Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware . . . I think.


  • This topic is locked This topic is locked
35 replies to this topic

#1 maineboy64

maineboy64

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 25 July 2016 - 06:18 PM

This post started here:

 

http://www.bleepingcomputer.com/forums/t/619682/the-user-profile-service-failed-the-logon/

 

and now continues at this thread . . . 

 

OK, I tried to run my first FRST scan but I got the msg; 'Your current security settings do not allow this file to be downloaded.'  I am using IE and only have Windows Defender as protection.  I disabled that, but I still get the msg.  When I try and click on the Fix Settings msg I get, the click doesn't work.  Damn!



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,737 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:33 AM

Posted 28 July 2016 - 01:57 AM

Hello, I'm Bezukhov. I'll be assisting you with this problem. Give me a little time to find out how to get you that Farbar Recovery Scan Tool.
To err is Human. To blame it on someone else is even more Human.

#3 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,737 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:33 AM

Posted 29 July 2016 - 05:59 PM

:step1:

First we reset permissions in IE to allow downloads.

  • Open Windows Control Panel:

Windows 7/XP:
Click Start - Control Panel.

  • Click Internet Options.
  • Switch to tab Security, and then click Custom level....
  • Scroll down in the list of settings until you see the section Downloads.
  • Set all download options in this section to Enabled.
  • Click OK to save the settings.

Now try downloading the file. If you are allowed, please choose Save.

:step2:
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

If you are still having problems, let me know. Please inform me if you have access to a clean, working computer.


To err is Human. To blame it on someone else is even more Human.

#4 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 29 July 2016 - 08:10 PM

I have done what you said and enabled all the sections under Downloads - actually they were already enabled and I didn't have to change their status - but I'm still unable to download the Farbar tool.  

 

You ask if I have access to a clean computer.  Well, yes, it was clean last week when I bought it new, but I think I may have picked up another virus already!  I really can't believe it.  I believe the culprit to be the free AVG anti-virus which I downloaded onto the new computer.  I have used the Geekuninstaller to get rid of it, but it still appears on my taskbar even though it has been deleted from the programs in Control Panel.  I'm now using Bitdefender.  

 

OK, the new HP(15-AC123NA) Laptop that I purchased last week came with Windows 10.  Everything has been OK until tonight.  Now some of the old symptoms have returned such as I'm unable to click on both the Start Menu and the Search the web and Windows box.  Also, when I try to download music files or photos, I get the msg that the "app didn't start".  Most of the file system has been incapacitated and my icons - This PC, Network, & Control Panel - have appeared on the desktop.  Apart from this, the computer functions quite well and the internet connection is fast.  Start up is also OK.  Can you assist?


Edited by maineboy64, 29 July 2016 - 08:13 PM.


#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,737 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:33 AM

Posted 30 July 2016 - 09:16 PM

Let's not worry about that second computer for now. As long as it can download files we can get started. You will need a USB thumb drive. It doesn't need to be that big, a couple of Gigabytes is more than enough. Please back up any file on that drive before we begin.

On that second computer, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: Please choose the 64 bit version.
  • Plug the flashdrive into the infected PC.
  • If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Any problems with these instructions should be brought to my attention.
To err is Human. To blame it on someone else is even more Human.

#6 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 31 July 2016 - 07:12 AM

I was able to transfer the Farbar Tool onto the infected computer and run it but not in safe mode. Here are the 2 logs that were generated:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Administrator (administrator) on PAULS-PC (31-07-2016 12:16:51)
Running from G:\
Loaded Profiles: Administrator (Available Profiles: Paul & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
( ) C:\AVG_Remover\bin\AVG_Remover.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1473311476-28869768-3281747046-500\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-1473311476-28869768-3281747046-500\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1473311476-28869768-3281747046-500\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{58D6718B-F35D-4945-833F-614F5003E92D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{63CA81C3-E325-4C65-977A-F5A914E99E4B}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ACFF1142-A0C5-4BE3-8C29-4E0E0B1C97B3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C20BEEC8-9074-45BD-8300-6C235ED1F65A}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{E2BED903-1DE0-43C6-A594-577FD541F6BA}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://uk.yahoo.com/?fr=mkg029
HKU\S-1-5-21-1473311476-28869768-3281747046-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-1473311476-28869768-3281747046-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
Chrome:
=======
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1473311476-28869768-3281747046-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-18] (Vodafone) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [371712 2010-11-23] (Beceem communications pvt ltd.) [File not signed]
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [59904 2010-11-23] (Beceem communications pvt ltd.) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [18432 2009-04-29] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [686592 2009-06-04] (PixArt Imaging Inc.)
R1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-19] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-07-11] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-12-21] (Synaptics Incorporated)
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Parvdm; no ImagePath
U2 srService; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-31 12:13 - 2016-07-31 12:17 - 00000000 ___DC C:\AVG_Remover
2016-07-26 00:25 - 2016-07-31 12:25 - 00003234 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAdministrator
2016-07-26 00:25 - 2016-07-31 12:25 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForAdministrator.job
2016-07-24 12:31 - 2016-07-24 12:31 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\Zemana
2016-07-24 12:29 - 2016-07-24 12:29 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\Adobe
2016-07-24 12:22 - 2016-07-24 12:22 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\9-lab
2016-07-24 12:21 - 2016-07-24 12:21 - 02626201 _____ C:\Users\Default\Downloads\geek (1).zip
2016-07-24 12:21 - 2016-07-24 12:21 - 02626201 _____ C:\Users\Default User\Downloads\geek (1).zip
2016-07-24 12:00 - 2016-07-24 12:00 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\MFAData
2016-07-24 11:57 - 2016-07-24 12:14 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\AvgSetupLog
2016-07-24 11:56 - 2016-07-24 12:21 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\Geek Uninstaller
2016-07-24 11:56 - 2016-07-24 11:56 - 02626201 _____ C:\Users\Default\Downloads\geek.zip
2016-07-24 11:56 - 2016-07-24 11:56 - 02626201 _____ C:\Users\Default User\Downloads\geek.zip
2016-07-23 09:49 - 2016-07-23 09:49 - 00494961 _____ (glax24 (safezone.cc)) C:\Users\Default\Downloads\SecurityCheck.exe
2016-07-23 09:49 - 2016-07-23 09:49 - 00494961 _____ (glax24 (safezone.cc)) C:\Users\Default User\Downloads\SecurityCheck.exe
2016-07-23 09:49 - 2016-07-23 09:49 - 00000000 ___DC C:\SecurityCheck
2016-07-23 09:40 - 2016-07-23 09:42 - 00032617 _____ C:\Users\Default\Downloads\MTB.txt
2016-07-23 09:40 - 2016-07-23 09:42 - 00032617 _____ C:\Users\Default User\Downloads\MTB.txt
2016-07-23 09:38 - 2016-07-23 09:38 - 00892416 _____ (Farbar) C:\Users\Default\Downloads\MiniToolBox.exe
2016-07-23 09:38 - 2016-07-23 09:38 - 00892416 _____ (Farbar) C:\Users\Default User\Downloads\MiniToolBox.exe
2016-07-23 09:31 - 2016-07-23 09:31 - 00000000 ____D C:\Users\Default\AppData\Local\ESET
2016-07-23 09:31 - 2016-07-23 09:31 - 00000000 ____D C:\Users\Default User\AppData\Local\ESET
2016-07-23 09:30 - 2016-07-23 09:30 - 06759552 _____ (ESET spol. s r.o.) C:\Users\Default\Downloads\esetonlinescanner_enu.exe
2016-07-23 09:30 - 2016-07-23 09:30 - 06759552 _____ (ESET spol. s r.o.) C:\Users\Default User\Downloads\esetonlinescanner_enu.exe
2016-07-23 09:22 - 2016-07-23 09:16 - 00164504 _____ C:\Users\Default\Desktop\MALWARE.xml
2016-07-23 09:22 - 2016-07-23 09:16 - 00164504 _____ C:\Users\Default User\Desktop\MALWARE.xml
2016-07-23 09:18 - 2016-07-23 09:18 - 00062496 _____ C:\Users\Default\Downloads\Malware.txt
2016-07-23 09:18 - 2016-07-23 09:18 - 00062496 _____ C:\Users\Default User\Downloads\Malware.txt
2016-07-23 09:16 - 2016-07-23 09:20 - 00062496 _____ C:\Users\Default\Desktop\Malware.txt
2016-07-23 09:16 - 2016-07-23 09:20 - 00062496 _____ C:\Users\Default User\Desktop\Malware.txt
2016-07-22 23:39 - 2016-07-22 23:40 - 22851472 _____ (Malwarebytes ) C:\Users\Default\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-22 23:39 - 2016-07-22 23:40 - 22851472 _____ (Malwarebytes ) C:\Users\Default User\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-22 00:33 - 2016-07-22 00:33 - 08136664 _____ (Piriform Ltd) C:\Users\Default\Downloads\ccsetup520.exe
2016-07-22 00:33 - 2016-07-22 00:33 - 08136664 _____ (Piriform Ltd) C:\Users\Default User\Downloads\ccsetup520.exe
2016-07-22 00:12 - 2016-07-24 12:34 - 00277879 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-07-22 00:12 - 2016-07-24 12:31 - 02294170 _____ C:\Windows\ZAM.krnl.trace
2016-07-22 00:04 - 2016-07-22 00:04 - 00128358 _____ C:\Users\Default\Desktop\ZHPDiag.txt
2016-07-22 00:04 - 2016-07-22 00:04 - 00128358 _____ C:\Users\Default User\Desktop\ZHPDiag.txt
2016-07-22 00:02 - 2016-07-22 00:02 - 00000512 ____C C:\PhysicalDisk0_MBR.bin
2016-07-21 23:36 - 2016-07-22 00:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\ZHP
2016-07-21 23:36 - 2016-07-22 00:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ZHP
2016-07-21 23:36 - 2016-07-21 23:36 - 00003168 _____ C:\Windows\System32\Tasks\{2E72D406-1B01-44D6-B80C-1894ECD50791}
2016-07-21 22:58 - 2016-07-21 22:58 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-07-21 22:58 - 2016-07-21 22:58 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-07-19 01:10 - 2016-07-24 12:22 - 00000000 ____D C:\Program Files\9-lab
2016-07-19 01:10 - 2016-07-19 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2016-07-19 01:10 - 2016-07-19 01:10 - 00000000 ____D C:\ProgramData\9-lab
2016-07-19 00:21 - 2016-07-19 00:21 - 00013245 ___RC C:\Pre_Scan_19_07_2016_00_21_08.txt
2016-07-17 22:25 - 2016-07-19 00:50 - 00000000 ___DC C:\Pre_Scan
2016-07-17 22:23 - 2016-07-17 22:23 - 00000681 ____C C:\RstHosts.txt
2016-07-17 20:12 - 2016-07-17 20:12 - 00000000 ____D C:\Users\Default\AppData\Local\Apple
2016-07-17 20:12 - 2016-07-17 20:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple
2016-07-16 22:09 - 2016-07-16 22:09 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\LocalLow\Adobe
2016-07-16 02:01 - 2016-06-26 01:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-16 02:01 - 2016-06-26 01:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-16 02:00 - 2016-06-26 01:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-16 02:00 - 2016-06-26 01:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-16 02:00 - 2016-06-26 01:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-16 02:00 - 2016-06-25 20:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-16 02:00 - 2016-06-25 20:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-16 02:00 - 2016-06-25 20:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-16 02:00 - 2016-06-25 20:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-16 02:00 - 2016-06-25 20:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-16 01:59 - 2016-06-11 07:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-16 01:59 - 2016-06-11 05:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-16 01:59 - 2016-06-10 22:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-16 01:59 - 2016-06-10 22:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-16 01:59 - 2016-06-10 22:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-16 01:59 - 2016-06-10 22:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-16 01:59 - 2016-06-10 22:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-16 01:59 - 2016-06-10 22:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-16 01:59 - 2016-06-10 22:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-16 01:59 - 2016-06-10 22:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-16 01:59 - 2016-06-10 22:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-16 01:59 - 2016-06-10 22:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-16 01:59 - 2016-06-10 22:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-16 01:59 - 2016-06-10 22:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-16 01:59 - 2016-06-10 22:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-16 01:59 - 2016-06-10 22:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-16 01:59 - 2016-06-10 22:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-16 01:59 - 2016-06-10 22:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-16 01:59 - 2016-06-10 21:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-16 01:59 - 2016-06-10 21:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-16 01:59 - 2016-06-10 21:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-16 01:59 - 2016-06-10 21:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-16 01:59 - 2016-06-10 21:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-16 01:59 - 2016-06-10 21:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-16 01:59 - 2016-06-10 21:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-16 01:59 - 2016-06-10 21:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-16 01:59 - 2016-06-10 21:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-16 01:59 - 2016-06-10 21:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-16 01:59 - 2016-06-10 21:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-16 01:59 - 2016-06-10 21:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-16 01:59 - 2016-06-10 21:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-16 01:59 - 2016-06-10 21:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-16 01:59 - 2016-06-10 20:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-16 01:59 - 2016-06-10 20:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-16 01:59 - 2016-06-10 20:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-16 01:59 - 2016-06-10 20:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-16 01:59 - 2016-06-10 20:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-16 01:59 - 2016-06-10 19:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-16 01:59 - 2016-06-10 19:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-16 01:59 - 2016-06-10 19:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-16 01:59 - 2016-06-10 19:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-16 01:59 - 2016-06-10 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-16 01:59 - 2016-06-10 19:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-16 01:59 - 2016-06-10 19:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-16 01:59 - 2016-06-10 19:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-16 01:59 - 2016-06-10 19:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-16 01:59 - 2016-06-10 19:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-16 01:59 - 2016-06-10 19:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-16 01:59 - 2016-06-10 19:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-16 01:59 - 2016-06-10 19:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-16 01:59 - 2016-06-10 19:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-16 01:59 - 2016-06-10 19:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-16 01:59 - 2016-06-10 19:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-16 01:59 - 2016-06-10 19:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-16 01:59 - 2016-06-10 19:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-16 01:59 - 2016-06-10 19:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-16 01:59 - 2016-06-10 19:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-16 01:59 - 2016-06-10 19:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-16 01:59 - 2016-06-10 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-16 01:59 - 2016-06-10 19:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-16 01:59 - 2016-06-10 19:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-16 01:59 - 2016-06-10 19:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-16 01:59 - 2016-06-10 18:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-16 01:59 - 2016-06-10 18:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-16 01:59 - 2016-06-10 18:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-16 01:59 - 2016-06-10 18:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-16 01:53 - 2016-06-14 16:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-13 21:42 - 2016-07-17 22:13 - 00074376 ____C C:\AdsFix_17_07_2016_22_13_18.txt
2016-07-13 21:32 - 2016-07-17 22:13 - 00000000 ___DC C:\AdsFix
2016-07-12 00:20 - 2016-07-24 21:09 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSYSTEM
2016-07-11 21:36 - 2016-07-11 21:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Hewlett-Packard
2016-07-11 21:36 - 2016-07-11 21:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Hewlett-Packard
2016-07-10 22:48 - 2016-07-10 23:09 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\Hewlett-Packard
2016-07-10 20:12 - 2016-07-10 20:12 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\Apple
2016-07-10 18:06 - 2016-07-10 18:06 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\{92303E00-9A1F-4337-9903-D8CC233AE33F}
2016-07-10 17:40 - 2016-07-10 17:40 - 00003132 _____ C:\Users\TEMP.Pauls-PC\Downloads\download.htm
2016-07-10 15:37 - 2016-07-10 15:37 - 00000000 ___DC C:\$GetCurrent
2016-07-10 15:36 - 2016-07-23 09:26 - 00000682 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-07-10 15:35 - 2016-07-10 15:36 - 00000000 ___DC C:\Windows10Upgrade
2016-07-10 14:08 - 2016-07-10 14:08 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\{975974D9-BBBB-415F-829A-169E15D7CA24}
2016-07-10 14:00 - 2016-07-10 14:00 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\{36A9E22A-684B-4B2F-8BFF-BD945236F848}
2016-07-10 13:20 - 2016-07-10 13:20 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\{29DA7177-F280-4EC4-913A-D0EC4EBA4353}
2016-07-10 10:35 - 2016-07-10 10:35 - 00117504 _____ C:\Users\TEMP.Pauls-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-09 20:22 - 2016-07-09 20:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2016-07-09 20:22 - 2016-07-09 20:22 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2016-07-09 20:22 - 2016-07-09 20:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2016-07-09 20:22 - 2016-07-09 20:22 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2016-07-08 23:43 - 2016-07-24 21:36 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForSYSTEM.job
2016-07-08 21:33 - 2016-07-08 21:36 - 00000000 ____D C:\Windows\system32\%appdata%
2016-07-06 21:02 - 2016-07-06 21:02 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2016-07-06 21:02 - 2016-07-06 21:02 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2016-07-06 09:29 - 2016-07-06 09:29 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\GWX
2016-07-05 23:28 - 2016-07-05 23:28 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\AVG
2016-07-05 02:27 - 2016-07-10 13:16 - 00000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
2016-07-05 01:31 - 2016-07-24 12:12 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\Apple Computer
2016-07-05 01:31 - 2016-07-05 01:31 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\Apple Computer
2016-07-05 01:26 - 2016-07-24 12:21 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\CrashDumps
2016-07-05 00:56 - 2016-07-05 00:57 - 07557585 _____ C:\Users\Default\Downloads\Attachments_201675.zip
2016-07-05 00:56 - 2016-07-05 00:57 - 07557585 _____ C:\Users\Default User\Downloads\Attachments_201675.zip
2016-07-04 22:56 - 2016-07-24 12:35 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\Avg
2016-07-04 22:56 - 2016-07-24 12:29 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\Google
2016-07-04 20:58 - 2016-07-04 20:58 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\Hewlett-Packard
2016-07-04 20:47 - 2016-07-05 00:55 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-07-04 20:47 - 2016-07-05 00:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-07-04 20:47 - 2013-07-31 16:27 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\TuneUp Software
2016-07-04 20:47 - 2011-09-27 08:16 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\Trusteer
2016-07-04 20:47 - 2011-05-23 07:24 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\Trusteer
2016-07-04 20:47 - 2010-08-06 19:03 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\Macromedia
2016-07-04 20:47 - 2010-08-06 10:34 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Local\Microsoft Help
2016-07-04 20:47 - 2010-08-06 04:16 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\Media Center Programs
2016-07-04 20:47 - 2010-08-06 03:36 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2016-07-04 20:47 - 2009-08-14 20:47 - 00000000 ____D C:\Users\TEMP.Pauls-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2016-07-02 21:33 - 2016-07-02 21:35 - 06995720 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup519.exe
2016-07-02 18:54 - 2016-07-02 18:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\iFunbox_UserCache
2016-07-02 18:49 - 2016-07-02 18:52 - 22748388 _____ (iFunbox DevTeam ) C:\Users\Administrator\Downloads\ifunbox_setup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-31 12:19 - 2009-07-14 05:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-31 12:19 - 2009-07-14 05:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-31 12:17 - 2012-04-22 06:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-31 12:16 - 2015-01-03 03:32 - 00000000 ___DC C:\FRST
2016-07-31 11:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-26 14:24 - 2010-08-06 15:59 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-26 00:14 - 2010-08-05 22:35 - 00000537 _____ C:\ProgramData\HPWALog.txt
2016-07-25 23:30 - 2010-08-06 03:33 - 00000292 _____ C:\ProgramData\hpqp.ini
2016-07-24 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-07-24 12:35 - 2016-06-14 22:00 - 00000000 ____D C:\Users\TEMP\AppData\Local\Avg
2016-07-24 12:35 - 2015-05-21 10:33 - 00000000 ____D C:\Users\Paul\AppData\Local\Avg
2016-07-24 12:35 - 2013-07-27 00:27 - 00000000 ____D C:\Program Files (x86)\AVG
2016-07-24 12:35 - 2013-07-27 00:18 - 00000000 ____D C:\ProgramData\MFAData
2016-07-24 12:30 - 2010-08-06 09:50 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-24 12:27 - 2013-09-13 00:57 - 00000000 ____D C:\ProgramData\AVG
2016-07-23 09:26 - 2015-11-02 22:27 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-23 09:26 - 2014-01-27 20:04 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-23 09:26 - 2010-10-26 19:34 - 00001322 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-07-23 09:26 - 2010-10-26 19:34 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-07-23 09:26 - 2010-10-26 19:33 - 00002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-07-23 09:26 - 2010-10-26 19:33 - 00001406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-07-23 09:26 - 2010-08-13 00:49 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk
2016-07-23 09:26 - 2010-08-06 03:33 - 00001931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
2016-07-23 09:26 - 2010-08-06 03:21 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-23 09:26 - 2010-08-06 03:21 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-23 09:26 - 2010-08-05 22:29 - 00002052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visit eBay.co.uk.lnk
2016-07-23 09:26 - 2009-08-14 20:13 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2016-07-23 09:26 - 2009-08-14 20:12 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2016-07-23 09:26 - 2009-07-14 05:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-23 09:26 - 2009-07-14 05:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-07-23 09:26 - 2009-07-14 05:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-23 09:26 - 2009-07-14 05:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-23 09:26 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-23 09:25 - 2016-06-12 21:46 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-07-23 09:25 - 2015-12-27 16:45 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2016-07-23 09:25 - 2015-11-02 22:27 - 00002001 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-07-23 09:25 - 2012-07-19 19:16 - 00002053 _____ C:\Users\Public\Desktop\3Connect.lnk
2016-07-23 09:25 - 2012-04-05 22:08 - 00000967 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-23 09:24 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-23 09:24 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-22 23:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-07-22 00:25 - 2016-06-14 21:40 - 00000000 ____D C:\Windows\system32\%LocalAppData%
2016-07-21 22:49 - 2013-12-21 02:55 - 00000000 ____D C:\ProgramData\IObit
2016-07-21 22:11 - 2014-12-30 03:05 - 00000000 ___DC C:\AdwCleaner
2016-07-19 01:11 - 2016-01-14 12:46 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-19 01:00 - 2013-08-11 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-07-16 22:12 - 2010-08-06 09:55 - 00000000 ___RD C:\Users\Paul\Documents\Scanned Documents
2016-07-16 22:05 - 2013-11-29 09:34 - 00791792 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-16 11:34 - 2015-12-27 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-07-16 11:34 - 2010-12-23 18:57 - 00000000 ____D C:\ProgramData\Skype
2016-07-16 09:50 - 2009-07-14 05:45 - 00436376 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-16 05:15 - 2013-07-11 16:00 - 00000000 ____D C:\Windows\system32\MRT
2016-07-16 03:55 - 2010-08-07 00:50 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-15 23:14 - 2016-06-16 21:55 - 00000000 ____D C:\Users\PauleyBaby\AppData\Local\Avg
2016-07-14 22:20 - 2012-04-22 06:50 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 22:20 - 2012-04-22 06:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 22:20 - 2011-07-02 10:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 22:19 - 2011-11-18 10:30 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-14 22:19 - 2009-08-14 20:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 21:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Web
2016-07-13 06:22 - 2009-08-14 22:05 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-07-13 06:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-07-11 14:01 - 2015-06-05 08:24 - 00215560 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-07-11 14:01 - 2010-12-23 18:52 - 00470056 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-07-10 17:42 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-10 16:22 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-10 16:12 - 2015-05-09 03:00 - 00001280 _____ C:\Users\Paul\Desktop\Amazon Music.lnk
2016-07-04 01:30 - 2016-06-18 11:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-07-02 21:41 - 2012-06-29 23:09 - 00002818 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
==================== Files in the root of some directories =======
2011-06-26 15:43 - 2011-06-26 15:43 - 0001854 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\GhostObjGAFix.xml
2009-08-28 14:16 - 2009-08-28 14:16 - 0130238 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-08-06 03:33 - 2016-07-25 23:30 - 0000292 _____ () C:\ProgramData\hpqp.ini
2010-08-13 00:39 - 2016-06-28 01:54 - 0000021 _____ () C:\ProgramData\hpqp.txt
2010-08-05 22:35 - 2016-07-26 00:14 - 0000537 _____ () C:\ProgramData\HPWALog.txt
2011-06-26 10:29 - 2011-06-26 10:29 - 0000268 ____R () C:\ProgramData\Synth Pads
2011-06-26 10:32 - 2011-06-26 10:32 - 0000268 ____R () C:\ProgramData\System Image Utility
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avguirn_081956712100.exe
C:\Users\Paul\AppData\Local\Temp\avguirn_081227554289.exe
C:\Users\Paul\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TEMP.Pauls-PC\AppData\Local\Temp\geek_x64.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-30 02:12
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Administrator (2016-07-31 12:52:20)
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) (2010-08-05 21:26:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1473311476-28869768-3281747046-500 - Administrator - Enabled) => C:\Users\TEMP.Pauls-PC
Guest (S-1-5-21-1473311476-28869768-3281747046-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1473311476-28869768-3281747046-1004 - Limited - Enabled)
Paul (S-1-5-21-1473311476-28869768-3281747046-1000 - Administrator - Enabled) => C:\Users\TEMP
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3Connect (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.1.528 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.3 - Nikon)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - )
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
Legalsounds Download Manager (HKLM-x32\...\LegalsoundsDownloadManager) (Version: 1.4.5 - LegalMedia)
Legalsounds Download Manager (x32 Version: 1.4.5 - LegalMedia) Hidden
LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.2 - Nikon)
PC Camer@ (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Aecotech)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (Version: 3.5.1205.15 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1609.76 - Trusteer) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.1 - Nikon)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vodafone Mobile Connect Lite (HKLM-x32\...\{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}) (Version: 9.4.4.17702 - Vodafone)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00EF7D9D-5DA8-4DE3-8C6E-441D00B7A4C0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {10D74B69-FDE7-4A05-80B4-5B6BBAE81A9B} - System32\Tasks\{25E8B112-BAD2-418A-B87C-B4C4436B2539} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {19530C71-ACC3-44C0-8BBE-ACD0D07E1BF0} - System32\Tasks\HPCeeScheduleForAdministrator => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {250DCCB9-D821-4068-BBE8-101B5B80A972} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {2954D91E-692C-49E0-A105-81624F665B68} - System32\Tasks\{0716BF4A-2692-424D-AC22-1B9247348755} => Chrome.exe hxxp://ui.skype.com/ui/0/7.14.0.106/en/go/help.faq.installer?LastError=1618
Task: {2A090908-3F2A-4A7D-87C8-5FC1FFC9AC14} - System32\Tasks\{D13BE4E8-8B32-47AF-BD5D-07D88CBF6E28} => pcalua.exe -a "C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AW2AL8K\AmazonMP3DownloaderInstall.exe" -d C:\Users\Paul\Desktop
Task: {2C94DB80-93DC-43C5-8CCC-57F24239E90A} - System32\Tasks\{53498204-FB8D-47FA-90EF-D6E62D54A8C6} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {2D4FE287-3A01-45BD-9E94-C50BF917318F} - System32\Tasks\{257BD119-4F4C-4FE3-9AE8-333C41EEAC9C} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {42EAAEEF-490F-4247-80FD-C9D3C07A709F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1473311476-28869768-3281747046-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {46F8AE9E-9431-4836-AFDF-9A9B2339C589} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {4743CA9F-0E57-4E74-9258-0C652D4D52FE} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {53108277-0C72-4B3F-99EA-C76D1525E3A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {5409B240-03AC-4B44-A903-51C0BC4B10CE} - System32\Tasks\{21014F32-E16D-4F00-9B37-F9804BE974C5} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {57601845-89CB-4638-8CC9-B3D770DE2730} - System32\Tasks\{BDC5FBB3-9E36-41B8-8E00-24FA8F7F49AF} => Chrome.exe
Task: {63B44D2F-6810-4909-A9B2-860F30CB1CC2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1473311476-28869768-3281747046-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6590F098-1AC4-4F88-9920-C6FA1F68ADAC} - System32\Tasks\{8E187B87-D7C1-4EDF-B45A-E001B174DCE4} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {6A9A74E1-7403-471F-86B1-68AA97FC2758} - System32\Tasks\{B7F70646-2A67-43F9-A8DF-66DF3D843335} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {7319D4B4-4622-4AFF-8A08-DE342868F58B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {7618C998-1490-40A2-893A-931F76ED5D17} - System32\Tasks\{E0DB434F-49D5-455D-A055-7BE88AF50AD5} => Chrome.exe
Task: {80CF8248-8C74-4743-8873-9CDB8ADE2757} - System32\Tasks\{3C80FB2E-244D-4EF4-9D0B-C042878BF22F} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {8B1EACAF-5FDA-4EDE-801A-983EC93A3D60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {8D09E150-3919-4C30-B980-535665794D53} - System32\Tasks\{030C0DA4-B24B-4A81-B6FE-E7EE4DE47ACD} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {922924AC-D579-4E1D-BED0-15655D2D26A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {93DB28CF-747D-4A46-9EF1-D81E8E37F50B} - System32\Tasks\{8ADB6663-CBBA-4CED-BFEA-FD0696B8EB04} => C:\Users\Paul\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {9777A625-F104-407E-9206-32F390279522} - System32\Tasks\{DC304BB5-8983-48E9-BCFE-C3918A316D96} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {97A46A20-3419-450C-9367-25CC3D8CB1F4} - System32\Tasks\{37A125E1-0A4B-48F9-AD09-DC086C8FB052} => Chrome.exe
Task: {B244A375-7E02-47C1-B91C-382D0BB51A85} - System32\Tasks\{D8AFFD11-473F-4E20-B69A-CA096A9DE00D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -c -remove -removeonly
Task: {B3A0EA9D-7FAC-4929-B4C6-C5B4DF745D85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {B6C14E83-CD96-4EBA-9AEA-BC54CD78902E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {C2F1EF36-3EFD-4BE8-AA33-9501F6CFD843} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {C5B6D97F-1C53-4431-A253-DEE678FC7F4C} - System32\Tasks\{4AB93A81-835B-4808-BBEB-43A5A1F044D7} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {C7B07D10-E785-4B19-937E-0393A89C4A2F} - System32\Tasks\{2E72D406-1B01-44D6-B80C-1894ECD50791} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag"
Task: {CA64EA08-961C-4A70-9113-A7CBA3F696F6} - System32\Tasks\HPCeeScheduleForSYSTEM => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D9FD1A34-44DC-4D95-98B1-B46459098EBB} - System32\Tasks\{14F9EA4B-81A6-4B40-904B-19C876D804F1} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {DBF3C574-1854-4116-B2D3-ED8986CE0018} - System32\Tasks\{7989E6D4-1E06-41DC-A9FF-217EB2FBFCB4} => Chrome.exe
Task: {DC8408A9-BEF7-44DA-966A-108B8D2616F6} - System32\Tasks\{8E8F048D-87DC-4B8D-B7D4-ED6977452CE7} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {E37C14D5-2D02-45A7-9932-F82198A4982A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {F83C495A-AD4F-4FDA-8C69-219D55FE5412} - System32\Tasks\{717167F8-5850-48FF-B8B4-453453F19E3D} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
Task: {F99603F2-D3FA-4DF9-9088-117396915F41} - System32\Tasks\{917FFCEA-A335-4F42-AE5F-4B922E12294B} => Chrome.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAdministrator.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSYSTEM.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-03-18 15:56 - 2016-03-18 15:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-21 18:07 - 2016-04-21 18:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-19 19:16 - 2011-03-23 16:32 - 01740696 _____ () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
2013-07-16 17:50 - 2012-06-28 07:19 - 00233344 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2009-08-14 21:16 - 2009-01-21 19:47 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Paul\Documents\Sussex.jpg:3or4kl4x13tuuug3Byamue2s4b [97]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-07-22 00:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1473311476-28869768-3281747046-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{03A31F49-2E96-4307-B584-0387BD126947}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{37F51399-BE68-44FE-AC3D-9ACD3FB8E948}] => (Allow) svchost.exe
FirewallRules: [{085AD488-486F-45D5-9836-C0E4B1EA1B05}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{6D4662E4-C7D8-4BFD-B337-194104976FF6}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{42FFA563-29ED-432A-A6A9-5A54BD3F0963}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{16C1842C-E85F-434F-9AA7-CF707069F1F6}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B8FECAEF-1EE1-4817-A24D-C0386CBA7E09}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C75AE623-1198-44C1-AF32-42BB522AFBD7}] => (Allow) LPort=2869
FirewallRules: [{DE192729-CBFB-4D2E-B42C-0872957795B1}] => (Allow) LPort=1900
FirewallRules: [{3ACE76EF-656B-4250-84BA-ED72445B8263}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{891E49D1-DDE5-4FBF-B602-0F34BA6FD95F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBDBF59A-990D-419E-97D9-3A8B8E762313}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{065EEE13-78E9-4A46-B673-A9EC0BF667D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5C91CBF-2AEA-4F9B-B547-735E686FF633}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7AF68843-09DF-4E43-9405-E5E4425BEADE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{620441E4-909D-4566-AF37-66D61E22F9DE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3EC2D17A-FF0F-4E6F-B316-3368041EACC7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{38167A64-B847-45C1-80CB-706E81E520A2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3.exe] => (Allow) C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3.exe] => (Allow) C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (1).exe] => (Allow) C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (1).exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (1).exe] => (Allow) C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (1).exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (2).exe] => (Allow) C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (2).exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (2).exe] => (Allow) C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (2).exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (3).exe] => (Allow) C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (3).exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (3).exe] => (Allow) C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (3).exe
StandardProfile\AuthorizedApplications: [C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3.exe] => Enabled:adsfix_3_01.07.2016.3
StandardProfile\AuthorizedApplications: [C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (1).exe] => Enabled:adsfix_3_01.07.2016.3 (1)
StandardProfile\AuthorizedApplications: [C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (2).exe] => Enabled:adsfix_3_01.07.2016.3 (2)
StandardProfile\AuthorizedApplications: [C:\Windows\SysWOW64\config\systemprofile\Downloads\adsfix_3_01.07.2016.3 (3).exe] => Enabled:adsfix_3_01.07.2016.3 (3)
StandardProfile\AuthorizedApplications: [C:\Windows\SysWOW64\config\systemprofile\Downloads\pre-scan_6_29.06.2016.1.exe] => Enabled:pre-scan_6_29.06.2016.1
==================== Restore Points =========================
24-07-2016 21:16:56 Removed Feedback Tool
24-07-2016 21:29:19 Windows Update
30-07-2016 01:54:07 Windows Update
==================== Faulty Device Manager Devices =============
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2016 12:43:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18377 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e70
Start Time: 01d1eb1f3e0ddd6a
Termination Time: 436
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (07/31/2016 11:54:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20264
Error: (07/31/2016 11:54:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20264
Error: (07/31/2016 11:54:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2016 11:38:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Pauls-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Access is denied.
Error: (07/31/2016 11:38:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Pauls-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Access is denied.
Error: (07/31/2016 11:37:20 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
Error: (07/30/2016 01:54:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1473311476-28869768-3281747046-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {096fe530-819b-4214-b76f-77b26f137cfd}
Error: (07/30/2016 01:23:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Pauls-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Access is denied.
Error: (07/30/2016 01:23:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Pauls-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Access is denied.
System errors:
=============
Error: (07/31/2016 11:37:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd
Error: (07/31/2016 11:36:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:41:34 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (07/30/2016 01:23:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd
Error: (07/30/2016 01:23:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/26/2016 12:33:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapportMgmtService service.
Error: (07/25/2016 11:43:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
Error: (07/25/2016 11:43:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
Error: (07/25/2016 11:30:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd
Error: (07/25/2016 11:29:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================
Date: 2015-02-07 15:59:23.062
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-07 15:59:22.594
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 50%
Total physical RAM: 3998.93 MB
Available physical RAM: 1965.46 MB
Total Virtual: 7996.04 MB
Available Virtual: 5656.56 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:285.3 GB) (Free:2.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.59 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Removable) (Total:499.98 GB) (Free:494.42 GB) exFAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: DF91873D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 500 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================

I will now attempt to run it in Advanced Boot Mode.

Edited by Oh My!, 01 August 2016 - 04:09 PM.


#7 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 31 July 2016 - 08:03 AM

I have tried to run the FRST Tool in Safe Mode, but after I do this:

 

  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.

The tool will NOT start to run.  All I get is an illegible text generated by FRST.



#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,737 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:33 AM

Posted 31 July 2016 - 03:55 PM

I have tried to run the FRST Tool in Safe Mode, but after I do this:

  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
The tool will NOT start to run.  All I get is an illegible text generated by FRST.


I couldn't get back here in time to tell you that running in in safe mode won't be necessary. What you posted is great. I will need a day or so to go through it, however. If you could, can you post the FRST log full of gibberish as an attachment?
To err is Human. To blame it on someone else is even more Human.

#9 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 31 July 2016 - 04:43 PM

I've attached the gibberish text . . .

 

I think the problem lies with the AVG Antivirus.  I must have downloaded a virus along with that program because the same stuff with the hardware started happening on my new computer.  Luckily I caught the problem before it took off but still needed to reinstall a Windows 10 all over again.  Do AVG know what's going on?

Attached Files



#10 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,737 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:33 AM

Posted 02 August 2016 - 08:31 AM

I'm back. After going over your logs I must admit I don't see any evidence of any malware. And I'm inclined to agree with you that AVG might have been the source of your problems.

:step1:

We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

Visual Studio 2010 x64 Redistributables(Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)



Additional instructions can be found here if needed.

:step2:
We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    (( ))
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
:step3:

Your C Drive is filled to the brim. Windows works best if there is at least 10% to 15% free space on the C drive. I noticed you have a nearly empty External Drive, so you may want to consider moving files onto that external drive, and try to reach that 10% to 15% range. One more thing, is that C drive a Solid State Drive, or a mechanical one?

So for your next reply please post the contents of fixlog.txt, and a report on how your computer is running.
To err is Human. To blame it on someone else is even more Human.

#11 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,737 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:33 AM

Posted 05 August 2016 - 05:35 AM

Do you still need help with this?
To err is Human. To blame it on someone else is even more Human.

#12 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 05 August 2016 - 05:39 AM

Do you still need help with this?

 

Yes, very much so.  Sorry, but been so busy with work.  Will be off this weekend, so will sort it out tomorrow.  Thanks for your patience . . . your assistance is greatly appreciated.



#13 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,737 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:09:33 AM

Posted 05 August 2016 - 05:50 AM

Do you still need help with this?

 
Yes, very much so.  Sorry, but been so busy with work.  Will be off this weekend, so will sort it out tomorrow.  Thanks for your patience . . . your assistance is greatly appreciated.


OK, I understand.
To err is Human. To blame it on someone else is even more Human.

#14 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 05 August 2016 - 05:06 PM

I uninstalled the 3 AVG links in Control Panel and then ran a scan using FRST,  The results are attached.  I've also attached the Fixlog too.  Finally, I'll take your advice and move some of the stuff from the C:Disk.

 

Attached Files



#15 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 05 August 2016 - 05:29 PM

I also wanted to say that I'm only running Windows Defender.  Should I download some better protection?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users