Jump to content

vmhost.exe malware


Recommended Posts

Hi

I am having a serious problem with vmhost.exe. I have gone to quite a bit of trouble to prevent it from reinstalling itself and nothing I have done has worked. This is a rough log of what I have done to try to eliminate it:

  1. vmhost.exe is a noxious piece of malware that uses up to 50% of the CPU time on my computer and slows down every piece of software that runs.
  2. Stopping the process fixes the problem temporarily
  3. Malwarebytes seems to stop some of its badness by blocking access to some websites but it doesn't stop it from running or using up CPU resources
  4. When I rename vmhost.exe Malwarebytes can find it and quarantine it if I tell it to.
  5. If I don't rename vmhost.exe Marwarebytes can't find it.
  6. The service that seems to start and restore vmhost.exe is stisvc
  7. I ran a Malwarebytes scan in the safe mode to see if it couldn't eliminate stisvc from the registry. It didn't detect it
  8. It isn't possible to stop stisvc using the task manager stop service command
  9. I didn't find anything using the msconfig program that was starting stisvc.
  10. It isn't possible to delete the reference to stisvc in the registry. You get a message back that the entry can't be deleted.
  11. I tried numerous ways to delete the entry, they all might have worked if I had the patience to learn exactly how to get them to do what I wanted but I looked for something simpler
  12. I downloaded and installed Registrar Registry Manager 7.60 and searched for stisvc
  13. Registrar Registry Manager found about 30 instances of stisvc in the registry. Regedit had only found 3.
  14. I delected every instance of stisvc in the registry with Registrar Registry Manager.
  15. I rebooted the computer and thought initially that the problem was fixed. It wasn't vmhost.exe is back but the service stisvcis not there. Something else seems to be initiating vmhost.exe

 

This is the farbar recover tool scan text

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by dave (administrator) on DAVE-PC on 21-08-2014 13:02:49
Running from C:\Users\dave\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apricorn) C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NetWork Host Corporation) C:\ProgramData\Online\sv.exe
() C:\Windows\System32\PSIService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(CyberLink) C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(PC Drivers Headquarters) C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\dave\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\ProgramData\NetworkHostTask\vmhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\ProgramData\NetworkHostTask\vmhost.exe
(Farbar) C:\Users\dave\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4349952 2007-01-18] (Realtek Semiconductor)
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2007-04-19] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-04-03] (CANON INC.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [526992 2010-10-01] (Corel, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [591696 2008-02-19] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2009-07-10] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-03-12] (RealNetworks, Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [Driver Detective] => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [3522528 2012-10-12] (PC Drivers Headquarters)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [Google Update] => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-12] (Google Inc.)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [Amazon Cloud Player] => C:\Users\dave\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [2425888 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {1e9d29e2-8107-11dd-9d21-001a92eb2aad} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {22569c40-0ae8-11df-8be9-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {2cb94e36-6305-11dc-8e9c-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {6684efe1-5568-11df-8ebb-001a92eb2aad} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {e2f9a385-7cb3-11e0-a12c-001a92eb2aad} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {ec59a28b-b62d-11dc-9519-001a92eb2aad} - F:\Autorun.exe /run
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dave\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dave\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dave\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope {D496E40F-A467-433B-A5FF-27DCA8FFC91D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {251770DF-016C-4953-8514-69011ADD371C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {8F4FFB65-0EB3-4FF4-9931-B3BCE23CCE5F} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
SearchScopes: HKLM - {D496E40F-A467-433B-A5FF-27DCA8FFC91D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=
SearchScopes: HKCU - {251770DF-016C-4953-8514-69011ADD371C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111016&iesrc={referrer:source}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=
SearchScopes: HKCU - {8F4FFB65-0EB3-4FF4-9931-B3BCE23CCE5F} URL =
SearchScopes: HKCU - {D496E40F-A467-433B-A5FF-27DCA8FFC91D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\ocem7xxw.default-1408386555995
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=5.2.5.48 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dave\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dave\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\MyCamera.dll (CANON INC.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPCIG.dll (CANON INC.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npatgpc.dll (WebEx Communications, Inc)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-09-13]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-01-18]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-01-18]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-12]
FF HKLM\...\Firefox\Extensions: [{55A8EC97-6AF6-442c-877F-11C51DBD162D}] - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_FF.xpi
FF Extension: YouTube Video Downloader Extension - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_FF.xpi [2014-03-12]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-07-01]

Chrome:
=======
CHR DefaultSearchURL: https://mail.google.com/mail/ca/?extsrc=mailto&url=%s
CHR Extension: (Google Docs) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-02-28]
CHR Extension: (YouTube) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (DivX HiQ) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2013-12-20]
CHR Extension: (RealDownloader) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-12]
CHR Extension: (YouTube Video Downloader Extension) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\igljnkmljjbhcellpnjppojkfdfmkjmp [2014-06-03]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijmpjamifmplbakhgikofogdfackici [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-12-20]
CHR Extension: (Gmail) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [igljnkmljjbhcellpnjppojkfdfmkjmp] - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_GC.crx [2014-03-12]
CHR HKLM\...\Chrome\Extension: [iijmpjamifmplbakhgikofogdfackici] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com.crx [2014-07-01]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe [410856 2007-10-09] (Apricorn)
R2 AdobeActiveFileMonitor12.0; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation) [File not signed]
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] () [File not signed]
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-16] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-10] (SEIKO EPSON CORPORATION)
S3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2007-04-19] (Intel Corporation) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation) [File not signed]
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-08-31] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NetworkHostSrv; C:\ProgramData\Online\sv.exe [408576 2014-08-15] (NetWork Host Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation) [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [253776 2013-12-27] (CyberLink)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 CLTNetCnService; No ImagePath
S2 Seagate Sync Service; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DT9812K; C:\Windows\System32\Drivers\Dt9812k.sys [70656 2011-05-10] (Data Translation Inc.) [File not signed]
S3 DT9812LD; C:\Windows\System32\DRIVERS\Dt9812Ld.sys [13312 2011-05-26] (Data Translation Inc.) [File not signed]
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [366080 2007-04-18] (Hauppauge Computer Works, Inc)
S4 hhdserial; C:\Windows\system32\drivers\hhdserial.sys [30856 2007-10-02] (HHD Software Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)
R2 mrtRate; C:\Windows\system32\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S3 QCPro; C:\Windows\System32\DRIVERS\p35u.sys [116480 2002-12-10] (Logitech Inc.)
R0 snapman; C:\Windows\System32\DRIVERS\snapman.sys [120688 2010-01-24] (Apricorn) [File not signed]
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [39376 2010-01-24] (Apricorn) [File not signed]
R0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [400560 2010-01-24] (Apricorn) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-05-10] (Apple, Inc.) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 13:02 - 2014-08-21 13:02 - 01094144 _____ (Farbar) C:\Users\dave\Downloads\FRST(1).exe
2014-08-21 11:41 - 2014-08-21 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
2014-08-21 11:41 - 2014-08-21 11:41 - 00000000 ____D () C:\Program Files\Registrar Registry Manager
2014-08-21 11:40 - 2014-08-21 11:40 - 04968008 _____ (Resplendence Software Projects Sp. ) C:\Users\dave\Downloads\RegistrarHomeV7.exe
2014-08-21 11:35 - 2014-08-21 11:35 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\PSTools
2014-08-21 11:18 - 2014-08-21 11:18 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\Regdelnull
2014-08-21 10:46 - 2014-08-21 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-08-21 10:46 - 2014-08-21 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-08-20 11:47 - 2014-08-20 11:47 - 00000000 ____D () C:\Users\dave\AppData\Local\{FC69265E-8DC7-4899-9A45-F7A0A23A79F4}
2014-08-19 04:20 - 2014-08-19 04:21 - 00000000 ____D () C:\Users\dave\AppData\Local\{14FEE1A9-E150-43F2-95A2-8819DF9E17DD}
2014-08-18 16:20 - 2014-08-18 16:20 - 00000000 ____D () C:\Users\dave\AppData\Local\{79FCEBED-71F4-4E2D-857F-B9CA69F5D3DA}
2014-08-18 07:12 - 2014-08-18 07:12 - 00000000 ____D () C:\Users\dave\AppData\Local\{0B5909DB-3FEF-4E46-B6B3-F0419B3871CC}
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\Users\dave\AppData\Local\{603D7236-1842-4678-8F17-CB3B300D7B87}
2014-08-16 14:35 - 2014-06-26 15:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 14:35 - 2014-06-26 15:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 14:35 - 2014-06-26 15:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 14:35 - 2014-06-05 21:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 22:03 - 2014-08-15 22:03 - 00000000 ____D () C:\Windows\Sun
2014-08-15 21:08 - 2014-08-21 12:36 - 00000000 ____D () C:\ProgramData\NetworkHostTask
2014-08-15 20:59 - 2014-08-15 20:59 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-15 20:58 - 2014-08-15 21:08 - 00000000 ____D () C:\Users\dave\AppData\Roaming\serv
2014-08-15 20:58 - 2014-08-15 20:58 - 00000000 ____D () C:\Users\dave\AppData\Roaming\device
2014-08-15 20:58 - 2014-08-15 20:58 - 00000000 ____D () C:\ProgramData\Online
2014-08-15 00:17 - 2014-08-15 00:17 - 00000000 ____D () C:\Users\dave\AppData\Local\{2010FE9E-E2AF-4B94-948F-58D93C04F6EE}
2014-08-14 06:08 - 2014-07-24 11:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 06:08 - 2014-07-24 10:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 06:08 - 2014-07-24 10:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 06:08 - 2014-07-24 10:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 06:08 - 2014-07-24 10:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 06:08 - 2014-07-24 10:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 06:08 - 2014-07-24 10:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 06:08 - 2014-07-24 10:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 06:08 - 2014-07-24 10:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 06:08 - 2014-07-24 10:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 06:08 - 2014-07-24 10:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 06:08 - 2014-07-24 10:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 06:08 - 2014-07-24 10:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 06:08 - 2014-07-24 10:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 06:08 - 2014-07-24 10:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 06:08 - 2014-07-24 10:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 06:08 - 2014-07-07 17:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 06:08 - 2014-06-13 17:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 06:08 - 2014-06-13 17:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 06:08 - 2014-06-02 03:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 06:08 - 2014-06-02 03:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 06:08 - 2014-06-02 03:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 06:08 - 2014-06-02 03:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 06:08 - 2014-06-02 01:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 11:08 - 2014-08-13 23:09 - 00000000 ____D () C:\Users\dave\AppData\Local\{D38017BC-E556-417D-9E82-554F22792CCA}
2014-08-11 18:21 - 2014-08-11 18:21 - 00144880 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-10 13:19 - 2014-08-10 13:19 - 00421034 _____ () C:\Users\dave\Downloads\My recording #8.wav
2014-08-09 11:49 - 2014-08-09 11:49 - 00144880 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-05 13:43 - 2013-09-11 07:02 - 00596000 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM7012.dll
2014-08-05 13:42 - 2014-08-05 13:42 - 00002105 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8620.lnk
2014-08-05 13:42 - 2014-08-05 13:42 - 00001057 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8620.lnk
2014-08-04 19:29 - 2014-08-04 19:29 - 00000000 ____D () C:\Users\dave\AppData\Local\{3FB88754-803A-493D-A0E8-BE86CBE8835C}
2014-08-04 07:59 - 2014-08-04 07:59 - 00144880 _____ () C:\Windows\Minidump\Mini080414-01.dmp
2014-08-03 19:26 - 2014-08-04 07:29 - 00000000 ____D () C:\Users\dave\AppData\Local\{ABDDD751-1E60-48E0-9B30-A403A7B791EC}
2014-08-03 16:10 - 2014-08-03 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Helicon Software
2014-08-03 16:07 - 2014-08-03 16:09 - 80159664 _____ (Helicon Soft Ltd. ) C:\Users\dave\Downloads\HeliconFocus.exe
2014-08-03 12:49 - 2014-08-03 12:51 - 00000000 ____D () C:\Program Files\PICOLAY
2014-08-03 12:49 - 2014-08-03 12:49 - 00001654 _____ () C:\Users\dave\Desktop\picolay.lnk
2014-08-03 12:49 - 2014-08-03 12:49 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\picolay
2014-08-03 12:49 - 2014-08-03 12:49 - 00000000 ____D () C:\Users\dave\AppData\Roaming\DATA
2014-08-03 12:48 - 2014-08-03 12:48 - 04715892 _____ () C:\Users\dave\Downloads\install_PICOLAY_140604.exe
2014-08-01 18:28 - 2014-08-03 07:25 - 00000000 ____D () C:\Users\dave\AppData\Local\{2C7C51D2-A2CD-46AD-92B4-398AC5D13AB7}
2014-07-31 21:07 - 2014-07-31 21:07 - 00144880 _____ () C:\Windows\Minidump\Mini073114-01.dmp
2014-07-29 23:24 - 2014-07-29 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 23:35 - 2014-07-27 23:35 - 00545890 _____ () C:\Users\dave\Downloads\My recording #7.wav
2014-07-27 23:35 - 2014-07-27 23:35 - 00485062 _____ () C:\Users\dave\Downloads\My recording #6.wav
2014-07-27 23:35 - 2014-07-27 23:35 - 00386880 _____ () C:\Users\dave\Downloads\My recording #5.wav
2014-07-27 23:34 - 2014-07-27 23:34 - 01939349 _____ () C:\Users\dave\Downloads\crickets.zip
2014-07-27 23:34 - 2014-07-27 23:34 - 00529884 _____ () C:\Users\dave\Downloads\My recording #4.wav
2014-07-27 23:34 - 2014-07-27 23:34 - 00372474 _____ () C:\Users\dave\Downloads\My recording #3.wav
2014-07-27 02:19 - 2014-07-27 02:19 - 00144880 _____ () C:\Windows\Minidump\Mini072714-01.dmp
2014-07-27 01:16 - 2014-07-27 01:16 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Oracle
2014-07-27 01:12 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-27 01:12 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-27 01:12 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-27 01:12 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-26 17:56 - 2014-07-26 17:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Wondershare
2014-07-23 00:41 - 2014-07-23 00:41 - 00453048 _____ () C:\Users\dave\Downloads\My recording #2.wav
2014-07-22 13:21 - 2014-07-22 13:22 - 00144880 _____ () C:\Windows\Minidump\Mini072214-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 13:02 - 2014-08-21 13:02 - 01094144 _____ (Farbar) C:\Users\dave\Downloads\FRST(1).exe
2014-08-21 13:02 - 2013-11-03 21:11 - 00033462 _____ () C:\Users\dave\Downloads\FRST.txt
2014-08-21 13:02 - 2013-11-03 21:08 - 00000000 ____D () C:\FRST
2014-08-21 12:55 - 2012-12-10 12:17 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157692319-862770736-3730535595-1001UA.job
2014-08-21 12:36 - 2014-08-15 21:08 - 00000000 ____D () C:\ProgramData\NetworkHostTask
2014-08-21 12:33 - 2013-03-31 12:29 - 00000000 ___RD () C:\Users\dave\Dropbox
2014-08-21 12:32 - 2013-03-31 12:24 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Dropbox
2014-08-21 12:31 - 2009-12-28 12:10 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 12:29 - 2014-07-12 22:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 12:29 - 2014-03-29 01:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 12:29 - 2009-12-28 12:10 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 12:29 - 2008-10-03 22:16 - 00000462 _____ () C:\Windows\Tasks\SDMsgUpdate (SD).job
2014-08-21 12:26 - 2007-06-07 07:58 - 00153420 _____ () C:\Windows\PFRO.log
2014-08-21 12:26 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 12:26 - 2006-11-02 05:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 12:26 - 2006-11-02 05:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 12:24 - 2007-09-14 14:01 - 01291633 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 12:24 - 2006-11-02 06:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-21 11:41 - 2014-08-21 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
2014-08-21 11:41 - 2014-08-21 11:41 - 00000000 ____D () C:\Program Files\Registrar Registry Manager
2014-08-21 11:40 - 2014-08-21 11:40 - 04968008 _____ (Resplendence Software Projects Sp. ) C:\Users\dave\Downloads\RegistrarHomeV7.exe
2014-08-21 11:35 - 2014-08-21 11:35 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\PSTools
2014-08-21 11:18 - 2014-08-21 11:18 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\Regdelnull
2014-08-21 10:46 - 2014-08-21 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-08-21 10:46 - 2014-08-21 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-08-21 10:43 - 2014-05-28 00:10 - 00000000 ____D () C:\Windows\WICCodecs
2014-08-21 09:03 - 2007-09-14 22:34 - 00000000 ____D () C:\Users\dave\AppData\Local\Adobe
2014-08-20 22:55 - 2012-12-10 12:17 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157692319-862770736-3730535595-1001Core.job
2014-08-20 14:39 - 2013-12-20 00:38 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-20 11:47 - 2014-08-20 11:47 - 00000000 ____D () C:\Users\dave\AppData\Local\{FC69265E-8DC7-4899-9A45-F7A0A23A79F4}
2014-08-19 19:50 - 2007-09-19 01:41 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\MyDoc
2014-08-19 04:21 - 2014-08-19 04:20 - 00000000 ____D () C:\Users\dave\AppData\Local\{14FEE1A9-E150-43F2-95A2-8819DF9E17DD}
2014-08-18 16:20 - 2014-08-18 16:20 - 00000000 ____D () C:\Users\dave\AppData\Local\{79FCEBED-71F4-4E2D-857F-B9CA69F5D3DA}
2014-08-18 12:28 - 2010-08-11 00:12 - 00000000 ____D () C:\Users\dave\AppData\Local\TopoGrafix
2014-08-18 11:29 - 2014-03-01 08:50 - 00000000 ____D () C:\Users\dave\Desktop\Old Firefox Data
2014-08-18 07:12 - 2014-08-18 07:12 - 00000000 ____D () C:\Users\dave\AppData\Local\{0B5909DB-3FEF-4E46-B6B3-F0419B3871CC}
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\Users\dave\AppData\Local\{603D7236-1842-4678-8F17-CB3B300D7B87}
2014-08-17 13:04 - 2011-03-20 11:54 - 00000458 _____ () C:\Windows\Tasks\SOS Online Backup - davefoc@gmail.com.job
2014-08-17 13:04 - 2011-03-20 11:25 - 00000000 ____D () C:\Program Files\SOS Online Backup
2014-08-16 16:12 - 2009-03-17 09:01 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-16 15:52 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache
2014-08-16 15:49 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-16 15:41 - 2006-11-02 03:33 - 00772070 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 14:37 - 2013-11-26 08:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 14:37 - 2006-11-02 03:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-16 14:19 - 2007-09-14 14:19 - 00000000 ____D () C:\Users\dave
2014-08-16 14:15 - 2014-02-26 00:21 - 00000000 ____D () C:\Users\dave\AppData\Local\CrashDumps
2014-08-15 22:03 - 2014-08-15 22:03 - 00000000 ____D () C:\Windows\Sun
2014-08-15 22:02 - 2007-06-07 07:31 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-15 21:08 - 2014-08-15 20:58 - 00000000 ____D () C:\Users\dave\AppData\Roaming\serv
2014-08-15 20:59 - 2014-08-15 20:59 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-15 20:58 - 2014-08-15 20:58 - 00000000 ____D () C:\Users\dave\AppData\Roaming\device
2014-08-15 20:58 - 2014-08-15 20:58 - 00000000 ____D () C:\ProgramData\Online
2014-08-15 08:25 - 2013-03-31 12:29 - 00000957 _____ () C:\Users\dave\Desktop\Dropbox.lnk
2014-08-15 08:25 - 2013-03-31 12:26 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 07:35 - 2007-09-16 20:22 - 00005720 _____ () C:\Users\dave\Desktop\info.txt
2014-08-15 00:17 - 2014-08-15 00:17 - 00000000 ____D () C:\Users\dave\AppData\Local\{2010FE9E-E2AF-4B94-948F-58D93C04F6EE}
2014-08-14 20:25 - 2012-11-11 15:12 - 00000000 ____D () C:\Users\dave\AppData\Roaming\HpUpdate
2014-08-13 23:09 - 2014-08-13 11:08 - 00000000 ____D () C:\Users\dave\AppData\Local\{D38017BC-E556-417D-9E82-554F22792CCA}
2014-08-13 10:50 - 2013-06-01 02:57 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\My PSP Files
2014-08-11 18:21 - 2014-08-11 18:21 - 00144880 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 18:21 - 2010-10-13 08:57 - 00000000 ____D () C:\Windows\Minidump
2014-08-11 18:20 - 2010-10-13 08:57 - 211707499 _____ () C:\Windows\MEMORY.DMP
2014-08-11 15:14 - 2014-03-04 01:04 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Audacity
2014-08-10 13:19 - 2014-08-10 13:19 - 00421034 _____ () C:\Users\dave\Downloads\My recording #8.wav
2014-08-09 11:49 - 2014-08-09 11:49 - 00144880 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-07 18:57 - 2012-12-03 22:43 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Skype
2014-08-05 14:55 - 2012-11-11 15:06 - 00000000 ____D () C:\Users\dave\AppData\Local\HP
2014-08-05 13:46 - 2007-06-07 07:27 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-08-05 13:45 - 2007-06-07 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-05 13:42 - 2014-08-05 13:42 - 00002105 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8620.lnk
2014-08-05 13:42 - 2014-08-05 13:42 - 00001057 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8620.lnk
2014-08-05 13:39 - 2007-09-14 22:06 - 00000000 ____D () C:\ProgramData\HP
2014-08-05 13:38 - 2007-06-07 07:44 - 00000000 ____D () C:\Program Files\HP
2014-08-05 13:38 - 2006-11-02 05:37 - 00000000 ____D () C:\Windows\twain_32
2014-08-04 19:29 - 2014-08-04 19:29 - 00000000 ____D () C:\Users\dave\AppData\Local\{3FB88754-803A-493D-A0E8-BE86CBE8835C}
2014-08-04 07:59 - 2014-08-04 07:59 - 00144880 _____ () C:\Windows\Minidump\Mini080414-01.dmp
2014-08-04 07:29 - 2014-08-03 19:26 - 00000000 ____D () C:\Users\dave\AppData\Local\{ABDDD751-1E60-48E0-9B30-A403A7B791EC}
2014-08-03 16:11 - 2007-09-14 22:34 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Adobe
2014-08-03 16:10 - 2014-08-03 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Helicon Software
2014-08-03 16:09 - 2014-08-03 16:07 - 80159664 _____ (Helicon Soft Ltd. ) C:\Users\dave\Downloads\HeliconFocus.exe
2014-08-03 15:14 - 2013-04-14 18:55 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\HRBlock
2014-08-03 15:12 - 2008-02-19 16:23 - 00000000 ____D () C:\ProgramData\pdf995
2014-08-03 14:53 - 2008-02-19 16:22 - 00000000 ____D () C:\Users\dave\AppData\Roaming\TaxCut
2014-08-03 12:51 - 2014-08-03 12:49 - 00000000 ____D () C:\Program Files\PICOLAY
2014-08-03 12:49 - 2014-08-03 12:49 - 00001654 _____ () C:\Users\dave\Desktop\picolay.lnk
2014-08-03 12:49 - 2014-08-03 12:49 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\picolay
2014-08-03 12:49 - 2014-08-03 12:49 - 00000000 ____D () C:\Users\dave\AppData\Roaming\DATA
2014-08-03 12:48 - 2014-08-03 12:48 - 04715892 _____ () C:\Users\dave\Downloads\install_PICOLAY_140604.exe
2014-08-03 07:25 - 2014-08-01 18:28 - 00000000 ____D () C:\Users\dave\AppData\Local\{2C7C51D2-A2CD-46AD-92B4-398AC5D13AB7}
2014-07-31 21:07 - 2014-07-31 21:07 - 00144880 _____ () C:\Windows\Minidump\Mini073114-01.dmp
2014-07-31 21:07 - 2012-04-25 08:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 00:32 - 2007-09-19 01:39 - 00000000 ___RD () C:\Users\dave\Dropbox\Documents\MyApt
2014-07-29 23:24 - 2014-07-29 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 23:35 - 2014-07-27 23:35 - 00545890 _____ () C:\Users\dave\Downloads\My recording #7.wav
2014-07-27 23:35 - 2014-07-27 23:35 - 00485062 _____ () C:\Users\dave\Downloads\My recording #6.wav
2014-07-27 23:35 - 2014-07-27 23:35 - 00386880 _____ () C:\Users\dave\Downloads\My recording #5.wav
2014-07-27 23:34 - 2014-07-27 23:34 - 01939349 _____ () C:\Users\dave\Downloads\crickets.zip
2014-07-27 23:34 - 2014-07-27 23:34 - 00529884 _____ () C:\Users\dave\Downloads\My recording #4.wav
2014-07-27 23:34 - 2014-07-27 23:34 - 00372474 _____ () C:\Users\dave\Downloads\My recording #3.wav
2014-07-27 08:03 - 2012-01-05 14:16 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-07-27 08:02 - 2008-02-10 19:13 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-27 02:19 - 2014-07-27 02:19 - 00144880 _____ () C:\Windows\Minidump\Mini072714-01.dmp
2014-07-27 01:20 - 2007-09-18 18:10 - 00000000 ____D () C:\Program Files\Java
2014-07-27 01:19 - 2007-09-18 18:10 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-27 01:16 - 2014-07-27 01:16 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Oracle
2014-07-27 01:15 - 2013-10-22 22:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-26 17:56 - 2014-07-26 17:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Wondershare
2014-07-26 17:15 - 2008-09-13 17:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 16:53 - 2010-06-17 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 16:47 - 2008-02-02 12:01 - 00000000 ____D () C:\ProgramData\Intuit
2014-07-26 12:17 - 2014-04-14 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013
2014-07-24 13:47 - 2007-09-15 14:26 - 00149504 _____ () C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-24 11:07 - 2014-08-14 06:08 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 10:58 - 2014-08-14 06:08 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 10:57 - 2014-08-14 06:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 10:52 - 2014-08-14 06:08 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 10:51 - 2014-08-14 06:08 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 10:51 - 2014-08-14 06:08 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 10:50 - 2014-08-14 06:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 10:50 - 2014-08-14 06:08 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 10:48 - 2014-08-14 06:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 10:48 - 2014-08-14 06:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 10:48 - 2014-08-14 06:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 10:48 - 2014-08-14 06:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 10:48 - 2014-08-14 06:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 10:48 - 2014-08-14 06:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 10:48 - 2014-08-14 06:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 10:47 - 2014-08-14 06:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-23 00:41 - 2014-07-23 00:41 - 00453048 _____ () C:\Users\dave\Downloads\My recording #2.wav
2014-07-22 13:22 - 2014-07-22 13:21 - 00144880 _____ () C:\Windows\Minidump\Mini072214-01.dmp

Files to move or delete:
====================
C:\Users\dave\jobq.dat


Some content of TEMP:
====================
C:\Users\dave\AppData\Local\Temp\0fbdecac-136d-4a9a-9252-58eed6564493.exe
C:\Users\dave\AppData\Local\Temp\65a08844-add7-4430-91d8-c507b2dbb23e.exe
C:\Users\dave\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\dave\AppData\Local\Temp\AutoDetect.exe
C:\Users\dave\AppData\Local\Temp\BackupSetup.exe
C:\Users\dave\AppData\Local\Temp\Bob.exe
C:\Users\dave\AppData\Local\Temp\d0c22ec4-d229-4b95-9ff8-bda8d5d2e443.exe
C:\Users\dave\AppData\Local\Temp\dad5d714-759c-470a-b159-3a790e8348fc.exe
C:\Users\dave\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps99zqw.dll
C:\Users\dave\AppData\Local\Temp\extension5830534983172881924.dll
C:\Users\dave\AppData\Local\Temp\f274737c-773c-4833-b3cd-757a11ea305c.exe
C:\Users\dave\AppData\Local\Temp\HRBlock_2013_California_Upd.exe
C:\Users\dave\AppData\Local\Temp\i4jdel0.exe
C:\Users\dave\AppData\Local\Temp\install_flashplayer11x32au_mssa_aih.exe
C:\Users\dave\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\dave\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih_1.exe
C:\Users\dave\AppData\Local\Temp\JKSUtil.dll
C:\Users\dave\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\lowproc.exe
C:\Users\dave\AppData\Local\Temp\oi_{5AA2BCDD-61EC-40FE-AFB6-CAC72FE745C8}.exe
C:\Users\dave\AppData\Local\Temp\readSTILog.dll
C:\Users\dave\AppData\Local\Temp\SHSetup.exe
C:\Users\dave\AppData\Local\Temp\stubhelper.dll
C:\Users\dave\AppData\Local\Temp\SymcPCCUInstaller.exe
C:\Users\dave\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\dave\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\dave\AppData\Local\Temp\WINHTTP5.DLL
C:\Users\dave\AppData\Local\Temp\_is1A94.exe
C:\Users\dave\AppData\Local\Temp\_is710C.exe
C:\Users\dave\AppData\Local\Temp\_JKSInstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-21 12:38

==================== End Of Log ============================

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

FRST produces two logs on its initial run, can you post the second log "Addition.txt" it will be saved in this folder:

 

C:\FRST\Logs

 

Kevin....

Link to post
Share on other sites

Hi Keven,

Thanks so much for responding.

 

I had run FRST previously and a new additions.txt file wasn't created this time.

 

I believe the problem has been solved. It's now been about 30 minutes since I rebooted and vmhost.exe has not showed up (it showed up about 3 minutes after bootup on my computer when it was infected).  I am afraid I continued to investigate while I was waiting for a response and I noticed that in one of the threads created in this sub forum somebody was advised to run AdwCleaner and I decided to give it a go.

 

The offending service seemed to be

NetworkHostSrv

 

However AdwCleaner found quite a bit of other crap lying around. Some of it seems to go back to when I purchased and ran adaware to solve a problem back in November. I spent quite a bit of time trying to get rid of the problems caused by that and I thought that the combination of Malwarebytes and some miscellaneous efforts by me had completely eliminated the Adaware crap from my computer. I guess not. Sweet Home 3D seems to have been another problem child for me.

 

I don't know what I did to allow the NetworkHostSrv to get installed but I suspect it might be a week or so ago when I fell for a bogus Java update scam. I thought I had stopped it before it did much damage but maybe not. I also thought Malwarebytes might have blocked it before it did much damage but maybe not.

 

This is the text from the AdwCleaner log if you have any interest. The text of additions.txt generated in November of 2013 is below it. Thank you again for your response.

Dave

 

AdwCleaner log

# AdwCleaner v3.308 - Report created 21/08/2014 at 14:09:09
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : dave - DAVE-PC
# Running from : C:\Users\dave\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : NetworkHostSrv

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\NetworkHostTask
Folder Deleted : C:\ProgramData\Online
Folder Deleted : C:\ProgramData\UpdateCommon
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Users\dave\AppData\Roaming\Device
Folder Deleted : C:\Users\dave\AppData\Roaming\SecureSearch
Folder Deleted : C:\Users\dave\AppData\Roaming\serv
Folder Deleted : C:\Users\dave\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijmpjamifmplbakhgikofogdfackici
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\dave\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\dave\Desktop\Sweet Home 3D.lnk
Shortcut Disinfected : C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D\Sweet Home 3D.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iijmpjamifmplbakhgikofogdfackici
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51D24073-2120-47A4-865E-FA6F42FC57BA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCEE70C6-FA43-4B67-A889-80AF260D2435}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\FIXIO PC Utilities
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16563


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ckjhgwk9.default\prefs.js ]


[ File : C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\ocem7xxw.default-1408386555995\prefs.js ]


-\\ Google Chrome v37.0.2062.94

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Kat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6799 octets] - [21/08/2014 14:05:43]
AdwCleaner[s0].txt - [6492 octets] - [21/08/2014 14:09:09]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6552 octets] ##########
 

Additions.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by dave at 2013-11-03 20:11:26
Running from C:\Users\dave\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 1.0.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Actual Installer 3.0 (Version: 3.0)
Ad-Aware Antivirus (Version: 11.0.4555.0)
AdAwareInstaller (Version: 11.0.4555.0)
AdAwareUpdater (Version: 11.0.4555.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player (Version: 10.2.0.23)
Adobe SVG Viewer 3.0 (Version:  3.0)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
AntimalwareEngine (Version: 2.6.0.0)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Apricorn EZ Gig II (Version: 10.0.5114)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 82.0.173.000)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.6.0.12)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.2.7)
Canon MOV Decoder (Version: 1.1.0.31)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.5.0.15)
Canon MP Navigator EX 1.0
Canon MP210 series User Registration
Canon My Printer
Canon RAW Codec (Version: 1.7.0.56)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.3.0.4)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.6 (Version: 3.6.0.0)
Canon Utilities Easy-PhotoPrint EX
Canon Utilities MyCamera (Version: 7.1.0.1)
Canon Utilities MyCamera DC (Version: 7.1.0.4)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture DC (Version: 3.0.1.8)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX (Version: 6.2.1.31)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.0.9)
Chinese Traditional Fonts Support For Adobe Reader 8 (Version: 8.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Contents (Version: 1.6.0.272)
Corel Paint Shop Pro Photo X2 (Version: 12.001.0000)
Corel Paint Shop Pro X (Version: 10.03)
Corel PaintShop Photo Pro X3 (Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (Version: 1.6.1.263)
Corel VideoStudio Pro X3 (Version: 1.6.0.272)
CustomerResearchQFolder (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
DAO 3.5
DesignCAD 3D Max 18 (Version: 18.2)
DeviceIO (Version: 1.6.0.272)
Disk Space Fan 2.2.7.821
DivX Setup (Version: 2.3.0.20)
DjVuLibre+DjView (Version: 3.5.23c+4.6b)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
DraftSight (Version: 10.1.1069)
Driver Detective (Version: 8.1)
Dropbox (HKCU Version: 2.0.22)
EasyGPS 4.13 (Version: 4.13)
eMachineShop
Enhanced Multimedia Keyboard Solution
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3 (Version: 3.0b)
EpsonNet Print (Version: 2.4h)
eSupportQFolder (Version: 1.00.0000)
FamilySearch Indexing (www.familysearchindexing.org)
Font Viewer 2.0
Free RAR Extract Frog (Version: 3.23)
Free Video Flip and Rotate version 1.4
Frontbase GPS 1.1
Garmin BaseCamp (Version: 3.0.6)
Garmin USB Drivers (Version: 2.3.0.0)
GeoPDF Toolbar (Version: 4.01.0208)
Google Earth (Version: 7.1.1.1888)
Google Gmail Notifier
Google Talk Plugin (Version: 4.8.2.15856)
Google Update Helper (Version: 1.3.21.165)
GPL Ghostscript 8.63
GPSU version 5.07
H&R Block California 2009 (Version: 1.09.3601)
H&R Block California 2010 (Version: 1.10.4801)
H&R Block California 2011 (Version: 1.11.5001)
H&R Block California 2012 (Version: 1.12.7501)
H&R Block Premium + Efile + State 2009 (Version: 09.06.6901)
H&R Block Premium + Efile + State 2010 (Version: 10.06.6402)
H&R Block Premium + Efile + State 2011 (Version: 11.07.7102)
H&R Block Premium + Efile + State 2012 (Version: 12.07.7803)
Hardware Diagnostic Tools (Version: 5.00.4323.13)
HDHomeRun (Version: 1.0.12225.0)
HHD Software Device Monitoring Studio 5.22 (Version: 5.22.0.1627)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Driver Diagnostics (Version: 1.02.0010)
HP OCR Software 8.0 (Version: 8.0)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0)
HP On-Screen Caps/Num/Scroll Lock Indicator
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Product Detection (Version: 11.15.0007)
HP Product Detection (Version: 4.00.0002)
HP Solution Center 8.0 (Version: 8.0)
HP Total Care Advisor (Version: 1.0.95)
HP Update (Version: 5.003.000.004)
HPProductAssistant (Version: 82.0.173.000)
HxD Hex Editor version 1.7.6.4 (Version: 1.7.6.4)
I.R.I.S. OCR (Version: 12.3.4.0)
ICA (Version: 1.6.0.272)
ICA (Version: 1.6.1.263)
IcoFX 1.6.4
InfraRecorder
Inkscape 0.45.1 (Version: 0.45.1)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® Viiv™ Software (Version: 1.6.361.6)
IPM_PSP_CL (Version: 1.00.0000)
IPM_PSP_COM (Version: 1.00.0000)
IPM_VS_Pro (Version: 13.0)
iTunes (Version: 11.0.4.4)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java 6 Update 18 (Version: 6.0.180)
Java 6 Update 2 (Version: 1.6.0.20)
Java 6 Update 3 (Version: 1.6.0.30)
Java 6 Update 4 (Version: 1.6.0.40)
Java 6 Update 5 (Version: 1.6.0.50)
Java 6 Update 7 (Version: 1.6.0.70)
Keithley KUSB Series (OEM) (Version: 1.1.0)
Keithley KUSB Series (Version: 002.001.0000)
Keithley KUSB Series (Version: 2.3.0)
Konvertor
Lavasoft Registry Tuner (Version: 2.0.1)
Legacy 7.4 (Version: 7.4 )
Legacy Charting 7.4
LightScribe  1.4.136.1 (Version: 1.4.136.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 82.0.174.000)
MBTestPro (Version: 2.3)
Mediaplex Cookie Removal Tool (Version: build_1.0.0.143_rev_3131_date_15:30:42 15-07-13)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft FrontPage 2000 (Version: 9.00.2720)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office Visio Viewer 2007 (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual Basic Power Packs 3.0 (Version: 9.0.30214)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Microsoft Works (Version: 08.05.0818)
MLE (Version: 1.0.0.18)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicnotes Software Suite 1.1 (Version: 1.1)
My HP Games (Version: HPCMPQ1601)
Norton Security Scan (Version: 1.2.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Opanda IExif 2.3 (Version: 2.3)
Opanda PowerExif 1.2 Professional Trial (Version: 1.2)
OpenOffice.org 3.2 (Version: 3.2.9483)
Paint Shop Pro 5.01
PaintShop Photo Pro X3 Registration Incentive (Version: 1.00.0000)
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoME (Version: 0.79R16)
Photosynth 2.0.1519.16 (Version: 2.0.151916)
Picasa 3 (Version: 3.9)
Picasa Web Albums Live Publisher (Version: 2.4.0)
Pinnacle VideoSpin (Version: 2.0.0.669)
PIXMA Extended Survey Program
PSPPContent (Version: 1.00.0000)
PSPPRO_DCRAW (Version: 13.0.0)
PureHD (Version: 1.6.0.272)
Python 2.4.3 (Version: 2.4.3150)
quickDAQ - Keithley (Version: 1.00.0000)
quickDAQ (Version: 1.6.0.7)
Quicken 2008 (Version: 17.1.5.3)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5361)
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Basic v9 (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator EasyArchive (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler 3 (Version: 2.1.0)
Roxio MyDVD Basic v9 (Version: 9.0.095)
Safari (Version: 3.525.17.0)
Segoe UI (Version: 15.4.2271.0615)
selco (HKCU Version: 1.0.0.0)
Setup (Version: 1.6.0.272)
Setup (Version: 1.6.1.263)
Share (Version: 1.6.0.272)
SketchUp 8 (Version: 3.0.16846)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.0 (Version: 6.0.126)
SmartDraw 2008
SmartDraw 2009
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.5)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SolutionCenter (Version: 82.0.188.000)
SOS Online Backup (Version: 4.8.0.91)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
SpyHunter (Version: 4.15.1.4270)
SQL Server System CLR Types (Version: 10.0.1600.22)
Sweet Home 3D version 4.0
System Requirements Lab for Intel (Version: 4.5.13.0)
TaxCut California 2007 (Version: 1.07.6601)
TaxCut California 2008 (Version: 1.08.3201)
TaxCut Premium + State + Efile 2008 (Version: 08.07.7101)
TaxCut Premium + State 2007 (Version: 07.04.0000)
the Volts Electrical Design Software Suite (Version: 6.00)
Thermtest 1.0 (Version: 1.0)
TOPO! 4 (Version: 4.5.0)
Trellian SEO Toolkit v2.0 (Version: 2.0)
Trellian WebPage (Version: 3.0.0.137)
TrueCrypt (Version: 6.1a)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
USRobotics USB to Serial Port Cable
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VIO (Version: 1.6.0.272)
Visual Basic 5.0 Professional Edition
VSClassic (Version: 1.6.0.272)
VSPro (Version: 1.6.0.272)
WebEx
WinDirStat 1.1.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

==================== Restore Points  =========================

12-10-2013 10:17:30 Scheduled Checkpoint
13-10-2013 23:01:07 Scheduled Checkpoint
14-10-2013 01:44:08 Windows Update
14-10-2013 18:13:43 Scheduled Checkpoint
15-10-2013 18:09:07 Scheduled Checkpoint
16-10-2013 16:04:59 Scheduled Checkpoint
17-10-2013 05:13:43 Windows Update
18-10-2013 18:06:15 Scheduled Checkpoint
19-10-2013 12:52:27 Scheduled Checkpoint
20-10-2013 16:00:27 Windows Update
21-10-2013 17:51:59 Scheduled Checkpoint
22-10-2013 15:28:21 Scheduled Checkpoint
23-10-2013 05:22:58 Installed Java 7 Update 45
23-10-2013 17:15:08 Windows Update
25-10-2013 04:39:29 Scheduled Checkpoint
26-10-2013 17:58:40 Scheduled Checkpoint
27-10-2013 02:24:19 Windows Update
27-10-2013 19:58:46 Scheduled Checkpoint
28-10-2013 15:43:10 Windows Update
29-10-2013 17:01:37 Installed SpyHunter
29-10-2013 17:55:20 AA11
30-10-2013 03:35:14 Installed Lavasoft Registry Tuner
31-10-2013 03:40:24 Scheduled Checkpoint
31-10-2013 17:10:48 Scheduled Checkpoint
31-10-2013 19:07:04 Windows Update
01-11-2013 20:19:09 Scheduled Checkpoint
02-11-2013 18:20:30 Scheduled Checkpoint
03-11-2013 18:04:03 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 02:23 - 2006-09-18 13:41 - 00000736 ____N C:\Windows\system32\Drivers\etc\hosts
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03F2CC0C-9BC0-4706-9D85-F4DDEEA9B07C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {0E9D2879-2ACA-4056-9EBB-EA43B1AEA234} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-28] (Google Inc.)
Task: {1BB6A6AB-9DDD-450B-870C-35991D2D6146} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2157692319-862770736-3730535595-1001Core => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1DD650A4-0387-4DA1-8FC4-DE87EA611DA5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2157692319-862770736-3730535595-1001UA => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)
Task: {2A4E0919-704A-4E98-9AD5-E326647D5166} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2012-10-12] (PC Drivers Headquarters)
Task: {36CFDAFF-6A35-4AE6-A9EC-2768CA4AA381} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2013-07-17] (Enigma Software Group USA, LLC.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {64F69A0F-6649-4F31-B98A-7E47C7D8DBA3} - System32\Tasks\SOS Online Backup - davefoc@gmail.com => C:\Program Files\SOS Online Backup\sosuploadagent.exe [2011-03-14] ()
Task: {741D7E33-4928-4633-9873-E936DE9B7BEB} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {842CD548-5B65-4AC9-88F7-5089C4DF291D} - System32\Tasks\SDMsgUpdate (SD) => C:\Program Files\SmartDraw 2009\Messages\SDNotify.exe [2008-08-11] ()
Task: {A4BF3B05-7EFE-48C2-AF94-AC5579DBE806} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {AB02A08F-88D9-45DE-84FD-55C05B6900AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-28] (Google Inc.)
Task: {B60D9939-F601-40C1-86BD-E31F91CC777E} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2012-10-12] (PC Drivers Headquarters)
Task: {CA42F1B0-F090-4BA4-89FE-67E24AF7F7C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EFA335CC-5ED4-48C0-AF9F-5AFC513C814A} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2012-10-12] (PC Drivers Headquarters)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157692319-862770736-3730535595-1001Core.job => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157692319-862770736-3730535595-1001UA.job => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (SD).job => C:\PROGRA~1\SMARTD~2\Messages\SDNotify.exe
Task: C:\Windows\Tasks\SOS Online Backup - davefoc@gmail.com.job => C:\Program Files\SOS Online Backup\sosuploadagent.exe

==================== Loaded Modules (whitelisted) =============

2013-10-18 17:05 - 2013-10-18 17:05 - 00533872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareShellExtension.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 02038088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\RCF.dll
2011-03-14 12:48 - 2011-03-14 12:48 - 00091520 _____ () C:\Program Files\SOS Online Backup\ClientApi.dll
2010-10-01 11:54 - 2010-10-01 11:54 - 00117904 _____ () C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\pugixml.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00107392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_filesystem-vc100-mt-1_53.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00021880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_system-vc100-mt-1_53.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00048000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_date_time-vc100-mt-1_53.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00086904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_thread-vc100-mt-1_53.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00405368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_locale-vc100-mt-1_53.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00227168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\HtmlFramework.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00232272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\Logger.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00055128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\DllStorage.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00643952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTrayDefaultSkin.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00119640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\Localization.dll
2013-10-18 17:05 - 2013-10-18 17:05 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\SQLite.dll
2013-07-11 08:46 - 2013-07-11 08:46 - 00119296 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\d09a8ba3e1dcf6868bd839343d17c8d4\XPBurnComponent.ni.dll
2012-10-12 14:05 - 2012-10-12 14:05 - 00804800 _____ () C:\Program Files\PC Drivers HeadQuarters\Driver Detective\ThemePack.Default.dll
2012-10-12 14:06 - 2012-10-12 14:06 - 00313320 _____ () C:\Program Files\PC Drivers HeadQuarters\Driver Detective\Agent.Communication.XmlSerializers.dll
2013-03-13 12:48 - 2013-03-13 12:48 - 24978944 _____ () C:\Users\dave\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-30 21:11 - 2013-09-30 21:11 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:D117B72F
AlternateDataStreams: C:\Users\dave\expense report.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\files.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\orbster.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\orbster2.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\power consumption.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\powtest2_c.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\RE_ STOCK OPTION DOCUMENTS.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\rlx.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\test report.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\weekend work.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PCI Soft Data Fax Modem with SmartCP
Description: PCI Soft Data Fax Modem with SmartCP
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: CXT
Service: Modem
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2013 07:53:45 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 24.0.0.5001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1750
Start Time: 01ced8e06db0f4fd
Termination Time: 64

Error: (11/03/2013 00:57:42 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/03/2013 07:19:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7425

Error: (11/03/2013 07:19:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7425

Error: (11/03/2013 07:19:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/03/2013 07:19:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6411

Error: (11/03/2013 07:19:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6411

Error: (11/03/2013 07:19:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/03/2013 07:19:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5413

Error: (11/03/2013 07:19:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5413


System errors:
=============
Error: (11/03/2013 01:40:54 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (11/03/2013 01:40:54 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (11/03/2013 01:40:54 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/03/2013 01:13:18 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (11/03/2013 01:10:35 PM) (Source: Service Control Manager) (User: )
Description: KtmRm for Distributed Transaction Coordinator

Error: (11/03/2013 01:08:09 PM) (Source: Service Control Manager) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (11/03/2013 01:08:09 PM) (Source: Service Control Manager) (User: )
Description: 30000Google Update Service (gupdate)

Error: (11/03/2013 01:07:26 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (11/03/2013 01:05:19 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/03/2013 00:58:38 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068


Microsoft Office Sessions:
=========================
Error: (11/03/2013 07:53:45 PM) (Source: Application Hang)(User: )
Description: firefox.exe24.0.0.5001175001ced8e06db0f4fd64

Error: (11/03/2013 00:57:42 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/03/2013 07:19:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7425

Error: (11/03/2013 07:19:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7425

Error: (11/03/2013 07:19:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/03/2013 07:19:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6411

Error: (11/03/2013 07:19:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6411

Error: (11/03/2013 07:19:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/03/2013 07:19:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5413

Error: (11/03/2013 07:19:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5413


CodeIntegrity Errors:
===================================
  Date: 2013-10-28 11:33:16.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 11:33:15.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 11:33:14.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 11:33:14.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 11:33:03.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 11:33:02.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 11:33:00.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 11:32:58.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 08:54:10.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 08:54:10.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 

Link to post
Share on other sites

There are still a couple of issues to look at, there are several versions of Java installed, all are outdated so should be removed. Old versions do allow infections onto the system.

 

Java 7 Update 45 (Version: 7.0.450)
Java™ 6 Update 18 (Version: 6.0.180)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)

 

Next,

 

There are two security systems installed, both have anti-virus components, Microsoft Security Essentials and Lavasoft Adaware. Although Lavasoft is currently disabled it should be removed if no longer serving a purpose. Two av`s are always counterproductive.

 

Let me know how you wish to progress, you do state the problem is believed to be solved:

 

 

I believe the problem has been solved.

 

If you prefer to close out let me know....

 

Kevin...

Link to post
Share on other sites

Hi Kevin,

Thanks again for your response. I would like to eliminate the problems you found. Thank you for pointing them out.

 

I have run the Java updater and used the option to eliminate the old versions. Hopefully the new FRST scan will verify that they are gone.

 

I tried to uninstall adaware from the control panel program window. I didn't find adaware there either under adaware or Lavasoft adaware. I did find a lavasoft registry cleaner type program and I uninstalled that.

 

I also didn't find an entry for Microsoft Security essentials. I stopped running this awhile ago because it used up a lot of disk resources and it didn't fix the problem I had at the time. I thought I uninstalled it then. Perhaps you could advise how to proceed?

 

I would like to end up with only Malwarebytes installed. Thank you, Dave

Link to post
Share on other sites

Meant to include this with post above:

 

I have uninstalled Lavasoft registry cleaner and old versions of Java since previous time I ran FRST.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by dave (administrator) on DAVE-PC on 21-08-2014 16:05:03
Running from C:\Users\dave\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apricorn) C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PSIService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(CyberLink) C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(PC Drivers Headquarters) C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\dave\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jp2launcher.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\dave\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4349952 2007-01-18] (Realtek Semiconductor)
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2007-04-19] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-04-03] (CANON INC.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [526992 2010-10-01] (Corel, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [591696 2008-02-19] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2009-07-10] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-03-12] (RealNetworks, Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [Driver Detective] => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [3522528 2012-10-12] (PC Drivers Headquarters)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [Google Update] => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-12] (Google Inc.)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [Amazon Cloud Player] => C:\Users\dave\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [2425888 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {1e9d29e2-8107-11dd-9d21-001a92eb2aad} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {22569c40-0ae8-11df-8be9-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {2cb94e36-6305-11dc-8e9c-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {6684efe1-5568-11df-8ebb-001a92eb2aad} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {e2f9a385-7cb3-11e0-a12c-001a92eb2aad} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2157692319-862770736-3730535595-1001\...\MountPoints2: {ec59a28b-b62d-11dc-9519-001a92eb2aad} - F:\Autorun.exe /run
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dave\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dave\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dave\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
SearchScopes: HKLM - {251770DF-016C-4953-8514-69011ADD371C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {8F4FFB65-0EB3-4FF4-9931-B3BCE23CCE5F} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
SearchScopes: HKLM - {D496E40F-A467-433B-A5FF-27DCA8FFC91D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {251770DF-016C-4953-8514-69011ADD371C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111016&iesrc={referrer:source}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=
SearchScopes: HKCU - {8F4FFB65-0EB3-4FF4-9931-B3BCE23CCE5F} URL =
SearchScopes: HKCU - {D496E40F-A467-433B-A5FF-27DCA8FFC91D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\ocem7xxw.default-1408386555995
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=5.2.5.48 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dave\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dave\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\MyCamera.dll (CANON INC.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPCIG.dll (CANON INC.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npatgpc.dll (WebEx Communications, Inc)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-09-13]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-01-18]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-01-18]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-12]
FF HKLM\...\Firefox\Extensions: [{55A8EC97-6AF6-442c-877F-11C51DBD162D}] - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_FF.xpi
FF Extension: YouTube Video Downloader Extension - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_FF.xpi [2014-03-12]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-07-01]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchURL: https://mail.google.com/mail/ca/?extsrc=mailto&url=%s
CHR Extension: (Google Docs) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-02-28]
CHR Extension: (YouTube) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (DivX HiQ) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2013-12-20]
CHR Extension: (RealDownloader) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-12]
CHR Extension: (YouTube Video Downloader Extension) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\igljnkmljjbhcellpnjppojkfdfmkjmp [2014-06-03]
CHR Extension: (No Name) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijmpjamifmplbakhgikofogdfackici [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-12-20]
CHR Extension: (Gmail) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [igljnkmljjbhcellpnjppojkfdfmkjmp] - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_GC.crx [2014-03-12]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe [410856 2007-10-09] (Apricorn)
R2 AdobeActiveFileMonitor12.0; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation) [File not signed]
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] () [File not signed]
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-16] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-10] (SEIKO EPSON CORPORATION)
S3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2007-04-19] (Intel Corporation) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation) [File not signed]
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-08-31] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation) [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [253776 2013-12-27] (CyberLink)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 CLTNetCnService; No ImagePath
S2 Seagate Sync Service; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DT9812K; C:\Windows\System32\Drivers\Dt9812k.sys [70656 2011-05-10] (Data Translation Inc.) [File not signed]
S3 DT9812LD; C:\Windows\System32\DRIVERS\Dt9812Ld.sys [13312 2011-05-26] (Data Translation Inc.) [File not signed]
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [366080 2007-04-18] (Hauppauge Computer Works, Inc)
S4 hhdserial; C:\Windows\system32\drivers\hhdserial.sys [30856 2007-10-02] (HHD Software Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)
R2 mrtRate; C:\Windows\system32\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S3 QCPro; C:\Windows\System32\DRIVERS\p35u.sys [116480 2002-12-10] (Logitech Inc.)
R0 snapman; C:\Windows\System32\DRIVERS\snapman.sys [120688 2010-01-24] (Apricorn) [File not signed]
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [39376 2010-01-24] (Apricorn) [File not signed]
R0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [400560 2010-01-24] (Apricorn) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-05-10] (Apple, Inc.) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 15:35 - 2014-08-21 15:35 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-21 15:34 - 2014-08-21 15:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-21 15:34 - 2014-08-21 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-21 15:34 - 2014-08-21 15:33 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-21 15:34 - 2014-08-21 15:33 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-21 15:34 - 2014-08-21 15:33 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-21 14:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-21 14:05 - 2014-08-21 14:09 - 00000000 ____D () C:\AdwCleaner
2014-08-21 14:05 - 2014-08-21 14:05 - 01364531 _____ () C:\Users\dave\Downloads\AdwCleaner.exe
2014-08-21 14:01 - 2014-08-21 14:02 - 00162872 _____ (Software Installer ) C:\Users\dave\Downloads\Setup(3).exe
2014-08-21 13:02 - 2014-08-21 13:02 - 01094144 _____ (Farbar) C:\Users\dave\Downloads\FRST(1).exe
2014-08-21 11:41 - 2014-08-21 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
2014-08-21 11:41 - 2014-08-21 11:41 - 00000000 ____D () C:\Program Files\Registrar Registry Manager
2014-08-21 11:40 - 2014-08-21 11:40 - 04968008 _____ (Resplendence Software Projects Sp. ) C:\Users\dave\Downloads\RegistrarHomeV7.exe
2014-08-21 11:35 - 2014-08-21 11:35 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\PSTools
2014-08-21 11:18 - 2014-08-21 11:18 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\Regdelnull
2014-08-21 10:46 - 2014-08-21 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-08-21 10:46 - 2014-08-21 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-08-20 11:47 - 2014-08-20 11:47 - 00000000 ____D () C:\Users\dave\AppData\Local\{FC69265E-8DC7-4899-9A45-F7A0A23A79F4}
2014-08-19 04:20 - 2014-08-19 04:21 - 00000000 ____D () C:\Users\dave\AppData\Local\{14FEE1A9-E150-43F2-95A2-8819DF9E17DD}
2014-08-18 16:20 - 2014-08-18 16:20 - 00000000 ____D () C:\Users\dave\AppData\Local\{79FCEBED-71F4-4E2D-857F-B9CA69F5D3DA}
2014-08-18 07:12 - 2014-08-18 07:12 - 00000000 ____D () C:\Users\dave\AppData\Local\{0B5909DB-3FEF-4E46-B6B3-F0419B3871CC}
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\Users\dave\AppData\Local\{603D7236-1842-4678-8F17-CB3B300D7B87}
2014-08-16 14:35 - 2014-06-26 15:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 14:35 - 2014-06-26 15:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 14:35 - 2014-06-26 15:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 14:35 - 2014-06-05 21:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 22:03 - 2014-08-15 22:03 - 00000000 ____D () C:\Windows\Sun
2014-08-15 00:17 - 2014-08-15 00:17 - 00000000 ____D () C:\Users\dave\AppData\Local\{2010FE9E-E2AF-4B94-948F-58D93C04F6EE}
2014-08-14 06:08 - 2014-07-24 11:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 06:08 - 2014-07-24 10:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 06:08 - 2014-07-24 10:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 06:08 - 2014-07-24 10:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 06:08 - 2014-07-24 10:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 06:08 - 2014-07-24 10:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 06:08 - 2014-07-24 10:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 06:08 - 2014-07-24 10:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 06:08 - 2014-07-24 10:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 06:08 - 2014-07-24 10:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 06:08 - 2014-07-24 10:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 06:08 - 2014-07-24 10:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 06:08 - 2014-07-24 10:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 06:08 - 2014-07-24 10:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 06:08 - 2014-07-24 10:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 06:08 - 2014-07-24 10:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 06:08 - 2014-07-24 10:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 06:08 - 2014-07-07 17:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 06:08 - 2014-06-13 17:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 06:08 - 2014-06-13 17:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 06:08 - 2014-06-02 03:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 06:08 - 2014-06-02 03:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 06:08 - 2014-06-02 03:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 06:08 - 2014-06-02 03:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 06:08 - 2014-06-02 01:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 11:08 - 2014-08-13 23:09 - 00000000 ____D () C:\Users\dave\AppData\Local\{D38017BC-E556-417D-9E82-554F22792CCA}
2014-08-11 18:21 - 2014-08-11 18:21 - 00144880 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-10 13:19 - 2014-08-10 13:19 - 00421034 _____ () C:\Users\dave\Downloads\My recording #8.wav
2014-08-09 11:49 - 2014-08-09 11:49 - 00144880 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-05 13:43 - 2013-09-11 07:02 - 00596000 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM7012.dll
2014-08-05 13:42 - 2014-08-05 13:42 - 00002105 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8620.lnk
2014-08-05 13:42 - 2014-08-05 13:42 - 00001057 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8620.lnk
2014-08-04 19:29 - 2014-08-04 19:29 - 00000000 ____D () C:\Users\dave\AppData\Local\{3FB88754-803A-493D-A0E8-BE86CBE8835C}
2014-08-04 07:59 - 2014-08-04 07:59 - 00144880 _____ () C:\Windows\Minidump\Mini080414-01.dmp
2014-08-03 19:26 - 2014-08-04 07:29 - 00000000 ____D () C:\Users\dave\AppData\Local\{ABDDD751-1E60-48E0-9B30-A403A7B791EC}
2014-08-03 16:10 - 2014-08-03 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Helicon Software
2014-08-03 16:07 - 2014-08-03 16:09 - 80159664 _____ (Helicon Soft Ltd. ) C:\Users\dave\Downloads\HeliconFocus.exe
2014-08-03 12:49 - 2014-08-03 12:51 - 00000000 ____D () C:\Program Files\PICOLAY
2014-08-03 12:49 - 2014-08-03 12:49 - 00001654 _____ () C:\Users\dave\Desktop\picolay.lnk
2014-08-03 12:49 - 2014-08-03 12:49 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\picolay
2014-08-03 12:49 - 2014-08-03 12:49 - 00000000 ____D () C:\Users\dave\AppData\Roaming\DATA
2014-08-03 12:48 - 2014-08-03 12:48 - 04715892 _____ () C:\Users\dave\Downloads\install_PICOLAY_140604.exe
2014-08-01 18:28 - 2014-08-03 07:25 - 00000000 ____D () C:\Users\dave\AppData\Local\{2C7C51D2-A2CD-46AD-92B4-398AC5D13AB7}
2014-07-31 21:07 - 2014-07-31 21:07 - 00144880 _____ () C:\Windows\Minidump\Mini073114-01.dmp
2014-07-29 23:24 - 2014-07-29 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 23:35 - 2014-07-27 23:35 - 00545890 _____ () C:\Users\dave\Downloads\My recording #7.wav
2014-07-27 23:35 - 2014-07-27 23:35 - 00485062 _____ () C:\Users\dave\Downloads\My recording #6.wav
2014-07-27 23:35 - 2014-07-27 23:35 - 00386880 _____ () C:\Users\dave\Downloads\My recording #5.wav
2014-07-27 23:34 - 2014-07-27 23:34 - 01939349 _____ () C:\Users\dave\Downloads\crickets.zip
2014-07-27 23:34 - 2014-07-27 23:34 - 00529884 _____ () C:\Users\dave\Downloads\My recording #4.wav
2014-07-27 23:34 - 2014-07-27 23:34 - 00372474 _____ () C:\Users\dave\Downloads\My recording #3.wav
2014-07-27 02:19 - 2014-07-27 02:19 - 00144880 _____ () C:\Windows\Minidump\Mini072714-01.dmp
2014-07-27 01:16 - 2014-07-27 01:16 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Oracle
2014-07-26 17:56 - 2014-07-26 17:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Wondershare
2014-07-23 00:41 - 2014-07-23 00:41 - 00453048 _____ () C:\Users\dave\Downloads\My recording #2.wav
2014-07-22 13:21 - 2014-07-22 13:22 - 00144880 _____ () C:\Windows\Minidump\Mini072214-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 16:05 - 2013-11-03 21:11 - 00033146 _____ () C:\Users\dave\Downloads\FRST.txt
2014-08-21 16:05 - 2013-11-03 21:08 - 00000000 ____D () C:\FRST
2014-08-21 15:58 - 2013-10-29 10:58 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-21 15:55 - 2012-12-10 12:17 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157692319-862770736-3730535595-1001UA.job
2014-08-21 15:50 - 2013-10-22 22:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-21 15:35 - 2014-08-21 15:35 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-21 15:34 - 2014-08-21 15:34 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-21 15:34 - 2014-08-21 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-21 15:33 - 2014-08-21 15:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-21 15:33 - 2014-08-21 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-21 15:33 - 2014-08-21 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-21 15:31 - 2009-12-28 12:10 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 15:29 - 2014-03-29 01:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 15:13 - 2014-07-12 22:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 14:20 - 2013-03-31 12:29 - 00000000 ___RD () C:\Users\dave\Dropbox
2014-08-21 14:20 - 2013-03-31 12:24 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Dropbox
2014-08-21 14:16 - 2009-12-28 12:10 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 14:16 - 2008-10-03 22:16 - 00000462 _____ () C:\Windows\Tasks\SDMsgUpdate (SD).job
2014-08-21 14:11 - 2007-06-07 07:58 - 00153730 _____ () C:\Windows\PFRO.log
2014-08-21 14:11 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 14:11 - 2006-11-02 05:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 14:11 - 2006-11-02 05:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 14:09 - 2014-08-21 14:05 - 00000000 ____D () C:\AdwCleaner
2014-08-21 14:09 - 2013-05-22 02:12 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2014-08-21 14:09 - 2013-05-22 00:48 - 00000698 _____ () C:\Users\dave\Desktop\Sweet Home 3D.lnk
2014-08-21 14:09 - 2007-09-14 14:01 - 01298474 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 14:09 - 2006-11-02 06:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-21 14:05 - 2014-08-21 14:05 - 01364531 _____ () C:\Users\dave\Downloads\AdwCleaner.exe
2014-08-21 14:02 - 2014-08-21 14:01 - 00162872 _____ (Software Installer ) C:\Users\dave\Downloads\Setup(3).exe
2014-08-21 13:02 - 2014-08-21 13:02 - 01094144 _____ (Farbar) C:\Users\dave\Downloads\FRST(1).exe
2014-08-21 11:41 - 2014-08-21 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
2014-08-21 11:41 - 2014-08-21 11:41 - 00000000 ____D () C:\Program Files\Registrar Registry Manager
2014-08-21 11:40 - 2014-08-21 11:40 - 04968008 _____ (Resplendence Software Projects Sp. ) C:\Users\dave\Downloads\RegistrarHomeV7.exe
2014-08-21 11:35 - 2014-08-21 11:35 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\PSTools
2014-08-21 11:18 - 2014-08-21 11:18 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\Regdelnull
2014-08-21 11:02 - 2014-05-28 00:10 - 00000000 ____D () C:\Windows\WICCodecs
2014-08-21 10:46 - 2014-08-21 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-08-21 10:46 - 2014-08-21 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-08-21 09:03 - 2007-09-14 22:34 - 00000000 ____D () C:\Users\dave\AppData\Local\Adobe
2014-08-20 22:55 - 2012-12-10 12:17 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157692319-862770736-3730535595-1001Core.job
2014-08-20 14:39 - 2013-12-20 00:38 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-20 11:47 - 2014-08-20 11:47 - 00000000 ____D () C:\Users\dave\AppData\Local\{FC69265E-8DC7-4899-9A45-F7A0A23A79F4}
2014-08-19 19:50 - 2007-09-19 01:41 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\MyDoc
2014-08-19 04:21 - 2014-08-19 04:20 - 00000000 ____D () C:\Users\dave\AppData\Local\{14FEE1A9-E150-43F2-95A2-8819DF9E17DD}
2014-08-18 16:20 - 2014-08-18 16:20 - 00000000 ____D () C:\Users\dave\AppData\Local\{79FCEBED-71F4-4E2D-857F-B9CA69F5D3DA}
2014-08-18 12:28 - 2010-08-11 00:12 - 00000000 ____D () C:\Users\dave\AppData\Local\TopoGrafix
2014-08-18 11:29 - 2014-03-01 08:50 - 00000000 ____D () C:\Users\dave\Desktop\Old Firefox Data
2014-08-18 07:12 - 2014-08-18 07:12 - 00000000 ____D () C:\Users\dave\AppData\Local\{0B5909DB-3FEF-4E46-B6B3-F0419B3871CC}
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\Users\dave\AppData\Local\{603D7236-1842-4678-8F17-CB3B300D7B87}
2014-08-17 13:04 - 2011-03-20 11:54 - 00000458 _____ () C:\Windows\Tasks\SOS Online Backup - davefoc@gmail.com.job
2014-08-17 13:04 - 2011-03-20 11:25 - 00000000 ____D () C:\Program Files\SOS Online Backup
2014-08-16 16:12 - 2009-03-17 09:01 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-16 15:52 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache
2014-08-16 15:49 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-16 15:41 - 2006-11-02 03:33 - 00772070 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 14:55 - 2013-11-26 08:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 14:37 - 2006-11-02 03:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-16 14:19 - 2007-09-14 14:19 - 00000000 ____D () C:\Users\dave
2014-08-16 14:15 - 2014-02-26 00:21 - 00000000 ____D () C:\Users\dave\AppData\Local\CrashDumps
2014-08-15 22:03 - 2014-08-15 22:03 - 00000000 ____D () C:\Windows\Sun
2014-08-15 22:02 - 2007-06-07 07:31 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-15 08:25 - 2013-03-31 12:29 - 00000957 _____ () C:\Users\dave\Desktop\Dropbox.lnk
2014-08-15 08:25 - 2013-03-31 12:26 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 07:35 - 2007-09-16 20:22 - 00005720 _____ () C:\Users\dave\Desktop\info.txt
2014-08-15 00:17 - 2014-08-15 00:17 - 00000000 ____D () C:\Users\dave\AppData\Local\{2010FE9E-E2AF-4B94-948F-58D93C04F6EE}
2014-08-14 20:25 - 2012-11-11 15:12 - 00000000 ____D () C:\Users\dave\AppData\Roaming\HpUpdate
2014-08-13 23:09 - 2014-08-13 11:08 - 00000000 ____D () C:\Users\dave\AppData\Local\{D38017BC-E556-417D-9E82-554F22792CCA}
2014-08-13 10:50 - 2013-06-01 02:57 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\My PSP Files
2014-08-11 18:21 - 2014-08-11 18:21 - 00144880 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 18:21 - 2010-10-13 08:57 - 00000000 ____D () C:\Windows\Minidump
2014-08-11 18:20 - 2010-10-13 08:57 - 211707499 _____ () C:\Windows\MEMORY.DMP
2014-08-11 15:14 - 2014-03-04 01:04 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Audacity
2014-08-10 13:19 - 2014-08-10 13:19 - 00421034 _____ () C:\Users\dave\Downloads\My recording #8.wav
2014-08-09 11:49 - 2014-08-09 11:49 - 00144880 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-07 18:57 - 2012-12-03 22:43 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Skype
2014-08-05 14:55 - 2012-11-11 15:06 - 00000000 ____D () C:\Users\dave\AppData\Local\HP
2014-08-05 13:46 - 2007-06-07 07:27 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-08-05 13:45 - 2007-06-07 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-05 13:42 - 2014-08-05 13:42 - 00002105 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8620.lnk
2014-08-05 13:42 - 2014-08-05 13:42 - 00001057 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8620.lnk
2014-08-05 13:39 - 2007-09-14 22:06 - 00000000 ____D () C:\ProgramData\HP
2014-08-05 13:38 - 2007-06-07 07:44 - 00000000 ____D () C:\Program Files\HP
2014-08-05 13:38 - 2006-11-02 05:37 - 00000000 ____D () C:\Windows\twain_32
2014-08-04 19:29 - 2014-08-04 19:29 - 00000000 ____D () C:\Users\dave\AppData\Local\{3FB88754-803A-493D-A0E8-BE86CBE8835C}
2014-08-04 07:59 - 2014-08-04 07:59 - 00144880 _____ () C:\Windows\Minidump\Mini080414-01.dmp
2014-08-04 07:29 - 2014-08-03 19:26 - 00000000 ____D () C:\Users\dave\AppData\Local\{ABDDD751-1E60-48E0-9B30-A403A7B791EC}
2014-08-03 16:11 - 2007-09-14 22:34 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Adobe
2014-08-03 16:10 - 2014-08-03 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Helicon Software
2014-08-03 16:09 - 2014-08-03 16:07 - 80159664 _____ (Helicon Soft Ltd. ) C:\Users\dave\Downloads\HeliconFocus.exe
2014-08-03 15:14 - 2013-04-14 18:55 - 00000000 ____D () C:\Users\dave\Dropbox\Documents\HRBlock
2014-08-03 15:12 - 2008-02-19 16:23 - 00000000 ____D () C:\ProgramData\pdf995
2014-08-03 14:53 - 2008-02-19 16:22 - 00000000 ____D () C:\Users\dave\AppData\Roaming\TaxCut
2014-08-03 12:51 - 2014-08-03 12:49 - 00000000 ____D () C:\Program Files\PICOLAY
2014-08-03 12:49 - 2014-08-03 12:49 - 00001654 _____ () C:\Users\dave\Desktop\picolay.lnk
2014-08-03 12:49 - 2014-08-03 12:49 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\picolay
2014-08-03 12:49 - 2014-08-03 12:49 - 00000000 ____D () C:\Users\dave\AppData\Roaming\DATA
2014-08-03 12:48 - 2014-08-03 12:48 - 04715892 _____ () C:\Users\dave\Downloads\install_PICOLAY_140604.exe
2014-08-03 07:25 - 2014-08-01 18:28 - 00000000 ____D () C:\Users\dave\AppData\Local\{2C7C51D2-A2CD-46AD-92B4-398AC5D13AB7}
2014-07-31 21:07 - 2014-07-31 21:07 - 00144880 _____ () C:\Windows\Minidump\Mini073114-01.dmp
2014-07-31 21:07 - 2012-04-25 08:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 00:32 - 2007-09-19 01:39 - 00000000 ___RD () C:\Users\dave\Dropbox\Documents\MyApt
2014-07-29 23:24 - 2014-07-29 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 23:35 - 2014-07-27 23:35 - 00545890 _____ () C:\Users\dave\Downloads\My recording #7.wav
2014-07-27 23:35 - 2014-07-27 23:35 - 00485062 _____ () C:\Users\dave\Downloads\My recording #6.wav
2014-07-27 23:35 - 2014-07-27 23:35 - 00386880 _____ () C:\Users\dave\Downloads\My recording #5.wav
2014-07-27 23:34 - 2014-07-27 23:34 - 01939349 _____ () C:\Users\dave\Downloads\crickets.zip
2014-07-27 23:34 - 2014-07-27 23:34 - 00529884 _____ () C:\Users\dave\Downloads\My recording #4.wav
2014-07-27 23:34 - 2014-07-27 23:34 - 00372474 _____ () C:\Users\dave\Downloads\My recording #3.wav
2014-07-27 08:03 - 2012-01-05 14:16 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-07-27 08:02 - 2008-02-10 19:13 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-27 02:19 - 2014-07-27 02:19 - 00144880 _____ () C:\Windows\Minidump\Mini072714-01.dmp
2014-07-27 01:20 - 2007-09-18 18:10 - 00000000 ____D () C:\Program Files\Java
2014-07-27 01:16 - 2014-07-27 01:16 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Oracle
2014-07-26 17:56 - 2014-07-26 17:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Wondershare
2014-07-26 17:15 - 2008-09-13 17:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 16:53 - 2010-06-17 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 16:47 - 2008-02-02 12:01 - 00000000 ____D () C:\ProgramData\Intuit
2014-07-26 12:17 - 2014-04-14 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013
2014-07-24 13:47 - 2007-09-15 14:26 - 00149504 _____ () C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-24 11:07 - 2014-08-14 06:08 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 10:58 - 2014-08-14 06:08 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 10:57 - 2014-08-14 06:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 10:52 - 2014-08-14 06:08 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 10:51 - 2014-08-14 06:08 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 10:51 - 2014-08-14 06:08 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 10:50 - 2014-08-14 06:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 10:50 - 2014-08-14 06:08 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 10:49 - 2014-08-14 06:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 10:48 - 2014-08-14 06:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 10:48 - 2014-08-14 06:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 10:48 - 2014-08-14 06:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 10:48 - 2014-08-14 06:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 10:48 - 2014-08-14 06:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 10:48 - 2014-08-14 06:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 10:48 - 2014-08-14 06:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 10:47 - 2014-08-14 06:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-23 00:41 - 2014-07-23 00:41 - 00453048 _____ () C:\Users\dave\Downloads\My recording #2.wav
2014-07-22 13:22 - 2014-07-22 13:21 - 00144880 _____ () C:\Windows\Minidump\Mini072214-01.dmp

Files to move or delete:
====================
C:\Users\dave\jobq.dat


Some content of TEMP:
====================
C:\Users\dave\AppData\Local\Temp\0fbdecac-136d-4a9a-9252-58eed6564493.exe
C:\Users\dave\AppData\Local\Temp\65a08844-add7-4430-91d8-c507b2dbb23e.exe
C:\Users\dave\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\dave\AppData\Local\Temp\AutoDetect.exe
C:\Users\dave\AppData\Local\Temp\BackupSetup.exe
C:\Users\dave\AppData\Local\Temp\Bob.exe
C:\Users\dave\AppData\Local\Temp\d0c22ec4-d229-4b95-9ff8-bda8d5d2e443.exe
C:\Users\dave\AppData\Local\Temp\dad5d714-759c-470a-b159-3a790e8348fc.exe
C:\Users\dave\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdwupkh.dll
C:\Users\dave\AppData\Local\Temp\extension5830534983172881924.dll
C:\Users\dave\AppData\Local\Temp\f274737c-773c-4833-b3cd-757a11ea305c.exe
C:\Users\dave\AppData\Local\Temp\HRBlock_2013_California_Upd.exe
C:\Users\dave\AppData\Local\Temp\i4jdel0.exe
C:\Users\dave\AppData\Local\Temp\install_flashplayer11x32au_mssa_aih.exe
C:\Users\dave\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\dave\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih_1.exe
C:\Users\dave\AppData\Local\Temp\JKSUtil.dll
C:\Users\dave\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\dave\AppData\Local\Temp\oi_{5AA2BCDD-61EC-40FE-AFB6-CAC72FE745C8}.exe
C:\Users\dave\AppData\Local\Temp\Quarantine.exe
C:\Users\dave\AppData\Local\Temp\readSTILog.dll
C:\Users\dave\AppData\Local\Temp\setup.exe
C:\Users\dave\AppData\Local\Temp\SHSetup.exe
C:\Users\dave\AppData\Local\Temp\SymcPCCUInstaller.exe
C:\Users\dave\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\dave\AppData\Local\Temp\WINHTTP5.DLL
C:\Users\dave\AppData\Local\Temp\_is1A94.exe
C:\Users\dave\AppData\Local\Temp\_is710C.exe
C:\Users\dave\AppData\Local\Temp\_JKSInstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-21 14:21

==================== End Of Log ============================

Link to post
Share on other sites

Hello Dave,

 

Thanks for the update and log, regarding Malwarebytes, yes an excellent antimalware tool but be aware it has no anti-virus components, you will need an active AV program installed for system protection. I see nothing wrong with Microsoft Security Essentials, I use that myself...

 

we continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Your version of Malwarebytes is outdated, you are better of with the latest version:

 

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

 
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

 

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

 



 

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

Thanks again. This is so much more help than I expected.

 

I am going to follow your suggestions tomorrow. I'm a little burned out on all this right now. Besides dealing with the vmhost.exe stuff today, I also think I've solved the disk thrashing issues that have annoyed me since I've owned this computer. I've disabled a bunch of stuff but periodically the hard disk activity goes way up for no obvious reason. I've disabled a bunch of stuff which has gotten rid of a lot of it, but it returned today with a vengeance. The problem was the system restore program, which was probably triggered by the uninstallation of a few programs. I was able to change some parameters so that when the computer isn't idle system restore is halted until the computer becomes idle again. I'm going for a hike. Thanks again.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.