Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Proxy override...malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Proxy override...malware?

Unread postby wannabeageek » August 1st, 2015, 8:09 pm

You are still not getting a complete copy. Try again.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 8:14 pm

Do you want me to scan again?
Here is another copy following same steps. I don't know what I'm doing wrong.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Admin (2015-08-01 18:10:05)
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-765319908-1524800839-1392544109-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-765319908-1524800839-1392544109-500 - Administrator - Disabled)
fay (S-1-5-21-765319908-1524800839-1392544109-1000 - Limited - Enabled) => C:\Users\fay
Guest (S-1-5-21-765319908-1524800839-1392544109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-765319908-1524800839-1392544109-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art of Murder: Cards of Destiny (HKLM-x32\...\BFG-Art of Murder - Cards of Destiny) (Version: - )
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brain Training for Dummies (HKLM-x32\...\BFG-Brain Training for Dummies) (Version: - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BVS Solitaire Collection (HKLM-x32\...\BFG-BVS Solitaire Collection) (Version: - )
calibre (HKLM-x32\...\{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}) (Version: 0.8.54 - Kovid Goyal)
Casebook (HKLM-x32\...\BFG-Casebook) (Version: - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - ATI) Hidden
City of Fools (HKLM-x32\...\BFG-City of Fools) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Delicious: Emily's Childhood Memories (HKLM-x32\...\BFG-Delicious - Emilys Childhood Memories) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dragon Keeper (HKLM-x32\...\BFG-Dragon Keeper) (Version: - )
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Fantasy Mosaics 4: Art of Color (HKLM-x32\...\BFG-Fantasy Mosaics 4 - Art of Color) (Version: - )
Fantasy Mosaics 5 (HKLM-x32\...\BFG-Fantasy Mosaics 5) (Version: - )
Fantasy Mosaics 6: Into the Unknown (HKLM-x32\...\BFG-Fantasy Mosaics 6 - Into the Unknown) (Version: - )
Fantasy Mosaics 7: Our Home (HKLM-x32\...\BFG-Fantasy Mosaics 7 - Our Home) (Version: - )
Farm to Fork (HKLM-x32\...\BFG-Farm to Fork) (Version: - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Garden Rescue (HKLM-x32\...\BFG-Garden Rescue) (Version: - )
Garden Rescue: Christmas Edition (HKLM-x32\...\BFG-Garden Rescue - Christmas Edition) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Grimm's Hatchery (HKLM-x32\...\BFG-Grimm's Hatchery) (Version: - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Holiday Jigsaw Valentine's Day (HKLM-x32\...\BFG-Holiday Jigsaw Valentines Day) (Version: - )
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP OfficeJet J4600 All-In-One Series (HKLM\...\{4945F319-A24D-454C-A411-F3689987315D}) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-765319908-1524800839-1392544109-1000\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-765319908-1524800839-1392544109-1003\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
HydraVision (x32 Version: 4.2.128.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jigsaw World Tour (HKLM-x32\...\BFG-Jigsaw World Tour) (Version: - )
Jigsaws Galore (HKLM-x32\...\BFG-Jigsaws Galore) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Mah-Jomino (HKLM-x32\...\BFG-Mah-Jomino) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mosaics Galore (HKLM-x32\...\BFG-Mosaics Galore) (Version: - )
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mr. Puzzle (HKLM-x32\...\BFG-Mr. Puzzle) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Kingdom for the Princess II (HKLM-x32\...\BFG-My Kingdom for the Princess II) (Version: - )
My Kingdom for the Princess III (HKLM-x32\...\BFG-My Kingdom for the Princess III) (Version: - )
Mystery Riddles (HKLM-x32\...\BFG-Mystery Riddles) (Version: - )
Nancy Drew - Curse of Blackmoor Manor (HKLM-x32\...\BFG-Nancy Drew - Curse of Blackmoor Manor) (Version: - )
Nancy Drew - Last Train to Blue Moon Canyon (HKLM-x32\...\BFG-Nancy Drew - Last Train to Blue Moon Canyon) (Version: - )
Nancy Drew - Secret Of The Old Clock (HKLM-x32\...\BFG-Nancy Drew - Secret Of The Old Clock) (Version: - )
Nancy Drew: Alibi in Ashes (HKLM-x32\...\BFG-Nancy Drew - Alibi in Ashes) (Version: - )
Nancy Drew: Ghost Dogs of Moon Lake (HKLM-x32\...\BFG-Nancy Drew - Ghost Dogs of Moon Lake) (Version: - )
Nancy Drew: Message in a Haunted Mansion (HKLM-x32\...\BFG-Nancy Drew - Message in a Haunted Mansion) (Version: - )
Nancy Drew: Secret of Shadow Ranch (HKLM-x32\...\BFG-Nancy Drew - Secret of Shadow Ranch) (Version: - )
Nancy Drew: Secret of the Scarlet Hand (HKLM-x32\...\BFG-Nancy Drew - Secret of the Scarlet Hand) (Version: - )
Nancy Drew: Shadow at the Water's Edge (HKLM-x32\...\BFG-Nancy Drew - Shadow at the Water's Edge) (Version: - )
Nancy Drew: The Captive Curse (HKLM-x32\...\BFG-Nancy Drew - The Captive Curse) (Version: - )
Nancy Drew: The Deadly Device (HKLM-x32\...\BFG-Nancy Drew - The Deadly Device) (Version: - )
Nancy Drew: The Final Scene (HKLM-x32\...\BFG-Nancy Drew - The Final Scene) (Version: - )
Nancy Drew: The Haunted Carousel (HKLM-x32\...\BFG-Nancy Drew - The Haunted Carousel) (Version: - )
Nancy Drew: The Silent Spy (HKLM-x32\...\BFG-Nancy Drew - The Silent Spy) (Version: - )
Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\BFG-Nancy Drew - Tomb of the Lost Queen) (Version: - )
Nancy Drew: Treasure in the Royal Tower (HKLM-x32\...\BFG-Nancy Drew - Treasure in the Royal Tower) (Version: - )
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Royal Jigsaw 2 (HKLM-x32\...\BFG-Royal Jigsaw 2) (Version: - )
Royal Jigsaw 3 (HKLM-x32\...\BFG-Royal Jigsaw 3) (Version: - )
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sudoku Latin Squares (HKLM-x32\...\BFG-Sudoku Latin Squares) (Version: - )
System Requirements Lab Detection (HKLM-x32\...\{B86FEEC7-510F-45C2-A681-E355E4CF8898}) (Version: 6.1.6.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toy Defense 3 - Fantasy (HKLM-x32\...\BFG-Toy Defense 3 - Fantasy) (Version: - )
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Who Am I (HKLM-x32\...\BFG-Who Am I) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-07-2015 20:15:48 Windows Update
01-08-2015 03:48:26 Windows Update
01-08-2015 04:09:58 Installed System Requirements Lab Detection

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2011-11-04 08:47 - 00438159 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D631F9-6DCA-432C-A9C7-D407692F7D1C} - System32\Tasks\{179D2D17-B958-4B7C-8F8B-A6CBCFAE6F11} => pcalua.exe -a C:\Users\fay\Downloads\secrets-of-the-dark-temple-of-night_s1_l1_gF6256T1L1_d1406545218.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {0535DFE5-701A-471E-8BA1-E2CF3ABEB379} - System32\Tasks\{A676903C-C45B-43DD-B071-656C0D92EFA0} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {0A67F522-8CD5-4DD3-A529-ED518D1FC895} - System32\Tasks\{C84D2EF9-E08E-44A9-A7B6-2E86464BBC94} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p121211816_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {14DC0128-5252-4899-AC7E-A123E79E9408} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {1E13B6B2-2D0F-4DA0-AE7E-DE52AD8B92BE} - System32\Tasks\{79685DBF-5F4C-4AEA-AFB7-C1ED2DB41E0C} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O2CSLK4\bigfishgames_p112925717_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {1E90514A-EB91-4968-94D8-E553B637C41A} - System32\Tasks\{ED30F6FA-38B3-4725-BA43-1EF26CA831C6} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115435087_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {200F5A5A-A50D-4AAA-9A29-E523B1538E61} - System32\Tasks\{90D193A4-E211-4A06-9DD9-727E49FBC3A4} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTTLWFO\bigfishgames_p121269908_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {201A1A3B-E447-4504-A8C7-8CE574A9CA48} - System32\Tasks\{AA44B4F2-DAE0-4AE8-8E5E-6EC68617D43C} => pcalua.exe -a C:\Users\fay\Downloads\mystic-gateways-the-celestial-quest_s1_l1_gF5955T1L1_d1406544644.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2662C3F7-4CCD-4DED-B987-E3D19BFAB4D2} - System32\Tasks\{6B8A9F89-3147-423A-8493-B73FF25620FC} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2F56CE89-336A-4302-900F-2944F51C5873} - System32\Tasks\{A1BD3732-1EA9-4A93-B02C-2CC6B40F324E} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {331D389E-E7AB-49DA-A475-08244BCE78AF} - System32\Tasks\{8828DAD1-AD23-4932-9305-64F24BEAA215} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {3921128F-4866-4DB6-8D98-B108FB61D69D} - System32\Tasks\{E0D9E4DB-64FC-4EBB-B5C6-489B3D6051A9} => pcalua.exe -a C:\Users\fay\Downloads\hidden-in-time-mirror-mirror_s1_l1_gF2875T1L1_d1400479493.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {46BF2FA4-A53C-46F5-9084-55067D3BFC26} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {4971A075-89B3-4CEF-9EC3-0F822EBEC7F2} - System32\Tasks\{A5F0B333-A364-4323-8BB1-7743EA5367D8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p116509884_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5013628E-4713-44A9-B6DB-CEF460CF633E} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {51226FB1-7086-4454-9252-6C474862FC53} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5518233C-C902-45BF-B482-6E62A8591552} - System32\Tasks\hpUtility.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\utils\hpUtility.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5AA3364F-C0CA-41DC-9515-36B221C87625} - System32\Tasks\{5E4DB0BD-12E7-4775-A91F-83D0743BA7A3} => pcalua.exe -a C:\Users\fay\Downloads\vampire-saga-welcome-to-hell-lock_s1_l1_gF6323T1L1_d1409609995.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5F88543B-EF07-4A89-852E-5B5DD44E9300} - System32\Tasks\{0BCC4E6D-7F8C-4981-AF70-C05CC4446B0B} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p113648313_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {60D25ED5-D881-4185-96BB-1ACEBC0CA784} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {6118F1B6-F630-4267-99AB-A094F947FC39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {6AF902CC-C709-4BFA-9F36-6DDD30E0BA6B} - System32\Tasks\{802F3528-2C30-4C3D-8C7B-61A2DD772380} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {7159177C-AFBF-4B9A-BDF8-F7C1031E51DB} - System32\Tasks\{C06BD782-1773-4F54-B72B-1DB68D94796F} => pcalua.exe -a C:\Users\fay\Downloads\AmazonMP3Installer(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {77AD753E-021D-4544-A72B-02A630F6E4FC} - System32\Tasks\AdobeAAMUpdater-1.0-fay-PC-fay => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {83492967-2AD2-49A2-9C5F-8F8C881A979B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {89E2A58F-EA47-4C56-B622-79929F6C3DDC} - System32\Tasks\{06D86160-58EE-41A5-B52C-04A46A9D6A4F} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {914371EC-C6FB-4BAD-82A1-14BD43CCC787} - System32\Tasks\{5BA80D19-F4C7-4C8B-B234-8B304F355546} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-realm_s1_l1_gF6706T1L1_d1405491713.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {920FF7C6-18A8-4A3A-A80B-ABC07F799B8D} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe [2015-07-30] (ThreatTrack Security Inc.)
Task: {98E9A0CC-5988-44F1-840B-B67B3BD62DC2} - System32\Tasks\HPCeeScheduleForfay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9DF3876E-65A1-445C-AE38-791E5852E9F5} - System32\Tasks\{B3F215A0-F039-4151-B68D-4F363733DE58} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115300164_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {9E6A56B8-718E-4348-B19A-66FE156712EA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {9F0159D1-FAB2-484D-B9E8-43425D049419} - System32\Tasks\{8E7C215D-2D1B-468B-BEAE-F8A5A8C1D283} => pcalua.exe -a C:\Users\fay\Downloads\millennium-secrets-roxannes-necklace_s1_l1_gF6717T1L1_d1406542766.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A0B47B41-ACD5-4F4D-9586-CE2EC7F62CA9} - System32\Tasks\{DAA93FDF-CCC9-4D15-AE86-62EDBBB30ACA} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p51110979_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A23682F2-A635-454F-9623-7F5C1C2CA1F9} - System32\Tasks\{2F539F0C-9984-41E1-877C-9D661BDCB7C2} => pcalua.exe -a C:\Users\fay\Downloads\awakening-the-goblin-kingdom_s1_l1_gF6755T1L1_d1503674067.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A3EC34E4-7E3A-4500-BE3A-28B7424EE626} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4635ABE-5A8E-47DB-A2B6-DD5DEFCB1A43} - System32\Tasks\{8DE967A1-00F6-4FAB-9162-BFDC44C65B99} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A82ABBA2-D46B-437B-9420-E37A19C3B15E} - System32\Tasks\{9DDD666C-4CCB-422C-AB36-58BEA293F1C9} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {AF1FE2BF-AAC2-40F4-8979-DAAA6F74B787} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B3122CC9-8D85-4E42-A60F-CD39AA114ED2} - System32\Tasks\{75E8AF22-6F83-40EF-B51E-694BD2BA1416} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p57039746_s1_l1(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BF10AD13-07D6-49FC-BA1A-748E36656D3D} - System32\Tasks\{3F7AC69A-CC6E-499A-9DF1-A8FB47F36D91} => C:\Users\fay\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-03-10] (Amazon.com)
Task: {C1651896-AFBF-4428-AED5-A0A53038F5FE} - System32\Tasks\{CD20E675-475E-430D-A999-006AF7789AB0} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p118015257_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C4ECBDAD-60AD-4270-A195-07CFA543BA78} - System32\Tasks\{B765C452-2DD4-445C-B510-345FDB0428E3} => pcalua.exe -a C:\Users\fay\Downloads\paranormal-crime-brohood-crescent-snake-ce_s1_l1_gF6692T1L1_d1405578465.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CBF4DDE4-C6CE-4D0B-8F1D-6CB3197E57D9} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D1DD3460-E00C-4249-B638-BF9E85103837} - System32\Tasks\{D7EEFE36-135B-4C36-A4F4-B9AA4AF6A069} => pcalua.exe -a "C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV9PJ45W\bigfishgames_p113088645_s1_l1[1].exe" -d C:\Users\fay\Desktop
Task: {D32D5A06-51A3-43E7-9D44-8E5F07273084} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {D34DF0F6-A5D9-4A50-A3E6-2F587FA15D20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E0FE40B2-E5EC-4991-9B1C-753E20A68281} - System32\Tasks\{50742193-4A2D-4B16-9B69-E724CC291934} => pcalua.exe -a C:\Users\fay\Downloads\grim-facade-mystery-of-venice_s1_l1_gF6711T1L1_d1400481364.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {E4A4C26E-CAAF-494E-AC05-CE16BCDDA3C7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E83628D6-CB42-4AE7-ABE1-70D002C3DD36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EAA96CAF-B2E4-4F6C-89D1-CDBD073223CD} - System32\Tasks\{2380937D-C008-4C71-A71A-D1ED317D88C2} => pcalua.exe -a C:\Users\fay\Downloads\nightmare-adventures-the-witchs-prison_s1_l1_gF5962T1L1_d1409957749.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EB8DA958-E5FA-4E0B-8BF0-70C46F160A76} - System32\Tasks\{D3C8B2D6-638E-4694-B1C4-423659F5BBD8} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115954290_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EC803519-5E73-4709-8CC1-08DA90B39C66} - System32\Tasks\{C93684CC-5C22-41F9-87E4-F5695A3C6FB7} => pcalua.exe -a C:\Users\fay\Downloads\bigfishgames_p115215773_s1_l1.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {ED9359A4-C105-43F4-B1CA-4FF144F3EA27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {EE1231F4-9AFF-485E-8D04-F93DA4A1C7FD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {EF35A44F-A33A-4AC7-908A-DDD35C9BBA44} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForfay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (Whitelisted) ==============

2006-12-22 08:31 - 2006-12-22 08:31 - 00108712 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2009-09-19 17:38 - 2009-09-19 17:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2009-09-14 19:17 - 2009-09-14 19:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-09-07 16:54 - 2009-09-07 16:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2011-09-01 03:22 - 2011-09-01 03:22 - 03040920 _____ () C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtCore4.dll
2011-09-01 03:22 - 2011-09-01 03:22 - 10729624 _____ () C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtGui4.dll
2011-09-01 03:27 - 2011-09-01 03:27 - 00286360 _____ () C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtPlugins\imageformats\qjpeg4.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-01-31 02:40 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2010-09-08 12:08 - 2009-06-03 15:34 - 03764224 _____ () C:\Users\fay\AppData\Roaming\PictureMover\Bin\Core.dll
2010-09-08 12:08 - 2009-06-03 15:43 - 01703936 _____ () C:\Users\fay\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-05 15:39 - 2011-03-05 15:39 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7698 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\fay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99E6F953-AF6C-444B-A65D-C6F4A50E21C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7C97B664-D242-4181-A388-913141AF54AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{36EDF6B6-41D1-4CDB-9994-519D9EA3056F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{6EAC32C1-81B5-4431-A19A-00FBCE45E624}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{579DEC31-559F-4FB2-B15B-924B666C09B8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{85B3CEC1-CE56-481B-961F-CD273B0E1CDB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{2D66649C-4C7D-4CFA-B160-4D21FFEE3316}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{E4371197-ABE3-450A-88F3-C741F6E55C2B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{79CD9701-1A28-4A13-8A22-2EDEEA8A003E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9870FEB0-DD8F-4DC6-83F9-FA8EE2E750D4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E4684629-C62D-4DBE-B5FE-E210D7B36643}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{035BC04F-B1F5-473C-A280-6B01D9C1AF34}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{9D3466EF-979F-4E41-BC3E-EFC37AD1281D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6078D94B-EDAF-4C09-BC12-11EBFB8C02A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{173CBDE3-28A9-46AA-9BA3-FF1720549C84}] => (Allow) svchost.exe
FirewallRules: [{43020B60-9C84-40E6-81A3-0E9DD73DFFE7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF4B8492-E491-4BDF-8B3D-0E7AE983C494}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{5BB7594C-D04C-4328-A3AB-E150371ED1E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{2C04A3F2-9BE3-454E-992D-7DA3735C8C10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{6D6B67FC-836E-4BF1-9656-2512E962FCB2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1750E239-2D6A-40DD-931D-73CA56735FFE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1D1C0E76-F5FF-4A7C-B239-A1027F145D18}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{8D5E0BB2-3EBB-4560-999F-19F7B7508B1F}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{15A32B58-A895-4578-AE12-50EE9252532E}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{88832019-E77A-45E9-B201-22E5068B4C91}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{EA5323CF-2458-4260-A84D-DBE11596C6B8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{49EE1AA9-2567-4821-BCF6-A9468C7228DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1532522F-00B2-4DBB-B023-8D2A0B8FC613}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{025D0AF4-7AF7-4E90-BD64-1F1EE27900AF}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{9987C6E0-A590-40BF-ABD9-B9F4F7F7B889}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS06CB\HPDiagnosticCoreUI.exe
FirewallRules: [{42EF4C04-54CD-495B-B9E4-2815D67A049D}] => (Allow) C:\Users\fay\AppData\Local\Temp\7zS0A92\OJJ4600_Full_14\setup\hpznui40.exe
FirewallRules: [{BFDA91D3-88E7-45EA-90E1-FA5F41986CDC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D0EDD75-5231-47A6-A06D-6081CAA2DA0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84C55885-7A9C-41B7-8B16-511727A73E5F}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{4440D0C0-4914-4868-8ECB-792E7442120D}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{62FA2E9D-BAC8-491B-8E02-C47CB713A9C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71EDB5D0-F8DD-4AD8-8B8A-72483AD4EA6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4DE330C-6B57-4531-A6D3-23FD60ECACF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7416686F-D355-4EEF-94DE-E3A7A13EB54B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3A5E8D1-B3C2-4B29-A473-7506A40FF677}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{89592540-A7CC-432C-A333-8DAB4225C347}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD7840D7-2E17-413E-8067-FE73F3083648}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{049A999E-E5A1-40A2-A2DC-7A5BA3C67986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{DB94FF00-2CFD-4E4E-8760-8E1036EFB335}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B1295AD0-642C-4D68-8AD2-8CA6674E06FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{B46A62AF-7CAA-4ABA-8C46-9712C411CFE7}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{D10EEF1C-2A4D-42AB-AF40-C66C11EF9367}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{3DD6F610-673C-49E8-9211-667B47F9472F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E534FC5B-C239-477A-9018-35B481E5980C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2BE0B955-D12A-40BB-93F5-576C0F777925}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{80E6C622-56C6-4AE1-ADBA-7ED44809A06C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{60AB0DC1-0727-46EC-9787-F363B64A29CD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4ADFE367-4641-440F-AAE1-4868453B3087}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54DFA08B-7442-4223-B74B-07481EDA2D40}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{37A57A9F-FBC5-457A-AD4C-6BC68D33C678}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9518A4F6-BA04-4A21-973D-C0721B054C4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{93B6E022-D6A4-43B6-A61F-40A2538E23D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{920DC97B-888A-4D7B-B30E-89AC9F5550CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{9F125263-5747-4826-A23B-704C51EBF05E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{A521F3C3-6E82-44F3-991C-6776296F08F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{1B9157CA-1256-4EE0-84A4-126EE3337886}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{C6537D7C-07D7-4204-B47A-8DCD4843882C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{764B26BD-C24E-4D5B-8865-8E068C8EE30D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5427480D-7E5A-4876-86AD-F3243C79F4A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BE4254B-E08D-4743-B391-24E81F1669BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC207AEF-AB44-49C3-B87A-7C97D7725578}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2015 12:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0xc0000005
Fault offset: 0x00049b14
Faulting process id: 0xbc4
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (08/01/2015 04:08:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: fay-PC)
Description: Product: System Requirements Lab Detection -- A later version of System Requirements Lab Detection is already installed. Setup will now exit.

Error: (08/01/2015 03:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0x40000015
Fault offset: 0x00093534
Faulting process id: 0x860
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (08/01/2015 03:25:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 155c

Start Time: 01d0cc27d847159f

Termination Time: 16

Application Path: C:\WINDOWS\notepad.exe

Report Id: 4701bb8d-381e-11e5-926e-18a905b8e4ce

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/01/2015 06:02:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 06:02:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 06:02:36 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/01/2015 05:43:42 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 05:43:42 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 05:43:42 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/01/2015 12:31:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (08/01/2015 12:26:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:26:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/01/2015 12:26:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.


Microsoft Office:
=========================
Error: (08/01/2015 12:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c000000500049b14bc401d0cc76c34970c5C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeb3f38a64-386a-11e5-8112-18a905b8e4ce

Error: (08/01/2015 04:08:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: fay-PC)
Description: Product: System Requirements Lab Detection -- A later version of System Requirements Lab Detection is already installed. Setup will now exit.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2015 03:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353486001d0cc2c96c9f89cC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeaf7a4ca4-3820-11e5-8a3f-18a905b8e4ce

Error: (08/01/2015 03:25:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notepad.exe6.1.7600.16385155c01d0cc27d847159f16C:\WINDOWS\notepad.exe4701bb8d-381e-11e5-926e-18a905b8e4ce

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7082

Error: (07/31/2015 08:23:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (07/31/2015 08:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 25%
Total physical RAM: 8183.89 MB
Available physical RAM: 6065.97 MB
Total Virtual: 16365.99 MB
Available Virtual: 14443.91 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920 GB) (Free:676.51 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.22 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 9A0D0322)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of log ============================
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 1st, 2015, 9:49 pm

fayfox,

I asked you before not to install or remove any programs during this process. I will not ask again. Windows updates is one thing.

==================== Restore Points =========================

28-07-2015 20:15:48 Windows Update
01-08-2015 03:48:26 Windows Update
01-08-2015 04:09:58 Installed System Requirements Lab Detection
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 9:56 pm

Sorry wbg,
I thought it was already on my machine when I clicked on it. Won't happen again.
Fay
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 10:17 pm

wannabeageek,
windows updates is on an automatic schedule to update. My antivirus is on an auto schedule to scan . Do you want me to halt them?
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 1st, 2015, 10:24 pm

Hi fayfox,

Disabled viper, internet. Settings stayed on normal startup when I clicked apply this time. Rebooted and redid step 3.
You now have to disable VIPRE each time we run a scan or fix. Why? Because Vipre interferes with the process of fixing so it may also with scanning..

Do you want me to scan again?
not at this time.

Here is another copy following same steps. I don't know what I'm doing wrong.
The logs are so large it may take more time to copy and paste them.

windows updates is on an automatic schedule to update. My antivirus is on an auto schedule to scan . Do you want me to halt them?
Absolutely not. Those do not normally cause issues.

Run this fix please.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
ShortcutTarget: GumNotes.lnk -> C:\Program Files (x86)\GumNotes\GumNotes.exe (No File)
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=chr-bfg&q= {searchTerms}&ei=UTF-8
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw= {searchTerms}&tbid=80114&lng=en
Toolbar: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
2015-07-30 22:48 - 2013-08-03 11:54 - 00000000 ___HD C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
Task: {AF1FE2BF-AAC2-40F4-8979-DAAA6F74B787} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E4A4C26E-CAAF-494E-AC05-CE16BCDDA3C7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EE1231F4-9AFF-485E-8D04-F93DA4A1C7FD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {EF35A44F-A33A-4AC7-908A-DDD35C9BBA44} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
C:\Program Files (x86)\RealNetworks
C:\Program Files (x86)\GumNotes
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 1st, 2015, 11:29 pm

Hi wannabeageek,
I disabled internet, vipre. Closed all programs and ran FRST64.exe.
A little bit into the run I noticed the screen flickered, at the top of the FRST64 window, in parenthesis, it said "not responding". A few seconds later, the screen flickered again and it finished the scan. The "not responding" and screen flicker usually happen when the computer freezes. Other than that moment, it didn't act frozen. By that I mean the computer rebooted promptly and properly.
Also, the "audio service is not working" message is back on the speaker icon. Sound is working. Last time the red x and message on the icon disappeared after a couple of hours. Do you want me to mention this when it happens?


Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Admin (2015-08-01 23:02:02) Run:4
Running from C:\Users\Admin\Downloads
Loaded Profiles: fay & Admin (Available Profiles: fay & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShortcutTarget: GumNotes.lnk -> C:\Program Files (x86)\GumNotes\GumNotes.exe (No File)
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=chr-bfg&q= {searchTerms}&ei=UTF-8
SearchScopes: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw= {searchTerms}&tbid=80114&lng=en
Toolbar: HKU\S-1-5-21-765319908-1524800839-1392544109-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
2015-07-30 22:48 - 2013-08-03 11:54 - 00000000 ___HD C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
Task: {AF1FE2BF-AAC2-40F4-8979-DAAA6F74B787} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E4A4C26E-CAAF-494E-AC05-CE16BCDDA3C7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EE1231F4-9AFF-485E-8D04-F93DA4A1C7FD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {EF35A44F-A33A-4AC7-908A-DDD35C9BBA44} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
C:\Program Files (x86)\RealNetworks
C:\Program Files (x86)\GumNotes
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
EmptyTemp:

*****************

C:\Program Files (x86)\GumNotes\GumNotes.exe not found.
"HKU\S-1-5-21-765319908-1524800839-1392544109-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => key removed successfully
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => key not found.
"HKU\S-1-5-21-765319908-1524800839-1392544109-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}" => key removed successfully
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => key not found.
HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF1FE2BF-AAC2-40F4-8979-DAAA6F74B787}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF1FE2BF-AAC2-40F4-8979-DAAA6F74B787}" => key removed successfully
C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4A4C26E-CAAF-494E-AC05-CE16BCDDA3C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4A4C26E-CAAF-494E-AC05-CE16BCDDA3C7}" => key removed successfully
C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1000 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE1231F4-9AFF-485E-8D04-F93DA4A1C7FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE1231F4-9AFF-485E-8D04-F93DA4A1C7FD}" => key removed successfully
C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1003 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeLogonTaskS-1-5-21-765319908-1524800839-1392544109-1003" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF35A44F-A33A-4AC7-908A-DDD35C9BBA44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF35A44F-A33A-4AC7-908A-DDD35C9BBA44}" => key removed successfully
C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1003 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-765319908-1524800839-1392544109-1003" => key removed successfully
"C:\Program Files (x86)\RealNetworks" => File/Folder not found.
"C:\Program Files (x86)\GumNotes" => File/Folder not found.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":B1FBBD09" ADS removed successfully.
EmptyTemp: => 561.7 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 23:02:47 ====
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 1st, 2015, 11:38 pm

Also, the "audio service is not working" message is back on the speaker icon. Sound is working. Last time the red x and message on the icon disappeared after a couple of hours. Do you want me to mention this when it happens?
Yes. Eventually we will get to the icon issue.

You have never really said which program or programs caused the computer to freeze up when you run them.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 2nd, 2015, 12:07 am

It's usually the browser, firefox or IE.Chrome when it was installed. But it's happened when I was copying something from notepad to post to you, as well as trying to run some of the scans. I haven't played any games lately, but it would freeze playing big fish games too. But mainly, I would say the browser. If I didn't realize vipre was scanning and tried to do anything, it usually froze. For a couple days it froze every time I clicked on malwareremoval's site. :)
It's not freezing very often now, and I'm able to eventually get it to reboot normally. It just takes a loooong time.
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 2nd, 2015, 12:20 am

And did this all start about the time you installed Secunia's P S I, the Personal Software Inspector?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 2nd, 2015, 12:40 am

Way before that. I'd say it started a few months ago, but very slowly. A freeze here and there, nothing a restart wouldn't fix. A day or two before I contacted malwareremoval is when it became severe.It would freeze every 30 minutes. I got lucky and saw the error message ctrl +alt+delete caused and typed it into google. Every link suggested the Trojan.adh.2(Slimware).I tried to take care of it myself, and it looks like I made it worse.
I downloaded Secunia after all that, but have not used it. I was working with you by then. It tried to start a couple of times but I closed it down. On every start up it keeps giving me a message to manually update some programs.
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 2nd, 2015, 12:47 am

Clearly, I need to learn how to properly uninstall a program. When we reach the end, please direct me to this information. Anything you think I need to read/learn, please suggest away. There's a lot of info out there, but for someone with little computer knowledge like me, I don't know the good info from the harmful info.
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 2nd, 2015, 11:53 am

Hi fayfox,

I have more questions.

How many computers/devices do you have on your network? (A total number will do.)

Do any of the other computers/devices have issues connecting to the network?

Do you have this printer: HP Deskjet 3050 J610 series?

Do you have this printer: HP OfficeJet J4600 All-In-One Series?


Run this scan please:

SystemLook

If you do not already have this on your Desktop, please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
  • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
    Code: Select all
    :filefind
    *PSI*
    
    :folderfind
    *PSI*
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 2nd, 2015, 2:08 pm

Hi wannabeageek,
Ok, by devices do you mean things like phones, game console, roku? If so, 12.
Otherwise 5. No other computer/device is having any trouble. Netflix occasionally gets interrupted, but I'm sure that is just netflix.
I only have the printer HP Deskjet 3050 J610 series.
I disconnected internet, vipre before running scan. (If I don't say this, please question that I remembered to do it.)


SystemLook 30.07.11 by jpshortstuff
Log created at 13:51 on 02/08/2015 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "*PSI*"
C:\hp\bin\MSOffice\lang\fi\Asenna Microsoft Office 2007 -kokeiluversio 60 pSivSn ajaksi.lnk --a---- 1609 bytes [12:34 14/05/2008] [12:34 14/05/2008] AFCC1E3D278DC532DB7C6D0B4A349198
C:\MyPictures\Dennis & Kristi\Disk 2\Our Campsite at Smoky Mt Nat'l Park 1973.jpg --a---- 2137082 bytes [23:00 03/02/2012] [21:24 23/12/2002] A60F322B094B87FF189165BD8300D3EB
C:\MyPictures\Jackson\Disk 2\Samantha & Britney on upside down ride .jpg --a---- 2151532 bytes [22:41 03/02/2012] [20:19 10/07/2003] 64AD010C0212E4CCB92C92EEF243C5F6
C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml --a---- 2526 bytes [20:40 13/07/2009] [21:08 10/06/2009] 6B64350149EC7A508F9FEB9339C6BE7E
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe --a---- 165888 bytes [00:24 14/07/2009] [01:39 14/07/2009] 55A5E5AE40755556942C30548550E4C3
C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui --a---- 3584 bytes [05:35 14/07/2009] [02:30 14/07/2009] EA15C53D26779F0CF76F556A34E46939
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Interface\Interfaces\Full\AwsPointersFullMapsInterface.js -ra---- 821 bytes [11:13 09/04/2007] [11:13 09/04/2007] D068D168FF31F427F01117C03575C6AB
C:\Program Files (x86)\Common Files\microsoft shared\Grphflt\EPSIMP32.FLT --a---- 77824 bytes [01:22 24/09/1998] [01:22 24/09/1998] 27801E0F7931A7852DCD71AF7C7DD769
C:\Program Files (x86)\Common Files\Mobipocket Shared\Emulator\skin\psion_5mx.gif --a---- 17441 bytes [15:21 01/08/2007] [15:21 01/08/2007] 386B7719444EDE62994F18EAFE12768A
C:\Program Files (x86)\Cyberlink\PowerDirector\skin\1024x768\CreateDisc\AuthorBtnEllipsis.png --a---- 5788 bytes [04:51 30/08/2007] [04:51 30/08/2007] 8D910C19F36E87A2766BA05CBC37A028
C:\Program Files (x86)\Farm to Fork\Data\Sfx\MapSignOut.ogg --a---- 12138 bytes [00:16 21/02/2014] [00:16 21/02/2014] 0130824F9F2EE27B98DD2AA15881B3CE
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil7.exe.hpsign --a---- 256 bytes [01:34 30/09/2013] [01:36 22/05/2015] 0C3D3305770707C25F82A03556BD8EC1
C:\Program Files (x86)\Hewlett-Packard\HP Setup\Assets\step_1thru4_collapsing.wav --a---- 686650 bytes [01:32 19/05/2010] [17:20 07/10/2009] E119121C9F199D591BAF723D220591F9
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPBatteryCheck\BatteryTest.exe.hpsign --a---- 256 bytes [20:07 26/09/2012] [20:07 26/09/2012] 7688577D30BAE0DE3803141906975B24
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPBatteryCheck\HPBC.exe.hpsign --a---- 256 bytes [15:47 27/09/2012] [15:47 27/09/2012] 6EAAB610C2FA3E42358E9F40DC2C15E0
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Warranty\HPWSD.exe.hpsign --a---- 256 bytes [21:59 11/09/2012] [14:21 23/09/2013] 07137454CAF23CCECA4B2727B02FB866
C:\Program Files (x86)\Hewlett-Packard\Shared\CaslShared.dll.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] 257C18E6713A5820AE17C963FF6CFE2F
C:\Program Files (x86)\Hewlett-Packard\Shared\CaslSmBios.dll.hpsign --a---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] CD58643F20A490C828CFD7492816A8AA
C:\Program Files (x86)\Hewlett-Packard\Shared\CaslVer.exe.hpsign -ra---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] D88A4007433AA4F8B55D837E7D575F07
C:\Program Files (x86)\Hewlett-Packard\Shared\CaslWmi.dll.hpsign -ra---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] C4C92F7770F4F2C58328A578CDABED54
C:\Program Files (x86)\Hewlett-Packard\Shared\hpcasl.dll.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] 3ED776F1036236ABE7D10B1ABFFD8C0A
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] CC374C8B1253323BA505062C9086AFEA
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe.hpsign -ra---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] 8B066F19195C29D6AE75B723C182D553
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe.hpsign -ra---- 256 bytes [19:49 10/08/2012] [19:49 10/08/2012] 688AC7CA53864549306B731705236E45
C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] 2F24877E03644EFDFE26ADD9D3262E2E
C:\Program Files (x86)\Hewlett-Packard\Shared\hputils64.dll.hpsign --a---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] 0CDCB477FB53C2C8F516BF73B2AB7012
C:\Program Files (x86)\Hewlett-Packard\Shared\Interop.HPQWMIEXLib.dll.hpsign --a---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] 4201861C58C771E7A095EB6A782227BA
C:\Program Files (x86)\Hewlett-Packard\Shared\Wireless.exe.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] DE8DB62B8C65B595EBEC481ECAA0B6AA
C:\Program Files (x86)\hp\Digital Imaging\DocProc\Binary\ps2epsi.ps --a---- 8403 bytes [03:52 28/05/2010] [03:52 28/05/2010] ECCAD6567AFA2054D74E62C86F66E703
C:\Program Files (x86)\hp\Digital Imaging\Graphics\FilmstripSide.png -ra---- 2809 bytes [22:33 22/07/2008] [22:33 22/07/2008] 984691390526CF557DE8F81FDEF64318
C:\Program Files (x86)\Nancy Drew - Alibi in Ashes\Sound\BM_GaspSingle01_SFX.his --a---- 9625 bytes [10:42 29/09/2013] [20:00 19/10/2012] 3A2C2FEAACDE9B3485180174DE644570
C:\Program Files (x86)\Nancy Drew - Alibi in Ashes\Sound\GF_GaspSingle01_SFX.his --a---- 7108 bytes [10:42 29/09/2013] [20:00 19/10/2012] 5F19F1FDEB07E51813692E9B575189B5
C:\Program Files (x86)\Nancy Drew - Alibi in Ashes\Sound\GF_GaspSingle02_SFX.his --a---- 7518 bytes [10:42 29/09/2013] [20:00 19/10/2012] CE1246BBDF5E7162D91ABA17A51C0605
C:\Program Files (x86)\Nancy Drew - Alibi in Ashes\Sound\NN_GaspSingle01_SFX.his --a---- 9125 bytes [10:42 29/09/2013] [20:01 19/10/2012] 0EF3A25CC9A94A9D6A893CD63E30D72A
C:\Program Files (x86)\Nancy Drew - Secret of Shadow Ranch\CDVideo\SEC_PumpSink.bik --a---- 105584 bytes [13:21 12/10/2013] [00:14 15/02/2012] AD5BB09625E8BB2866FFE43CAEC54C85
C:\Program Files (x86)\Nancy Drew - Secret Of The Old Clock\HDVideo\EXT_TopSign.bik --a---- 106332 bytes [13:19 12/10/2013] [23:35 27/05/2008] 7F990E3897EB39603952F1FFFC843C4C
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt01_SFX.HIS --a---- 19704 bytes [08:35 20/09/2011] [21:56 20/07/2011] 53160101D2205CB5C0CC67D191D6144C
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt02_SFX.HIS --a---- 18052 bytes [08:35 20/09/2011] [21:56 20/07/2011] 9243ED382D08525B8E30A658C71075DB
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt03_SFX.HIS --a---- 6052 bytes [08:35 20/09/2011] [21:56 20/07/2011] ACF13E8889BCEF157B258C4CD8A4E396
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt04_SFX.HIS --a---- 17386 bytes [08:35 20/09/2011] [21:56 20/07/2011] 7B5449193D35F7D7198AF4004FA6586D
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt05_SFX.HIS --a---- 6934 bytes [08:35 20/09/2011] [21:56 20/07/2011] 550363A3FDF8A2CBCD46E73377D21CEE
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt06_SFX.HIS --a---- 5999 bytes [08:35 20/09/2011] [21:56 20/07/2011] 3EB89DF2653364ED4C289A306135A1C6
C:\Program Files (x86)\Nancy Drew - Tomb of the Lost Queen\Sound\BM_GaspSingle01_SFX.his --a---- 9625 bytes [19:34 05/10/2013] [20:48 03/04/2013] 3A2C2FEAACDE9B3485180174DE644570
C:\Program Files (x86)\Nancy Drew - Tomb of the Lost Queen\Sound\NN_GaspSingle01_SFX.his --a---- 9125 bytes [19:35 05/10/2013] [20:48 03/04/2013] 0EF3A25CC9A94A9D6A893CD63E30D72A
C:\Program Files (x86)\Secunia\PSI\psi.exe --a---- 1983192 bytes [12:02 28/11/2014] [12:02 28/11/2014] 2653B31C40A0B825ED316A74283611F9
C:\Program Files (x86)\Secunia\PSI\psia.exe --a---- 1363160 bytes [12:02 28/11/2014] [12:02 28/11/2014] 5E0E975998BF1612E18B898E5D17838B
C:\Program Files (x86)\Secunia\PSI\psialog.txt --a---- 598297 bytes [10:34 20/07/2015] [03:16 02/08/2015] 6053D733DF4EA9A78792E7F3AB9FC57C
C:\Program Files (x86)\Secunia\PSI\psialog.txt2 --a---- 2097229 bytes [10:34 20/07/2015] [21:29 28/07/2015] 5B55B498437595F61AA1672BFD9745B1
C:\Program Files (x86)\Secunia\PSI\psires.dll --a---- 1030144 bytes [11:09 23/07/2015] [11:09 23/07/2015] 655B5FBA1D8237A463B54A0848C18C0C
C:\Program Files (x86)\Secunia\PSI\psi_amd64.inf --a---- 2782 bytes [11:24 08/07/2014] [11:24 08/07/2014] A1C57CB5F90E4E12E46FDB5F4726C7C6
C:\Program Files (x86)\Secunia\PSI\PSI_terms_and_conditions.rtf --a---- 11563 bytes [11:24 08/07/2014] [11:24 08/07/2014] 53EB58D7280F522D1E03E4E0C0B0F07B
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe --a---- 591576 bytes [12:02 28/11/2014] [12:02 28/11/2014] 3B07CFCAAEEC36A435652F305DA2AEFB
C:\Program Files (x86)\Secunia\PSI\help\ar_AR\Secunia_PSI_3.0_Help_AR.docx --a---- 213365 bytes [13:55 10/07/2014] [13:55 10/07/2014] 5C8C796EDFF0C97BA6EA1D458800D13D
C:\Program Files (x86)\Secunia\PSI\help\da_DK\Secunia_PSI_3.0_Help_DK.docx --a---- 203712 bytes [13:55 10/07/2014] [13:55 10/07/2014] E6D48D52419637E8BC859957734158CD
C:\Program Files (x86)\Secunia\PSI\help\de_DE\Secunia_PSI_3.0_Help_DE.docx --a---- 205197 bytes [11:24 08/07/2014] [11:24 08/07/2014] 7A0EBD993D64A9B8C0419C99F3AE71DC
C:\Program Files (x86)\Secunia\PSI\help\en_GB\Secunia_PSI_3.0_Help_EN.docx --a---- 203370 bytes [13:55 10/07/2014] [13:55 10/07/2014] 2687E3D30AAB299BF632070B9B3F657E
C:\Program Files (x86)\Secunia\PSI\help\es_ES\Secunia_PSI_3.0_Help_ES.docx --a---- 204147 bytes [13:55 10/07/2014] [13:55 10/07/2014] 90BAFAD42AA4CA1CD4970D8737FF58DB
C:\Program Files (x86)\Secunia\PSI\help\fr_FR\Secunia_PSI_3.0_Help_FR.docx --a---- 204371 bytes [13:55 10/07/2014] [13:55 10/07/2014] 84D440FC0A30133D63388884578A711C
C:\Program Files (x86)\Secunia\PSI\help\nb_NO\Secunia_PSI_3.0_Help_NO.docx --a---- 203284 bytes [13:55 10/07/2014] [13:55 10/07/2014] C66980EA9723CB1EE876FDE79E901072
C:\Program Files (x86)\Secunia\PSI\help\nl_NL\Secunia_PSI_3.0_Help_NL.docx --a---- 202840 bytes [13:55 10/07/2014] [13:55 10/07/2014] 9BDB0E8713A0E94F5D07B25B6A31482A
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\dhtmlHelpSidebar.css --a---- 1330 bytes [19:17 29/10/2010] [19:17 29/10/2010] 83C168ECF84ED3EF944526CFC558D699
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\dhtmlHelpSidebar.js --a---- 5370 bytes [19:17 29/10/2010] [19:17 29/10/2010] 15A639DF2695AD54C78015F8EEEEF645
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\dhtmlHelpSideNavigator.css --a---- 2089 bytes [19:17 29/10/2010] [19:17 29/10/2010] D36CBEC0F7AB7F876CF7A97E38996EFF
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\dhtmlHelpSideNavigator.htm --a---- 10197 bytes [19:17 29/10/2010] [19:17 29/10/2010] BA4BF9DCBB1C28BCAF0DA03AD05C0276
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\HelpSideNavigator.xml --a---- 1757 bytes [19:17 29/10/2010] [19:17 29/10/2010] 3BBB5ED62172D73B6E58133463D2162A
C:\Program Files (x86)\VIPRE\Definitions\EPSigs.vdx ------- 65429 bytes [06:40 31/01/2014] [19:55 27/03/2013] 91C440FC9EE6520027FCCFC254334D36
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk --a---- 1071 bytes [10:34 20/07/2015] [10:34 20/07/2015] 0BCF18A474EFB2E5FC80D09D3566B5D6
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk --a---- 1108 bytes [10:34 20/07/2015] [10:34 20/07/2015] D452A7E638A9CBCE86A84C770A627B8A
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk --a---- 1071 bytes [10:34 20/07/2015] [10:34 20/07/2015] 0BCF18A474EFB2E5FC80D09D3566B5D6
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk --a---- 1108 bytes [10:34 20/07/2015] [10:34 20/07/2015] D452A7E638A9CBCE86A84C770A627B8A
C:\Users\fay\AppData\Local\Google\Chrome\User Data\Default\Top Sites --a---- 20480 bytes [13:19 10/01/2015] [18:16 18/07/2015] B5C00B1DBE4BE72B56E397CC88AF0EEC
C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\text-ellipsis.xml --a---- 423 bytes [20:06 08/04/2009] [20:06 08/04/2009] E6F18F58EBDE651B87055E87DEA0FF1B
C:\Users\fay\Documents\Recipes\Thanksgiving 2013 Menu\Pineapple Upside.doc --a---- 20480 bytes [11:56 23/11/2013] [11:56 23/11/2013] B5C0EC313F46210ACEB3567280588042
C:\Users\fay\Downloads\PSISetup.exe --a---- 5490752 bytes [10:31 20/07/2015] [10:32 20/07/2015] E7A5CEB98F3FD6DE9BFB72972F8EFC37
C:\Windows\Fonts\TempsITC.TTF -r----- 76100 bytes [12:55 17/04/2002] [12:55 17/04/2002] 6E528EAF77E28EBCC849F9769839A5FB
C:\Windows\Help\OEM\Scripts\LaunchHPSI.jse --a---- 3016 bytes [22:22 12/08/2013] [14:33 03/11/2010] 414DDDF814B5951C1F13AF2B1E4A2F57
C:\Windows\inf\mdmpsion.inf --a---- 15414 bytes [05:32 14/07/2009] [05:32 14/07/2009] 2256068069834580EC049E43B3434ECD
C:\Windows\inf\mdmpsion.PNF --a---- 20500 bytes [04:50 14/07/2009] [19:08 01/11/2011] 7FD3BD13840B4518ECB080C031CC8C9B
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat --a---- 8466 bytes [05:36 14/07/2009] [03:50 14/07/2009] 269E5FA3C985A985563452564BF33697
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.mum --a---- 1269 bytes [05:36 14/07/2009] [02:30 14/07/2009] DC3B2ACF9E015749BE82EC401A245FB1
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat --a---- 8884 bytes [14:31 02/11/2011] [19:07 20/11/2010] EBE84E6B87BE908D69BDA7BA95827C9C
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.mum --a---- 1289 bytes [14:31 02/11/2011] [18:40 20/11/2010] 8EE8BC553B8706F5EE819DC4C5123AA4
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.cat --a---- 9061 bytes [05:29 14/07/2009] [02:59 14/07/2009] 5C3E3389750A46938F6D6F42A849F659
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum --a---- 1223 bytes [05:29 14/07/2009] [20:49 13/07/2009] B3C48453B6AE955CBA1E99FDE3CC431E
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat --a---- 10632 bytes [14:25 02/11/2011] [20:36 20/11/2010] 55D561E5142EBC6278ED6E56B67A6D3B
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum --a---- 1247 bytes [14:25 02/11/2011] [20:22 20/11/2010] 497D15F5CED689291FCA4D5D9703BFD6
C:\Windows\System32\MpSigStub.exe ------- 279656 bytes [15:59 08/09/2010] [16:25 31/05/2012] 77980C9B2B95CD1726C9054FEC145FDD
C:\Windows\System32\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [05:26 17/08/2011] 050AF06F8B0463417E4AED9DA5816A65
C:\Windows\System32\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [05:25 17/08/2011] 78394F2B354BDC28C5C61837872DD132
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat --a---- 8466 bytes [05:36 14/07/2009] [03:50 14/07/2009] 269E5FA3C985A985563452564BF33697
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat ----s-- 8884 bytes [14:31 02/11/2011] [19:07 20/11/2010] EBE84E6B87BE908D69BDA7BA95827C9C
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.cat --a---- 9061 bytes [05:29 14/07/2009] [02:59 14/07/2009] 5C3E3389750A46938F6D6F42A849F659
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat ----s-- 10632 bytes [14:25 02/11/2011] [20:36 20/11/2010] 55D561E5142EBC6278ED6E56B67A6D3B
C:\Windows\System32\drivers\psi_mf_amd64.sys --a---- 18456 bytes [12:02 28/11/2014] [12:02 28/11/2014] DD3FD48D69F5FBBB21D46D1514C1C2DB
C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\mdmpsion.inf --a---- 15414 bytes [20:40 13/07/2009] [20:40 13/07/2009] 2256068069834580EC049E43B3434ECD
C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\mdmpsion.PNF --a---- 20524 bytes [05:32 14/07/2009] [05:32 14/07/2009] 34781035CE6D93BBCDB112F328BD70A3
C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\MSXPSINC.GPD --a---- 73 bytes [00:38 14/07/2009] [20:59 10/06/2009] 811FFDE93D1FDB8F3A91304422E941A9
C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\MSXPSINC.PPD --a---- 72 bytes [00:38 14/07/2009] [20:59 10/06/2009] 78B5EBD79A120C014F385D5DA1D1BA83
C:\Windows\SysWOW64\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:24 17/08/2011] 00ADF21DE55AA97297FAC65E4F3A0256
C:\Windows\SysWOW64\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:19 17/08/2011] 68DCA1777D7224A79A9DC3D47BED6D32
C:\Windows\winsxs\amd64_mdmpsion.inf_31bf3856ad364e35_6.1.7600.16385_none_5f62ca049c3c9107\mdmpsion.inf --a---- 15414 bytes [20:40 13/07/2009] [20:40 13/07/2009] 2256068069834580EC049E43B3434ECD
C:\Windows\winsxs\amd64_microsoft-windows-m..ow-gadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e45ff59acede6483\WMPSideShowGadget.exe.mui --a---- 3584 bytes [05:35 14/07/2009] [02:30 14/07/2009] EA15C53D26779F0CF76F556A34E46939
C:\Windows\winsxs\amd64_microsoft-windows-m..yer-sideshow-gadget_31bf3856ad364e35_6.1.7600.16385_none_841e9494c8a32794\WMPSideShowGadget.exe --a---- 165888 bytes [00:24 14/07/2009] [01:39 14/07/2009] 55A5E5AE40755556942C30548550E4C3
C:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0b85afba3ffbc09\rdpsign.exe.mui --a---- 5632 bytes [05:35 14/07/2009] [02:25 14/07/2009] 4DCAF5D551E9DC51F7BC8788B8B4EC99
C:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a2e96ec3a0ee3fa3\rdpsign.exe.mui --a---- 5632 bytes [05:35 14/07/2009] [02:25 14/07/2009] 4DCAF5D551E9DC51F7BC8788B8B4EC99
C:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7600.16385_none_912d4a3fad3a2666\rdpsign.exe --a---- 66048 bytes [00:17 14/07/2009] [01:39 14/07/2009] ED19E8419A366D7606210F8D81BCC3F1
C:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_935e5e07aa28aa00\rdpsign.exe --a---- 66048 bytes [14:55 02/11/2011] [13:25 20/11/2010] 0743AAC1E6A1D6D338B44A7B081E06B2
C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ipsita.xml --a---- 2526 bytes [20:40 13/07/2009] [21:08 10/06/2009] 6B64350149EC7A508F9FEB9339C6BE7E
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16385_none_37f229d170c0ab24\psisdecd.dll --a---- 613888 bytes [00:20 14/07/2009] [01:41 14/07/2009] 35663A73894CFCA258D2620CD075A397
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16385_none_37f229d170c0ab24\psisrndr.ax --a---- 108032 bytes [00:20 14/07/2009] [01:38 14/07/2009] 08B3E09C1D8AE4478BFAA75E57832BC6
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16648_none_38207011709d7eda\psisdecd.dll --a---- 613888 bytes [17:26 01/11/2011] [09:46 13/12/2009] 7E6A5600C69A37B3292FBC7CA682CB6E
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16648_none_38207011709d7eda\psisrndr.ax --a---- 108032 bytes [00:20 14/07/2009] [01:38 14/07/2009] 08B3E09C1D8AE4478BFAA75E57832BC6
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16867_none_3809d3bb70ae97b3\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [05:32 17/08/2011] 9FB80AA3B0B89C0CCC47D1E4A8EAA671
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16867_none_3809d3bb70ae97b3\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [05:27 17/08/2011] 8D0F6554FBBE5301D1A070155B52CA18
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.20771_none_38829b1289d9c116\psisdecd.dll --a---- 613888 bytes [17:26 01/11/2011] [06:59 04/08/2010] 91A671E4843AC2BE208D9647C57A0609
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.20771_none_38829b1289d9c116\psisrndr.ax --a---- 108032 bytes [00:20 14/07/2009] [01:38 14/07/2009] 08B3E09C1D8AE4478BFAA75E57832BC6
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.21030_none_38acb66689ba658b\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [05:48 17/08/2011] 7AAE08203D3A373332055960FFA41908
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.21030_none_38acb66689ba658b\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [05:41 17/08/2011] E1F485D6E686B96C28EB1108F709A3A7
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_3a233d996daf2ebe\psisdecd.dll --a---- 613888 bytes [00:20 14/07/2009] [01:41 14/07/2009] 35663A73894CFCA258D2620CD075A397
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_3a233d996daf2ebe\psisrndr.ax --a---- 108032 bytes [14:55 02/11/2011] [13:24 20/11/2010] 92545BE920E55B1677786FB4C183B329
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_39f231556dd3364d\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [05:26 17/08/2011] 050AF06F8B0463417E4AED9DA5816A65
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_39f231556dd3364d\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [05:25 17/08/2011] 78394F2B354BDC28C5C61837872DD132
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_3a545c56870f7889\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [06:15 17/08/2011] 9A65C01C5ABF8F6390B5527AB996822E
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_3a545c56870f7889\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [06:08 17/08/2011] 2BD5A09F53E1B745E9018BB0DDD6E805
C:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7600.16385_none_96f58ea8d463e7df\Amd64\MSXPSINC.GPD --a---- 73 bytes [00:38 14/07/2009] [20:59 10/06/2009] 811FFDE93D1FDB8F3A91304422E941A9
C:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7600.16385_none_96f58ea8d463e7df\Amd64\MSXPSINC.PPD --a---- 72 bytes [00:38 14/07/2009] [20:59 10/06/2009] 78B5EBD79A120C014F385D5DA1D1BA83
C:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79\Amd64\MSXPSINC.GPD --a---- 73 bytes [00:38 14/07/2009] [20:59 10/06/2009] 811FFDE93D1FDB8F3A91304422E941A9
C:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79\Amd64\MSXPSINC.PPD --a---- 72 bytes [00:38 14/07/2009] [20:59 10/06/2009] 78B5EBD79A120C014F385D5DA1D1BA83
C:\Windows\winsxs\Manifests\amd64_mdmpsion.inf_31bf3856ad364e35_6.1.7600.16385_none_5f62ca049c3c9107.manifest --a---- 1106 bytes [05:28 14/07/2009] [05:28 14/07/2009] C75F2BDA00D751667963362ABF695E22
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7600.16385_none_99f2efd7c1c8a28b.manifest --a---- 7073 bytes [02:14 14/07/2009] [02:14 14/07/2009] 0A6A6E6D8055ACEC8A4769814D2EB097
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625.manifest ------- 7073 bytes [13:43 02/11/2011] [10:13 20/11/2010] F8855283175403E61478E4C497A6890F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d41a1dc65009156.manifest --a---- 2330 bytes [05:35 14/07/2009] [02:44 14/07/2009] B99C3F8AC20BCC43AA3ED6952681A3BD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-xpsifilter_31bf3856ad364e35_6.1.7600.16385_none_c8ca252034ea6665.manifest --a---- 5284 bytes [02:28 14/07/2009] [02:28 14/07/2009] E5733012429799A5DCAE66D30DC225B7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11230658aca32020.manifest --a---- 2328 bytes [05:35 14/07/2009] [02:29 14/07/2009] 81BFDD7A43BE36DECEAE953135C25098
C:\Windows\winsxs\Manifests\x86_microsoft-windows-xpsifilter_31bf3856ad364e35_6.1.7600.16385_none_6cab899c7c8cf52f.manifest --a---- 5280 bytes [01:58 14/07/2009] [01:58 14/07/2009] 30A18D4334DE8EFF2DA7B20571066238
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16385_none_4246d423a5216d1f\psisdecd.dll --a---- 465408 bytes [00:05 14/07/2009] [01:16 14/07/2009] E9CFD3682AB6379E62C7175B07865152
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16385_none_4246d423a5216d1f\psisrndr.ax --a---- 75776 bytes [00:06 14/07/2009] [01:14 14/07/2009] 13FE915D948773F4F270C1CA6F8469FA
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16648_none_42751a63a4fe40d5\psisdecd.dll --a---- 465408 bytes [17:26 01/11/2011] [09:30 13/12/2009] 94BFC2F2072FE2A34D3067AF9FBF72D8
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16648_none_42751a63a4fe40d5\psisrndr.ax --a---- 75776 bytes [00:06 14/07/2009] [01:14 14/07/2009] 13FE915D948773F4F270C1CA6F8469FA
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16867_none_425e7e0da50f59ae\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:26 17/08/2011] 8588A439E0468E7DD6E429BB99EA5F1B
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16867_none_425e7e0da50f59ae\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:22 17/08/2011] 8202DAB508199A2EA1F6EEBC24C8A730
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.20771_none_42d74564be3a8311\psisdecd.dll --a---- 465408 bytes [17:26 01/11/2011] [06:22 04/08/2010] 6F3103C8BE740BE32FD1F7CE5DCF018E
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.20771_none_42d74564be3a8311\psisrndr.ax --a---- 75776 bytes [00:06 14/07/2009] [01:14 14/07/2009] 13FE915D948773F4F270C1CA6F8469FA
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.21030_none_430160b8be1b2786\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:28 17/08/2011] 04AA543050EE7D585D0826F79DAD252B
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.21030_none_430160b8be1b2786\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:22 17/08/2011] CB3115F1F7D16C9FB6169B50A25C46D8
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_4477e7eba20ff0b9\psisdecd.dll --a---- 465408 bytes [00:05 14/07/2009] [01:16 14/07/2009] E9CFD3682AB6379E62C7175B07865152
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_4477e7eba20ff0b9\psisrndr.ax --a---- 75776 bytes [14:54 02/11/2011] [12:16 20/11/2010] 71EAF975B87917ADCB26886482F6FB5B
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_4446dba7a233f848\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:24 17/08/2011] 00ADF21DE55AA97297FAC65E4F3A0256
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_4446dba7a233f848\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:19 17/08/2011] 68DCA1777D7224A79A9DC3D47BED6D32
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_44a906a8bb703a84\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [06:03 17/08/2011] 3AA15A03909FDF4CE73CB797B2AFDA46
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_44a906a8bb703a84\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [05:52 17/08/2011] D8282AEF72F8EADB7D5C7B4AECF187E1
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_ddd395d1b575c517\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:24 17/08/2011] 00ADF21DE55AA97297FAC65E4F3A0256
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_ddd395d1b575c517\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:19 17/08/2011] 68DCA1777D7224A79A9DC3D47BED6D32
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_de35c0d2ceb20753\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [06:03 17/08/2011] 3AA15A03909FDF4CE73CB797B2AFDA46
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_de35c0d2ceb20753\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [05:52 17/08/2011] D8282AEF72F8EADB7D5C7B4AECF187E1

========== folderfind ==========

Searching for "*PSI*"
C:\Program Files (x86)\Secunia\PSI d------ [10:34 20/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_02012319 d----c- [21:56 21/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_0774f1bd d----c- [23:17 20/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_07f84308 d----c- [00:00 27/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_145888ed d----c- [01:20 27/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_cab_105ff9a9 d----c- [19:13 20/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_384514fdea7b8cfb1a2a531f4323a82392c81b8_cab_0b7462c7 d----c- [21:10 26/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_051de9c2 d----c- [21:41 29/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_059da987 d----c- [19:39 24/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_088e1f90 d----c- [21:33 28/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0994f6bc d----c- [02:43 31/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0b51f3df d----c- [11:09 24/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0f94674a d----c- [00:04 31/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0fa162a8 d----c- [04:59 28/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0fda1d5f d----c- [07:41 01/08/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_1095cfec d----c- [22:27 01/08/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_12b71f81 d----c- [03:17 02/08/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_13b9d69f d----c- [23:06 27/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_14ad9194 d----c- [22:38 25/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_14ceed2b d----c- [11:54 25/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_15599a7a d----c- [02:57 29/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_cab_0ac3a6f8 d----c- [08:07 22/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_b831079e365ead2bf59c633b3db323316728a_cab_137109cf d----c- [22:31 29/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_c2d72510303c298a1e3eeb363f5efdba32999845_cab_123395e8 d----c- [11:10 23/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_de644591305be2cfd1caacec55b47ab0967877c5_cab_0e809e70 d----c- [10:44 26/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_e770781442625149503bff472bd8f8f9e8ee9a_1574c5ce d----c- [22:22 26/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_e770781442625149503bff472bd8f8f9e8ee9a_cab_109ce780 d----c- [14:32 20/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_ff20979dcae9c0f24cb2a02b774641e7ef1b9f3_15923f7f d----c- [16:31 01/08/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_ff20979dcae9c0f24cb2a02b774641e7ef1b9f3_cab_11fdea10 d----c- [00:35 29/07/2015]
C:\Users\Admin\AppData\Local\Secunia PSI d------ [10:35 20/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_02012319 d----c- [21:56 21/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_0774f1bd d----c- [23:17 20/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_07f84308 d----c- [00:00 27/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_145888ed d----c- [01:20 27/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_cab_105ff9a9 d----c- [19:13 20/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_384514fdea7b8cfb1a2a531f4323a82392c81b8_cab_0b7462c7 d----c- [21:10 26/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_051de9c2 d----c- [21:41 29/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_059da987 d----c- [19:39 24/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_088e1f90 d----c- [21:33 28/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0994f6bc d----c- [02:43 31/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0b51f3df d----c- [11:09 24/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0f94674a d----c- [00:04 31/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0fa162a8 d----c- [04:59 28/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0fda1d5f d----c- [07:41 01/08/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_1095cfec d----c- [22:27 01/08/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_12b71f81 d----c- [03:17 02/08/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_13b9d69f d----c- [23:06 27/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_14ad9194 d----c- [22:38 25/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_14ceed2b d----c- [11:54 25/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_15599a7a d----c- [02:57 29/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_cab_0ac3a6f8 d----c- [08:07 22/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_b831079e365ead2bf59c633b3db323316728a_cab_137109cf d----c- [22:31 29/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_c2d72510303c298a1e3eeb363f5efdba32999845_cab_123395e8 d----c- [11:10 23/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_de644591305be2cfd1caacec55b47ab0967877c5_cab_0e809e70 d----c- [10:44 26/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_e770781442625149503bff472bd8f8f9e8ee9a_1574c5ce d----c- [22:22 26/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_e770781442625149503bff472bd8f8f9e8ee9a_cab_109ce780 d----c- [14:32 20/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_ff20979dcae9c0f24cb2a02b774641e7ef1b9f3_15923f7f d----c- [16:31 01/08/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_ff20979dcae9c0f24cb2a02b774641e7ef1b9f3_cab_11fdea10 d----c- [00:35 29/07/2015]
C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a d------ [05:31 14/07/2009]
C:\Windows\Temp\Secunia PSI Agent d------ [03:12 02/08/2015]
C:\Windows\winsxs\amd64_mdmpsion.inf_31bf3856ad364e35_6.1.7600.16385_none_5f62ca049c3c9107 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7600.16385_none_99f2efd7c1c8a28b d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625 d------ [14:10 02/11/2011]
C:\Windows\winsxs\amd64_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d41a1dc65009156 d------ [05:37 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-xpsifilter_31bf3856ad364e35_6.1.7600.16385_none_c8ca252034ea6665 d------ [05:30 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11230658aca32020 d------ [05:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-xpsifilter_31bf3856ad364e35_6.1.7600.16385_none_6cab899c7c8cf52f d------ [05:30 14/07/2009]

-= EOF =-
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 2nd, 2015, 7:58 pm

Hi fayfox,

Right now Secunia PSI is causing problems so we need to remove it to find the next problem.

Go to this file: C:\Program Files (x86)\Secunia\PSI\psi_amd64.inf
Open it using Notepad and post the contents in your next reply, please.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 17 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware