Phillyt

IUKB ERROR IDIOT USING KEYBORD IBM I BLAME MICROSOFT IDIOTS BUY ME IDIOTS BUILDING MACHINES I'LL BUY MACINTOSHES IT BIT ME IT BUILT MICROSOFT IT'S BETTER MANUALLY I'VE BEEN MISLED I'VE BEEN MUGGED WINDOWS WELL IT NEVER DOES OPERATE WITH SPEED WHEN I NEED DATA OUTPUT WITHOUT SPEED WHILE IDLE,NEEDS DX OR WORKSTATION WILL INSATLL NEEDLESS DATA ON WHOLE SYSTEM WIN WHOPPINGLY IMMENSE NOP WORN INFESTATION NETWARE MS-WINDOWS NT/WIDOWS NT MY SOLITAIRE WITH ITS NEW DE ACCELERATOR,ONLY WITH SOME NETWORK TECHNOLOGY WELL INTENDED NETWORK DE ACCELERATOR,ONLY WORKS SOMETIMES NEVER TOTALL WINDOWS (AS A ) NETWORK TROJAN DIFFERENT OPERATING SYSTEM EXPECTIONS MACINTOSH:WHAT YOU SEE IS WHAT YOU GET MS-DOS:YOU ASKED FOR IT YOU GOT IT UNIX:IFUH2SK UDNTWNT2KNO VMS:YOU GOT IT,ALL OF IT,WANT IT OR NOT RANDOM ABBREVIATIONS FOR MANY COMPUTER COMPANIES APPLE: ARROGANCE PRODUCES PROFIT-LOSING ENTITY DEC: DUMP EVERYTHING AND CLOSE DEC: DO EXPECT CUTS HCL: HILARIOUS COMPUTER LOGIC HP: HOT PURSUIT IBM: I BLAME MICROSOFT MAC: MOST ABSURD COMPUTER MACINTOSH: Most Applications Crash; If Not, The Operating System Hangs MACINTOSH: MOST APPLICATIONS CRASH;IF NOT THE OPERATING SYSTEM HANGS MICROSOFT: MOST INTELLIGENT CUSTOMERS REALIZE OUR SOFTWARE ONLY FOOLS TEENAGERS NEXT: NOW EXCHANGE FOR TEARS OS/2 OBSOLETE SOON TOO WARP: WHAT A RAT PROGRAM ACRONYMS FOR OTHER COMPUTER TERMS AMIGA: A MERELY INSIGNIFICANT GAME ADDICTION B BASIC: BILLS ATTEMPT TO SEIZE INDUSTRY CONTROL CD-ROM: CUSTOMER DIVICE,RENDERED OBSOLETE IN MONTHS COBOL: COMPLETELY OBSOLETE BUSINESS ORIENTED LANGUAGE DOS: DEFECTIVE OPERATING SYSTEM I ISDN: IT STILL DOES NOTHING LISP: LOTS OF INFURITIATING AND SILLY PARENTHESIS MIPS:|MEANINGLESS INDICATION OF PROCESSOR SPEED PCMCIA: PEOPLE CAN'T MEMORIZE COMPUTER INDUSTRY ACRONYMS PENTIUM: PRODUCES ERRONEOUS NUMBERS THROUGH INCORRECT UNDERSTANDING OF MATHMATICS SCSI: SYSTEM CAN'T SEE IT WWW: WORLD WIDE WAIT

There was once a young man who, in his youth, professed his desire become a great writer. When asked to define "great" he said, "I want to write stuff that the whole world will read, stuff that people will react to on a truly emotional level, stuff that will make them scream, cry, howl in pain and anger!" He now works for Microsoft, writing error messages

Thanks for all you have suggested but I think I'll just junk this machine out n get a new one..I can't keep loading all these files since when I got the machine it was used

RogueKiller V9.2.13.0 (x64) [sep 25 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : PhillyT65 [Admin rights] Mode : Scan -- Date : 10/01/2014 12:50:42 ¤¤¤ Bad processes : 2 ¤¤¤ [suspicious.Path] CurseClient.exe -- C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe[-] -> KILLED [TermProc] [suspicious.Path] (SVC) scores -- C:\Windows\score.exe[-] -> STOPPED ¤¤¤ Registry Entries : 22 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\scores (C:\Windows\score.exe) -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\scores (C:\Windows\score.exe) -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\scores (C:\Windows\score.exe) -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8} | NameServer : 81.218.119.15,199.203.35.75 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8} | NameServer : 81.218.119.15,199.203.35.75 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8} | NameServer : 81.218.119.15,199.203.35.75 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://myyahoo.com/ -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://myyahoo.com/ -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [suspicious.Path] \\YourFileDownloader Installer Starter -- C:\Users\PHILLY~1\AppData\Local\Temp\YourFileDownloaderaN37b7xtHB.exe (-startup) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤ [EAT:Addr] (explorer.exe) msi.dll - DllCanUnloadNow : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1b8e4 [EAT:Addr] (explorer.exe) msi.dll - DllGetClassObject : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1b91c [EAT:Addr] (explorer.exe) msi.dll - DllRegisterServer : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1ba4c [EAT:Addr] (explorer.exe) msi.dll - DllUnregisterServer : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1bb1c ¤¤¤ Web browsers : 0 ¤¤¤ ¤

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 Ran by PhillyT65 (administrator) on VIGGILANTE on 01-10-2014 12:35:14 Running from C:\Users\PhillyT65\Downloads Loaded Profile: PhillyT65 (Available profiles: PhillyT65 & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe () C:\Windows\score.exe (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation) C:\Windows\System32\snmp.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Curse) C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\PhillyT65\Downloads\FSS.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Farbar) C:\Users\PhillyT65\Downloads\FSS.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Farbar) C:\Users\PhillyT65\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard) HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\Run: [skyDrive] => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation) HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64" HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64" HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" Startup: C:\Users\PhillyT65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myyahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE10ENUS/WOL_WCP URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM - {B42D1374-3E73-422B-B53E-54740E2EBFB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - {B42D1374-3E73-422B-B53E-54740E2EBFB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - DefaultScope {B04FC860-8BC8-40F1-BD12-3B0EFC986F91} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKCU - {B04FC860-8BC8-40F1-BD12-3B0EFC986F91} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 SearchScopes: HKCU - {B42D1374-3E73-422B-B53E-54740E2EBFB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 15 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 15 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Tcpip\..\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8}: [NameServer] 81.218.119.15,199.203.35.75 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PhillyT65\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR DefaultSearchURL: Default -> https://us-mg5.mail.yahoo.com/neo/launch?action=compose&To=%s CHR Profile: C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-13] CHR Extension: (Google Drive) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-13] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (YouTube) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-13] CHR Extension: (Google Search) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-24] CHR Extension: (Google Wallet) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-13] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc) R2 scores; C:\Windows\score.exe [4834816 2014-09-25] () [File not signed] R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation) R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider) S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed] S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed] R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe) R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) R1 MpKslc9d125c2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85280ACD-A8A1-4077-A4FA-93FF4B07333C}\MpKslc9d125c2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 12:34 - 2014-10-01 12:34 - 01100288 _____ (Farbar) C:\Users\PhillyT65\Downloads\FRST.exe 2014-10-01 12:29 - 2014-10-01 12:30 - 00001144 _____ () C:\Users\PhillyT65\Downloads\FSS.txt 2014-10-01 12:28 - 2014-10-01 12:28 - 00415232 _____ (Farbar) C:\Users\PhillyT65\Downloads\FSS.exe 2014-10-01 12:23 - 2014-10-01 12:23 - 02108928 _____ (Farbar) C:\Users\PhillyT65\Downloads\FRST64 (1).exe 2014-10-01 11:55 - 2014-10-01 11:56 - 00036596 _____ () C:\Users\PhillyT65\Downloads\Addition.txt 2014-10-01 11:54 - 2014-10-01 12:35 - 00020696 _____ () C:\Users\PhillyT65\Downloads\FRST.txt 2014-10-01 11:54 - 2014-10-01 12:35 - 00000000 ____D () C:\FRST 2014-10-01 11:53 - 2014-10-01 11:53 - 02108928 _____ (Farbar) C:\Users\PhillyT65\Downloads\FRST64.exe 2014-10-01 03:55 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 03:55 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-29 19:27 - 2014-10-01 05:52 - 00000112 _____ () C:\Windows\setupact.log 2014-09-29 19:27 - 2014-09-29 19:27 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-26 08:00 - 2014-09-26 23:09 - 00000097 _____ () C:\Users\PhillyT65\AppData\Roaming\LauncherSettings_live.cfg 2014-09-26 07:58 - 2014-09-26 07:58 - 00000039 _____ () C:\Users\PhillyT65\AppData\Roaming\TheHunterSettings_steam_live.cfg 2014-09-26 07:58 - 2014-09-26 07:58 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\theHunter 2014-09-26 07:58 - 2014-09-26 07:58 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\theHunter 2014-09-26 07:56 - 2014-09-26 07:56 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\theHunterSteam 2014-09-26 07:56 - 2014-09-26 07:56 - 00000000 ____D () C:\ProgramData\Hunter 2014-09-25 15:12 - 2014-10-01 02:01 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-25 15:11 - 2014-09-01 13:28 - 00350768 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect64.dll 2014-09-25 15:11 - 2014-09-01 13:28 - 00304776 _____ (MyOSCompany) C:\Windows\SysWOW64\MyOSProtect.dll 2014-09-25 15:10 - 2014-09-26 04:56 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\VOPackage 2014-09-25 15:10 - 2014-09-26 02:15 - 00004038 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\fastplayer 2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\com 2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPlayer 2014-09-25 15:09 - 2014-09-25 10:57 - 04834816 _____ () C:\Windows\score.exe 2014-09-24 00:08 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 00:08 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-19 23:12 - 2014-09-19 23:12 - 00000219 _____ () C:\Users\PhillyT65\Desktop\Left 4 Dead 2.url 2014-09-12 21:11 - 2014-09-12 21:11 - 00000184 _____ () C:\Users\PhillyT65\Downloads\eula.txt 2014-09-12 21:11 - 2014-09-12 21:11 - 00000061 _____ () C:\Users\PhillyT65\Downloads\server.properties 2014-09-12 21:10 - 2014-09-12 21:11 - 10769744 _____ () C:\Users\PhillyT65\Downloads\minecraft_server.1.8.exe 2014-09-10 04:02 - 2014-09-10 04:02 - 00411056 _____ () C:\Users\PhillyT65\Downloads\setup (1).exe 2014-09-10 03:15 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 03:15 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 03:15 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 03:15 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 03:15 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 03:15 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 03:15 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 03:15 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 03:15 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 03:15 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 03:15 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 03:15 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 03:15 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 03:15 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 03:15 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 03:15 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 03:15 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 03:15 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 03:15 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 03:15 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 03:15 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 03:15 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 03:15 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 03:15 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 03:15 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 03:15 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 03:15 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-10 03:15 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 03:15 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 03:15 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 03:15 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 03:15 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 03:15 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 03:15 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 03:15 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 03:15 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 03:15 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 03:15 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 03:15 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 03:15 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 03:15 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 03:15 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 03:15 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 03:15 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 03:15 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 03:15 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 03:15 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 03:15 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 03:15 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 03:15 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 03:15 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-10 03:15 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 03:15 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 03:15 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 03:15 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 03:15 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 03:02 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 03:02 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 01:31 - 2014-09-23 15:31 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-09 16:42 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-09 16:42 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-09 16:41 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-09 16:41 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 16:40 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-09 16:40 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-09 16:40 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-09 16:40 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-09 16:40 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-09 16:40 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-09 16:40 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-08 06:00 - 2014-09-30 06:37 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Adobe 2014-09-06 13:10 - 2014-09-06 13:10 - 00857696 _____ ( ) C:\Users\PhillyT65\Downloads\Adobe_Flash_Setup.exe 2014-09-05 16:52 - 2014-09-05 16:52 - 00000000 ____D () C:\Users\PhillyT65\Downloads\LOIC-master 2014-09-05 13:07 - 2014-09-05 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-09-05 13:07 - 2014-09-05 13:07 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-09-05 13:07 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2014-09-03 19:54 - 2014-09-03 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA 2014-09-03 19:51 - 2014-09-03 19:51 - 00000222 _____ () C:\Users\PhillyT65\Desktop\Terraria.url 2014-09-03 18:23 - 2014-09-03 18:24 - 07688351 _____ () C:\Users\PhillyT65\Desktop\INTRO!!!!!.mp4 2014-09-03 18:18 - 2014-09-03 18:18 - 00000076 _____ () C:\Users\PhillyT65\Downloads\INTRO!!!!!.mxf.sfl 2014-09-03 18:17 - 2014-09-03 18:18 - 20100156 _____ () C:\Users\PhillyT65\Downloads\INTRO!!!!!.mxf 2014-09-01 12:28 - 2014-09-01 12:31 - 00372200 _____ () C:\Users\PhillyT65\Downloads\lavender town - solkrieg's dream eater dubstep remix.mp3.sfk 2014-09-01 12:27 - 2014-09-10 04:01 - 00003212 _____ () C:\Windows\System32\Tasks\YourFileDownloader Installer Starter ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 12:19 - 2013-12-24 09:41 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-01 12:16 - 2013-01-07 17:43 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Deployment 2014-10-01 12:05 - 2013-01-07 16:33 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{553BECE3-7405-4C06-8481-01D3ECC7CBCD} 2014-10-01 11:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-01 11:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-01 11:17 - 2014-04-15 04:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-01 11:14 - 2014-06-13 23:28 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\Skype 2014-10-01 11:14 - 2014-03-28 20:31 - 00000000 ____D () C:\ProgramData\Skype 2014-10-01 06:21 - 2013-01-07 16:24 - 01336810 _____ () C:\Windows\WindowsUpdate.log 2014-10-01 06:16 - 2014-08-20 17:09 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\LogMeIn Hamachi 2014-10-01 06:16 - 2014-05-25 00:51 - 00000000 ___RD () C:\Users\PhillyT65\OneDrive 2014-10-01 06:16 - 2013-12-24 09:41 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-01 05:55 - 2011-11-04 10:28 - 00000000 ____D () C:\ProgramData\PDFC 2014-10-01 05:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-10-01 05:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-01 05:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration 2014-10-01 05:52 - 2010-11-20 22:47 - 00797270 _____ () C:\Windows\PFRO.log 2014-09-30 23:21 - 2014-05-18 18:43 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-30 16:46 - 2013-06-23 07:42 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-30 16:41 - 2014-06-18 09:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL 2014-09-29 19:20 - 2013-01-07 21:14 - 00002057 _____ () C:\Windows\epplauncher.mif 2014-09-29 16:01 - 2013-01-07 16:33 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhillyT65 2014-09-29 16:01 - 2013-01-07 16:33 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForPhillyT65.job 2014-09-29 14:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-29 13:38 - 2014-07-24 20:06 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\PMB Files 2014-09-29 12:40 - 2013-01-07 16:24 - 00000000 ____D () C:\Users\PhillyT65 2014-09-29 12:39 - 2014-07-24 20:06 - 00000000 ____D () C:\ProgramData\PMB Files 2014-09-29 12:39 - 2014-05-18 00:13 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\Battle.net 2014-09-29 12:39 - 2013-10-29 16:56 - 00000000 ____D () C:\Users\DefaultAppPool 2014-09-29 12:39 - 2011-11-04 10:21 - 00000000 ____D () C:\ProgramData\RoxioNow 2014-09-29 12:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-09-29 11:17 - 2014-05-18 00:13 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Battle.net 2014-09-28 10:01 - 2013-01-08 17:40 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\CrashDumps 2014-09-27 18:37 - 2014-05-25 00:49 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Windows Live 2014-09-26 16:49 - 2011-11-04 10:22 - 00000000 ____D () C:\ProgramData\CyberLink 2014-09-26 16:49 - 2011-11-04 10:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-26 04:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-09-25 17:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-09-25 15:39 - 2009-07-14 00:13 - 00869632 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-25 15:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI 2014-09-25 15:11 - 2014-05-21 18:34 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-25 06:26 - 2014-05-25 00:51 - 00002192 _____ () C:\Users\PhillyT65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-09-24 22:00 - 2013-01-30 22:08 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-09-24 22:00 - 2013-01-09 22:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-09-24 21:59 - 2013-01-16 22:36 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\HP Support Assistant 2014-09-24 21:59 - 2013-01-08 17:39 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\HpUpdate 2014-09-22 01:42 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-16 17:56 - 2014-06-04 21:39 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\.minecraft 2014-09-13 11:23 - 2014-05-18 00:14 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-09-13 11:23 - 2014-05-18 00:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-09-10 03:14 - 2011-02-11 12:15 - 00861754 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 03:13 - 2013-01-07 21:14 - 00002119 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-10 03:12 - 2013-07-16 07:57 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 03:12 - 2013-01-07 21:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-10 03:12 - 2013-01-07 21:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-09-10 03:03 - 2013-01-08 09:16 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 03:02 - 2014-05-05 20:44 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-08 10:42 - 2013-07-15 17:19 - 47296000 ___SH () C:\Users\PhillyT65\Downloads\Thumbs.db 2014-09-05 13:07 - 2014-08-20 17:08 - 00000888 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-09-03 19:54 - 2014-06-19 16:12 - 00000000 ____D () C:\Users\PhillyT65\Documents\My Games 2014-09-03 18:17 - 2014-08-31 12:35 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\Sony 2014-09-01 21:05 - 2013-01-07 16:35 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForVIGGILANTE$ 2014-09-01 21:05 - 2013-01-07 16:35 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForVIGGILANTE$.job Some content of TEMP: ==================== C:\Users\PhillyT65\AppData\Local\Temp\BackupSetup.exe C:\Users\PhillyT65\AppData\Local\Temp\EdSD9.dll C:\Users\PhillyT65\AppData\Local\Temp\EdSD9.exe C:\Users\PhillyT65\AppData\Local\Temp\GVRA8.exe C:\Users\PhillyT65\AppData\Local\Temp\OnlineBackup.exe C:\Users\PhillyT65\AppData\Local\Temp\SpOrder.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 00:27 ==================== End Of Log ============================

Farbar Service Scanner Version: 21-07-2014 Ran by PhillyT65 (administrator) on 01-10-2014 at 12:30:34 Running from "C:\Users\PhillyT65\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****

Naturally since I am NOT PUTER PROFICIANT...Did I do that right ???

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014 Ran by PhillyT65 at 2014-10-01 11:55:19 Running from C:\Users\PhillyT65\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.60629.2348 - ATI Technologies Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2011.0630.16.41755 - ATI) Hidden Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0630.16.41755 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0630.16.41755 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.0630.16.41755 - ATI) Hidden CCC Help English (x32 Version: 2011.0630.0015.41755 - ATI) Hidden ccc-utility64 (Version: 2011.0630.16.41755 - ATI) Hidden CloudScout (x32 Version: 1.0.0.1 - www.CloudGuard.me) Hidden CloudScout Parental Control (HKLM-x32\...\{9c7ab1b0-c461-42e4-b381-4d901f1130fe}) (Version: 1.0.0.3 - www.CloudGuard.me) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DriverTuner 3.5.0.1 (HKLM-x32\...\DriverTuner_is1) (Version: 3.5.0.1 - LionSea Software co., ltd) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard) Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive) iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc) Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve) Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) theHunter (HKLM-x32\...\Steam App 253710) (Version: - Expansive Worlds) Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version: - Secret Exit Ltd.) Unity (HKLM-x32\...\Unity) (Version: 4.5.0f6 - Unity Technologies ApS) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.51 - NCH Software) Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) XSplit Gamecaster (HKLM-x32\...\{22EE0000-ECB1-486F-B928-990CECFE7B32}) (Version: 1.9.1407.2114 - SplitmediaLabs) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{1a171a82-78ac-4df6-843e-60d242d0c94c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 30-09-2014 05:54:23 Windows Update 01-10-2014 11:17:57 Windows Update 01-10-2014 11:21:06 Windows Update 01-10-2014 16:14:06 Removed Skype™ 6.20 01-10-2014 16:15:04 Removed Skype Click to Call ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {09F898B2-C354-4716-A162-DC94BD42DF13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard) Task: {1651A2FE-9179-40F3-A44B-EDA069A69CA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {16AC49F9-DC77-4D13-AA4C-FF4B8D8D9CBD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {3A903340-35A8-42D5-A15D-910034F54416} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard) Task: {40FA0DE6-0B63-4D8A-BEF6-0AB4CC872A65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard) Task: {59A664AB-699E-4321-BB44-EA2EE9AA68AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5D78DE63-AF02-486A-A982-9C7DA4C70511} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {5FDE4999-50E6-4FE2-ACF8-0B482B4D75A3} - System32\Tasks\HPCeeScheduleForVIGGILANTE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {6B32B5B6-B227-46BF-A2AC-6DC9355B5161} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.) Task: {86AC99A3-66E3-4C5E-B715-752C72F3BB12} - System32\Tasks\HPCeeScheduleForPhillyT65 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {A3EB1EB7-26A8-42FB-997C-92DD2B859666} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\PHILLY~1\AppData\Local\Temp\YourFileDownloaderaN37b7xtHB.exe <==== ATTENTION Task: {B59861A0-1841-41F2-B98A-6EFFAD5CA27F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.) Task: {DEFA07C9-3A91-47C4-BB81-334E5727EBCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard) Task: {EF99594A-CA00-429B-9786-7949B49433E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForPhillyT65.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForVIGGILANTE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-25 15:09 - 2014-09-25 10:57 - 04834816 _____ () C:\Windows\score.exe 2014-06-12 11:56 - 2014-06-12 11:56 - 00014848 ____N () C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll 2014-05-26 00:59 - 2014-05-26 00:58 - 00035840 _____ () C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll 2014-06-12 11:56 - 2014-06-12 11:56 - 00099840 ____N () C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.CMOD2.dll 2011-06-30 02:14 - 2011-06-30 02:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-03-14 16:20 - 2011-03-14 16:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-09-25 06:26 - 2014-09-25 06:26 - 00081056 _____ () C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll 2013-05-20 11:16 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll 2014-09-25 06:26 - 2014-09-25 06:26 - 00081056 _____ () C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL 2014-09-24 22:29 - 2014-09-22 23:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll 2014-09-24 22:29 - 2014-09-22 23:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll 2014-09-24 22:29 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll 2014-09-24 22:29 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll 2014-09-24 22:29 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll 2014-09-24 22:29 - 2014-09-22 23:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3041398442-320649397-160515667-500 - Administrator - Disabled) Guest (S-1-5-21-3041398442-320649397-160515667-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3041398442-320649397-160515667-1002 - Limited - Enabled) Michael (S-1-5-21-3041398442-320649397-160515667-1005 - Administrator - Enabled) PhillyT65 (S-1-5-21-3041398442-320649397-160515667-1000 - Administrator - Enabled) => C:\Users\PhillyT65 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/29/2014 07:20:08 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: VIGGILANTE) Description: HRESULT:0x8004FF06 Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06. Error: (09/29/2014 01:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a3c Start Time: 01cfdc0c7edacd50 Termination Time: 140 Application Path: C:\Windows\Explorer.EXE Report Id: 6d810e0f-4809-11e4-a0a9-38607782e6c5 Error: (09/29/2014 06:12:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 9c8 Start Time: 01cfdb3ee688b89e Termination Time: 3224 Application Path: C:\Windows\Explorer.EXE Report Id: 78f3a400-47c9-11e4-b288-38607782e6c5 Error: (09/28/2014 10:01:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 7759337A_stp.EXE, version: 0.0.0.0, time stamp: 0x4b1ae411 Faulting module name: NSISEncrypt.dll, version: 0.0.0.0, time stamp: 0x54280577 Exception code: 0xc0000005 Fault offset: 0x000038c8 Faulting process id: 0x1828 Faulting application start time: 0x7759337A_stp.EXE0 Faulting application path: 7759337A_stp.EXE1 Faulting module path: 7759337A_stp.EXE2 Report Id: 7759337A_stp.EXE3 Error: (09/26/2014 08:00:39 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program thehunter.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2504 Start Time: 01cfd9898a600c75 Termination Time: 24 Application Path: C:\Program Files (x86)\Steam\steamapps\common\theHunter\game\thehunter.exe Report Id: Error: (09/25/2014 11:05:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Skype.exe version 6.20.0.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 88c Start Time: 01cfd905d6d250ac Termination Time: 52 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: Error: (09/25/2014 03:09:56 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE) Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSIA0F5.tmp Error: (09/25/2014 03:09:55 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE) Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationStart, entry: InstallationStart, library: C:\Windows\Installer\MSI9ADC.tmp Error: (09/14/2014 11:20:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x53948b55 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002e04e Faulting process id: 0x3c0 Faulting application start time: 0xhl2.exe0 Faulting application path: hl2.exe1 Faulting module path: hl2.exe2 Report Id: hl2.exe3 Error: (09/05/2014 01:08:36 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 37.0.2062.103 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1af0 Start Time: 01cfc93425c4fe2d Termination Time: 10 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 880e943b-3527-11e4-bc29-38607782e6c5 System errors: ============= Error: (10/01/2014 06:00:56 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (10/01/2014 05:55:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Diagnostic System Host service hung on starting. Error: (10/01/2014 05:55:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Diagnostic Service Host service hung on starting. Error: (10/01/2014 05:53:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (10/01/2014 05:53:38 AM) (Source: SNMP) (EventID: 1500) (User: ) Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error: (10/01/2014 05:53:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Routing and Remote Access service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (10/01/2014 05:53:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Software Framework Service service failed to start due to the following error: %%1053 Error: (10/01/2014 05:53:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect. Error: (10/01/2014 05:53:03 AM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error: (10/01/2014 05:51:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Message Queuing service terminated with the following error: %%-2147024877 Microsoft Office Sessions: ========================= Error: (09/29/2014 07:20:08 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: VIGGILANTE) Description: HRESULT:0x8004FF06 Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06. Error: (09/29/2014 01:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567a3c01cfdc0c7edacd50140C:\Windows\Explorer.EXE6d810e0f-4809-11e4-a0a9-38607782e6c5 Error: (09/29/2014 06:12:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.175679c801cfdb3ee688b89e3224C:\Windows\Explorer.EXE78f3a400-47c9-11e4-b288-38607782e6c5 Error: (09/28/2014 10:01:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: 7759337A_stp.EXE0.0.0.04b1ae411NSISEncrypt.dll0.0.0.054280577c0000005000038c8182801cfdb2d062058f2C:\Users\PHILLY~1\AppData\Local\Temp\is366025459\7759337A_stp.EXEC:\Users\PHILLY~1\AppData\Local\Temp\nsg2579.tmp\NSISEncrypt.dll4cf5b4f0-4720-11e4-b7b9-38607782e6c5 Error: (09/26/2014 08:00:39 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: thehunter.exe1.0.0.1250401cfd9898a600c7524C:\Program Files (x86)\Steam\steamapps\common\theHunter\game\thehunter.exe Error: (09/25/2014 11:05:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Skype.exe6.20.0.10488c01cfd905d6d250ac52C:\Program Files (x86)\Skype\Phone\Skype.exe Error: (09/25/2014 03:09:56 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE) Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSIA0F5.tmp (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/25/2014 03:09:55 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE) Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationStart, entry: InstallationStart, library: C:\Windows\Installer\MSI9ADC.tmp (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/14/2014 11:20:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: hl2.exe0.0.0.053948b55ntdll.dll6.1.7601.18247521ea8e7c00000050002e04e3c001cfd099b1293705C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exeC:\Windows\SysWOW64\ntdll.dllaea158c6-3c8f-11e4-ae05-38607782e6c5 Error: (09/05/2014 01:08:36 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: chrome.exe37.0.2062.1031af001cfc93425c4fe2d10C:\Program Files (x86)\Google\Chrome\Application\chrome.exe880e943b-3527-11e4-bc29-38607782e6c5 CodeIntegrity Errors: =================================== Date: 2014-09-25 15:25:10.294 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:25:09.958 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:25:09.621 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:15:35.696 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:15:35.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:15:34.976 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD E2-3200 APU with Radeon HD Graphics Percentage of memory in use: 56% Total physical RAM: 3570.82 MB Available physical RAM: 1539.93 MB Total Pagefile: 7139.81 MB Available Pagefile: 4206.77 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:919.75 GB) (Free:700.1 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:11.66 GB) (Free:1.43 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EAD598F5) Partition 1: (Active) - (Size=98 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=919.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ latest.log

That is so Baaaaaaaaaaaad

AHHHH Haaaaaaa....Laughin my butt off

I had no issues logging in anywhere... Yesterday I logon and get: hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_39_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0Dzz0CyE0C0E0DyE0F0DtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzyyEyCtD0EtBtCtG0F0DyC0EtGtCtB0FyDtG0A0FtD0CtGtD0BzyyEyE0DyE0FtAzzzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DtDyEtAtA0B0FtG0AzztAyDtGyE0BtCtBtG0AyD0DzytG0EyE0F0D0FyD0CtA0FtA0Fzz2Q&cr=402266813&ir= I have never been to this site...there were options to delete the link ..those options DO NOT work..all one gets is popups.. I have other sites on my list which I can access using tabs but the astromedia site comes up right at login..and will not go away

Was really surprised when the new version popped up...no issues so far...