_gF2875T1L1_d1400479493.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {46BF2FA4-A53C-46F5-9084-55067D3BFC26} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {4971A075-89B3-4CEF-9EC3-0F822EBEC7F2} - System32\Tasks\{A5F0B333-A364-4323-8BB1-7743EA5367D8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p116509884_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5013628E-4713-44A9-B6DB-CEF460CF633E} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {51226FB1-7086-4454-9252-6C474862FC53} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5518233C-C902-45BF-B482-6E62A8591552} - System32\Tasks\hpUtility.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\utils\hpUtility.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5AA3364F-C0CA-41DC-9515-36B221C87625} - System32\Tasks\{5E4DB0BD-12E7-4775-A91F-83D0743BA7A3} => pcalua.exe -a C:\Users\fay\Downloads\vampire-saga-welcome-to-hell-lock_s1_l1_gF6323T1L1_d1409609995.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5F88543B-EF07-4A89-852E-5B5DD44E9300} - System32\Tasks\{0BCC4E6D-7F8C-4981-AF70-C05CC4446B0B} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p113648313_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {60D25ED5-D881-4185-96BB-1ACEBC0CA784} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {6118F1B6-F630-4267-99AB-A094F947FC39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {6AF902CC-C709-4BFA-9F36-6DDD30E0BA6B} - System32\Tasks\{802F3528-2C30-4C3D-8C7B-61A2DD772380} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {7159177C-AFBF-4B9A-BDF8-F7C1031E51DB} - System32\Tasks\{C06BD782-1773-4F54-B72B-1DB68D94796F} => pcalua.exe -a C:\Users\fay\Downloads\AmazonMP3Installer(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {77AD753E-021D-4544-A72B-02A630F6E4FC} - System32\Tasks\AdobeAAMUpdater-1.0-fay-PC-fay => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {83492967-2AD2-49A2-9C5F-8F8C881A979B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {89E2A58F-EA47-4C56-B622-79929F6C3DDC} - System32\Tasks\{06D86160-58EE-41A5-B52C-04A46A9D6A4F} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {914371EC-C6FB-4BAD-82A1-14BD43CCC787} - System32\Tasks\{5BA80D19-F4C7-4C8B-B234-8B304F355546} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-realm_s1_l1_gF6706T1L1_d1405491713.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {920FF7C6-18A8-4A3A-A80B-ABC07F799B8D} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe [2015-07-30] (ThreatTrack Security Inc.)
Task: {98E9A0CC-5988-44F1-840B-B67B3BD62DC2} - System32\Tasks\HPCeeScheduleForfay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9DF3876E-65A1-445C-AE38-791E5852E9F5} - System32\Tasks\{B3F215A0-F039-4151-B68D-4F363733DE58} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115300164_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {9E6A56B8-718E-4348-B19A-66FE156712EA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {9F0159D1-FAB2-484D-B9E8-43425D049419} - System32\Tasks\{8E7C215D-2D1B-468B-BEAE-F8A5A8C1D283} => pcalua.exe -a C:\Users\fay\Downloads\millennium-secrets-roxannes-necklace_s1_l1_gF6717T1L1_d1406542766.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A0B47B41-ACD5-4F4D-9586-CE2EC7F62CA9} - System32\Tasks\{DAA93FDF-CCC9-4D15-AE86-62EDBBB30ACA} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p51110979_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A23682F2-A635-454F-9623-7F5C1C2CA1F9} - System32\Tasks\{2F539F0C-9984-41E1-877C-9D661BDCB7C2} => pcalua.exe -a C:\Users\fay\Downloads\awakening-the-goblin-kingdom_s1_l1_gF6755T1L1_d1503674067.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A3EC34E4-7E3A-4500-BE3A-28B7424EE626} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4635ABE-5A8E-47DB-A2B6-DD5DEFCB1A43} - System32\Tasks\{8DE967A1-00F6-4FAB-9162-BFDC44C65B99} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A82ABBA2-D46B-437B-9420-E37A19C3B15E} - System32\Tasks\{9DDD666C-4CCB-422C-AB36-58BEA293F1C9} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {AF1FE2BF-AAC2-40F4-8979-DAAA6F74B787} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B3122CC9-8D85-4E42-A60F-CD39AA114ED2} - System32\Tasks\{75E8AF22-6F83-40EF-B51E-694BD2BA1416} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p57039746_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BF10AD13-07D6-49FC-BA1A-748E36656D3D} - System32\Tasks\{3F7AC69A-CC6E-499A-9DF1-A8FB47F36D91} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {C1651896-AFBF-4428-AED5-A0A53038F5FE} - System32\Tasks\{CD20E675-475E-430D-A999-006AF7789AB0} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C4ECBDAD-60AD-4270-A195-07CFA543BA78} - System32\Tasks\{B765C452-2DD4-445C-B510-345FDB0428E3} => pcalua.exe -a C:\Users\fay\Downloads\paranormal-crime-brohood-crescent-snake-ce_s1_l1_gF6692T1L1_d1405578465.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CBF4DDE4-C6CE-4D0B-8F1D-6CB3197E57D9} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D1DD3460-E00C-4249-B638-BF9E85103837} - System32\Tasks\{D7EEFE36-135B-4C36-A4F4-B9AA4AF6A069} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV9PJ45W\bigfishgames_p113088645_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {D32D5A06-51A3-43E7-9D44-8E5F07273084} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {D34DF0F6-A5D9-4A50-A3E6-2F587FA15D20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E0FE40B2-E5EC-4991-9B1C-753E20A68281} - System32\Tasks\{50742193-4A2D-4B16-9B69-E724CC291934} => pcalua.exe -a C:\Users\fay\Downloads\grim-facade-mystery-of-venice_s1_l1_gF6711T1L1_d1400481364.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {E4A4C26E-CAAF-494E-AC05-CE16BCDDA3C7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E83628D6-CB42-4AE7-ABE1-70D002C3DD36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EAA96CAF-B2E4-4F6C-89D1-CDBD073223CD} - System32\Tasks\{2380937D-C008-4C71-A71A-D1ED317D88C2} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-adventures-the-witchs-prison_s1_l1_gF5962T1L1_d1409957749.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EB8DA958-E5FA-4E0B-8BF0-70C46F160A76} - System32\Tasks\{D3C8B2D6-638E-4694-B1C4-423659F5BBD8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115954290_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EC803519-5E73-4709-8CC1-08DA90B39C66} - System32\Tasks\{C93684CC-5C22-41F9-87E4-F5695A3C6FB7} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115215773_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {ED9359A4-C105-43F4-B1CA-4FF144F3EA27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {EE1231F4-9AFF-485E-8D04-F93DA4A1C7FD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {EF35A44F-A33A-4AC7-908A-DDD35C9BBA44} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForfay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (Whitelisted) ==============

2006-12-22 08:31 - 2006-12-22 08:31 - 00108712 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2009-09-19 17:38 - 2009-09-19 17:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2009-09-14 19:17 - 2009-09-14 19:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-09-07 16:54 - 2009-09-07 16:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2011-09-01 03:22 - 2011-09-01 03:22 - 03040920 _____ () C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtCore4.dll
2011-09-01 03:22 - 2011-09-01 03:22 - 10729624 _____ () C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtGui4.dll
2011-09-01 03:27 - 2011-09-01 03:27 - 00286360 _____ () C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtPlugins\imageformats\qjpeg4.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2010-09-08 12:08 - 2009-06-03 15:34 - 03764224 _____ () C:\Users\fay\AppData\Roaming\PictureMover\Bin\Core.dll
2010-09-08 12:08 - 2009-06-03 15:43 - 01703936 _____ () C:\Users\fay\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7698 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\fay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99E6F953-AF6C-444B-A65D-C6F4A50E21C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7C97B664-D242-4181-A388-913141AF54AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{36EDF6B6-41D1-4CDB-9994-519D9EA3056F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{6EAC32C1-81B5-4431-A19A-00FBCE45E624}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{579DEC31-559F-4FB2-B15B-924B666C09B8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{85B3CEC1-CE56-481B-961F-CD273B0E1CDB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{2D66649C-4C7D-4CFA-B160-4D21FFEE3316}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{E4371197-ABE3-450A-88F3-C741F6E55C2B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{79CD9701-1A28-4A13-8A22-2EDEEA8A003E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9870FEB0-DD8F-4DC6-83F9-FA8EE2E750D4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E4684629-C62D-4DBE-B5FE-E210D7B36643}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{035BC04F-B1F5-473C-A280-6B01D9C1AF34}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{9D3466EF-979F-4E41-BC3E-EFC37AD1281D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6078D94B-EDAF-4C09-BC12-11EBFB8C02A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{173CBDE3-28A9-46AA-9BA3-FF1720549C84}] => (Allow) svchost.exe
FirewallRules: [{43020B60-9C84-40E6-81A3-0E9DD73DFFE7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF4B8492-E491-4BDF-8B3D-0E7AE983C494}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{5BB7594C-D04C-4328-A3AB-E150371ED1E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{2C04A3F2-9BE3-454E-992D-7DA3735C8C10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{6D6B67FC-836E-4BF1-9656-2512E962FCB2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1750E239-2D6A-40DD-931D-73CA56735FFE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1D1C0E76-F5FF-4A7C-B239-A1027F145D18}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{8D5E0BB2-3EBB-4560-999F-19F7B7508B1F}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{15A32B58-A895-4578-AE12-50EE9252532E}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{88832019-E77A-45E9-B201-22E5068B4C91}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{EA5323CF-2458-4260-A84D-DBE11596C6B8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{49EE1AA9-2567-4821-BCF6-A9468C7228DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1532522F-00B2-4DBB-B023-8D2A0B8FC613}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{025D0AF4-7AF7-4E90-BD64-1F1EE27900AF}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{9987C6E0-A590-40BF-ABD9-B9F4F7F7B889}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{42EF4C04-54CD-495B-B9E4-2815D67A049D}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS0A92\OJJ4600_Full_14\setup\hpznui40.exe
FirewallRules: [{BFDA91D3-88E7-45EA-90E1-FA5F41986CDC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D0EDD75-5231-47A6-A06D-6081CAA2DA0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84C55885-7A9C-41B7-8B16-511727A73E5F}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{4440D0C0-4914-4868-8ECB-792E7442120D}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{62FA2E9D-BAC8-491B-8E02-C47CB713A9C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71EDB5D0-F8DD-4AD8-8B8A-72483AD4EA6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4DE330C-6B57-4531-A6D3-23FD60ECACF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7416686F-D355-4EEF-94DE-E3A7A13EB54B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3A5E8D1-B3C2-4B29-A473-7506A40FF677}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{89592540-A7CC-432C-A333-8DAB4225C347}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD7840D7-2E17-413E-8067-FE73F3083648}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{049A999E-E5A1-40A2-A2DC-7A5BA3C67986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{DB94FF00-2CFD-4E4E-8760-8E1036EFB335}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B1295AD0-642C-4D68-8AD2-8CA6674E06FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B46A62AF-7CAA-4ABA-8C46-9712C411CFE7}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{D10EEF1C-2A4D-42AB-AF40-C66C11EF9367}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{3DD6F610-673C-49E8-9211-667B47F9472F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E534FC5B-C239-477A-9018-35B481E5980C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2BE0B955-D12A-40BB-93F5-576C0F777925}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{80E6C622-56C6-4AE1-ADBA-7ED44809A06C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{60AB0DC1-0727-46EC-9787-F363B64A29CD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4ADFE367-4641-440F-AAE1-4868453B3087}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54DFA08B-7442-4223-B74B-07481EDA2D40}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{37A57A9F-FBC5-457A-AD4C-6BC68D33C678}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9518A4F6-BA04-4A21-973D-C0721B054C4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{93B6E022-D6A4-43B6-A61F-40A2538E23D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{920DC97B-888A-4D7B-B30E-89AC9F5550CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{9F125263-5747-4826-A23B-704C51EBF05E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{A521F3C3-6E82-44F3-991C-6776296F08F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{1B9157CA-1256-4EE0-84A4-126EE3337886}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{C6537D7C-07D7-4204-B47A-8DCD4843882C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{764B26BD-C24E-4D5B-8865-8E068C8EE30D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5427480D-7E5A-4876-86AD-F3243C79F4A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BE4254B-E08D-4743-B391-24E81F1669BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC207AEF-AB44-49C3-B87A-7C97D7725578}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2015 12:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0xc0000005
Fault offset: 0x00049b14
Faulting process id: 0xbc4
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (08/01/2015 04:08:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: fay-PC)
Description: Product: System Requirements Lab Detection -- A later version of System Requirements Lab Detection is already installed. Setup will now exit.

Error: (08/01/2015 03:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0x40000015
Fault offset: 0x00093534
Faulting process id: 0x860
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (08/01/2015 03:25:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 155c

Start Time: 01d0cc27d847159f

Termination Time: 16

Application Path: C:\WINDOWS\notepad.exe

Report Id: 4701bb8d-381e-11e5-926e-18a905b8e4ce

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/01/2015 06:02:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 06:02:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 06:02:36 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/01/2015 05:43:42 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 05:43:42 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 05:43:42 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/01/2015 12:31:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (08/01/2015 12:26:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:26:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:26:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.


Microsoft Office:
=========================
Error: (08/01/2015 12:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c000000500049b14bc401d0cc76c34970c5C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeb3f38a64-386a-11e5-8112-18a905b8e4ce

Error: (08/01/2015 04:08:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: fay-PC)
Description: Product: System Requirements Lab Detection -- A later version of System Requirements Lab Detection is already installed. Setup will now exit.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2015 03:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353486001d0cc2c96c9f89cC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeaf7a4ca4-3820-11e5-8a3f-18a905b8e4ce

Error: (08/01/2015 03:25:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notepad.exe6.1.7600.16385155c01d0cc27d847159f16C:\WINDOWS\notepad.exe4701bb8d-381e-11e5-926e-18a905b8e4ce

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 25%
Total physical RAM: 8183.89 MB
Available physical RAM: 6065.97 MB
Total Virtual: 16365.99 MB
Available Virtual: 14443.91 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920 GB) (Free:676.51 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.22 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 9A0D0322)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware