Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhostexe32 spawn com-surrogate processes, cant kill, system freezes


  • This topic is locked This topic is locked
14 replies to this topic

#1 jimdavis222

jimdavis222

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:01:46 PM

Posted 17 September 2014 - 04:39 PM

the dllhost.exe*32  repeatedly spawns com-surrogate processes until system programs, like windows explorer, stops responding. Even when I kill the processes as fast as I can they still keep spawning.

 

Here is the DDS.TXT file, and the Attach.txt is attached

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Jim Davis at 14:32:56 on 2014-09-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6135.3166 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\explorer.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
mStart Page = hxxp://websearch.calcitapp.info/
mWinlogon: Userinit = userinit.exe
BHO: FineDeAlSoft: {63709815-26B5-31D9-F955-A7A9C07E8C33} - C:\ProgramData\FineDeAlSoft\5I6UdsW2.dll
BHO: savernet: {7C1B3011-1638-EEC6-9760-64BD86FF3454} - C:\ProgramData\savernet\Ix.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
BHO: less2ppay: {9BF813BC-7081-B079-8F4D-34B1EEA85A87} - C:\ProgramData\less2ppay\6ONHWfeUq.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1D1D24EA-29C8-47A5-93F7-5F9B6EAA49AE} : DHCPNameServer = 192.168.2.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Users\My New C Drive\QuickBooks Pro\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
AppInit_DLLs= c:\progra~3\winspeed\winspeed.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://websearch.calcitapp.info/
x64-BHO: FineDeAlSoft: {63709815-26B5-31D9-F955-A7A9C07E8C33} - C:\ProgramData\FineDeAlSoft\5I6UdsW2.x64.dll
x64-BHO: savernet: {7C1B3011-1638-EEC6-9760-64BD86FF3454} - C:\ProgramData\savernet\Ix.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: less2ppay: {9BF813BC-7081-B079-8F4D-34B1EEA85A87} - C:\ProgramData\less2ppay\6ONHWfeUq.x64.dll
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-14 53488]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-27 50976]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-10-18 352816]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2014/04/15 18:08:48];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2014-2-12 32456]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2014-4-15 85568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2014-4-15 77576]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2014-4-15 294664]
R2 f1f78e38;WinSpeed;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-7 438616]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2014-4-15 75248]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe [2011-10-23 75040]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [2011-10-23 210720]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-15 1820184]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2011-10-23 625152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-8-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-8-24 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\JIMDAV~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\JIMDAV~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2014-8-30 179200]
S3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2009-9-21 54320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-17 111616]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-8-24 1083888]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-14 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
.
=============== Created Last 30 ================
.
2014-09-17 19:12:26 -------- d-sh--w- C:\Users\Jim Davis\AppData\Local\EmieUserList
2014-09-17 19:12:26 -------- d-sh--w- C:\Users\Jim Davis\AppData\Local\EmieSiteList
2014-09-17 16:38:00 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB69A894-C72C-48FD-9571-AF3811C589FD}\offreg.dll
2014-09-17 16:34:52 -------- d-----w- C:\Windows\Migration
2014-09-17 15:59:35 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-17 15:59:35 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-17 15:59:15 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB69A894-C72C-48FD-9571-AF3811C589FD}\mpengine.dll
2014-09-17 15:58:04 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-09-17 15:58:04 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-09-17 15:58:04 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-09-17 15:58:04 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-09-17 15:58:03 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-09-17 15:58:03 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-09-17 15:56:55 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-09-17 15:07:19 -------- d-----w- C:\ProgramData\savernet
2014-09-17 15:01:13 -------- d-----w- C:\FRST
2014-09-17 14:58:22 -------- d-----w- C:\tmp
2014-09-17 01:09:11 -------- d-----w- C:\Users\Jim Davis\AppData\Local\{04B02AD9-B64B-4214-AB66-981B57B76000}
2014-09-14 02:05:49 -------- d-----w- C:\Windows\pss
2014-09-14 01:42:34 338432 ----a-w- C:\conhost.exe
2014-09-14 00:29:39 -------- d-----w- C:\ProgramData\FineDeAlSoft
2014-09-01 01:53:18 -------- d-----w- C:\Users\Jim Davis\AppData\Local\{1BE24E67-5D47-4B73-BDBA-D61050E20278}
2014-08-29 20:10:51 -------- d-----w- C:\Program Files (x86)\AVG Security Toolbar
2014-08-29 20:10:39 -------- d-----w- C:\ProgramData\Avg_Update_0814tb
2014-08-24 03:59:12 -------- d-----w- C:\Users\Jim Davis\AppData\Roaming\27578
.
==================== Find3M  ====================
.
2014-08-25 12:53:42 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-16 00:21:32 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-25 08:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 05:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-07 02:06:35 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-07-07 02:06:35 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-07 01:40:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-07 01:40:12 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-07-07 01:39:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-24 03:29:36 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-06-24 02:59:49 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
.
============= FINISH: 14:33:19.62 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 PM

Posted 17 September 2014 - 04:40 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 jimdavis222

jimdavis222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:01:46 PM

Posted 17 September 2014 - 06:16 PM

Sorry it took so long to respond but here are the 2 files.

 

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Jim Davis (administrator) on DELL00 on 17-09-2014 13:09:29
Running from C:\tmp
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4180303317-644901574-3286542257-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~3\WinSpeed\WINSPE~1.DLL => C:\ProgramData\WinSpeed\WinSpeed_x64.dll [4304896 2014-08-15] ()
AppInit_DLLs-x32: c:\progra~3\winspeed\winspeed.dll => c:\ProgramData\WinSpeed\WinSpeed.dll [4127232 2014-08-15] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C94731B898ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MCBDD0F47-DA0B-4480-B7AC-297203C9E68A&SearchSource=58&CUI=&UM=6&UP=SP04216820-0913-4DFC-AAA3-0E8F2FFDFA3C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={80FAA2D4-B844-41DE-8B5A-F367ACED78DD}&mid=bd2280a5014947d3b304d16ae8022f8c-bcd14f1b64190dc7a568c8fa483e79a387d2c31a&lang=en&ds=ft013&pr=sa&d=2013-08-27 11:02:29&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: FineDeAlSoft -> {63709815-26B5-31D9-F955-A7A9C07E8C33} -> C:\ProgramData\FineDeAlSoft\5I6UdsW2.x64.dll ()
BHO: savernet -> {7C1B3011-1638-EEC6-9760-64BD86FF3454} -> C:\ProgramData\savernet\Ix.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: less2ppay -> {9BF813BC-7081-B079-8F4D-34B1EEA85A87} -> C:\ProgramData\less2ppay\6ONHWfeUq.x64.dll ()
BHO-x32: FineDeAlSoft -> {63709815-26B5-31D9-F955-A7A9C07E8C33} -> C:\ProgramData\FineDeAlSoft\5I6UdsW2.dll ()
BHO-x32: savernet -> {7C1B3011-1638-EEC6-9760-64BD86FF3454} -> C:\ProgramData\savernet\Ix.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: less2ppay -> {9BF813BC-7081-B079-8F4D-34B1EEA85A87} -> C:\ProgramData\less2ppay\6ONHWfeUq.dll ()
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Users\My New C Drive\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Users\My New C Drive\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://websearch.calcitapp.info/
CHR RestoreOnStartup: Default -> "hxxp://websearch.calcitapp.info/"
CHR StartupUrls: Default -> "hxxp://websearch.calcitapp.info/"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchProvider: Default -> Conduit Search
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Users\My New C Drive\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-24]
CHR Extension: (YouTube) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-24]
CHR Extension: (Google Search) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-24]
CHR Extension: (Follow) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2014-09-13]
CHR Extension: (Set New Tab To Google) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp [2014-09-17]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Traffic Rank) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipgijiceofkdddeceikmdjledafnehk [2014-08-15]
CHR Extension: (Gmail) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-08-06] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2014-02-12] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2014-02-12] (CyberLink)
R2 f1f78e38; c:\ProgramData\WinSpeed\WinSpeedSvc.dll [186192 2014-08-15] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-28] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe [75040 2009-07-15] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [210720 2009-07-15] (Ralink Technology, Corp.)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-08-31] (Company) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-15] (AVG Secure Search)
S2 SessionLauncher; C:\Users\JIMDAV~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-15] (AVG Technologies)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2007-08-18] (Sonic Solutions)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-10-18] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-10-18] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-10-18] (Paragon)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [32456 2014-02-12] (CyberLink Corp.)
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 10:15 - 2014-08-19 12:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-17 10:15 - 2014-08-19 11:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-17 10:15 - 2014-08-18 17:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-17 10:15 - 2014-08-18 16:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-17 10:15 - 2014-08-18 16:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-17 10:15 - 2014-08-18 16:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-17 10:15 - 2014-08-18 16:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-17 10:15 - 2014-08-18 16:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-17 10:15 - 2014-08-18 16:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-17 10:15 - 2014-08-18 16:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-17 10:15 - 2014-08-18 16:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-17 10:15 - 2014-08-18 16:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-17 10:15 - 2014-08-18 16:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-17 10:15 - 2014-08-18 16:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-17 10:15 - 2014-08-18 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-17 10:15 - 2014-08-18 16:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-17 10:15 - 2014-08-18 16:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-17 10:15 - 2014-08-18 16:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-17 10:15 - 2014-08-18 16:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-17 10:15 - 2014-08-18 15:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-17 10:15 - 2014-08-18 15:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-17 10:15 - 2014-08-18 15:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-17 10:15 - 2014-08-18 15:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-17 10:15 - 2014-08-18 15:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-17 10:15 - 2014-08-18 15:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-17 10:15 - 2014-08-18 15:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-17 10:15 - 2014-08-18 15:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-17 10:15 - 2014-08-18 15:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-17 10:15 - 2014-08-18 15:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-17 10:15 - 2014-08-18 15:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-17 10:15 - 2014-08-18 15:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-17 10:15 - 2014-08-18 15:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-17 10:15 - 2014-08-18 15:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-17 10:15 - 2014-08-18 15:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-17 10:15 - 2014-08-18 15:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-17 10:15 - 2014-08-18 15:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-17 10:15 - 2014-08-18 15:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-17 10:15 - 2014-08-18 15:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-17 10:15 - 2014-08-18 15:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-17 10:15 - 2014-08-18 15:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-17 10:15 - 2014-08-18 15:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-17 10:15 - 2014-08-18 15:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-17 10:15 - 2014-08-18 15:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-17 10:15 - 2014-08-18 15:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-17 10:15 - 2014-08-18 15:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-17 10:15 - 2014-08-18 15:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-17 10:15 - 2014-08-18 15:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-17 10:15 - 2014-08-18 15:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-17 10:15 - 2014-08-18 15:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-17 10:15 - 2014-08-18 15:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-17 10:15 - 2014-08-18 15:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-17 10:15 - 2014-08-18 14:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-17 10:15 - 2014-08-18 14:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-17 10:15 - 2014-08-18 14:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-17 10:15 - 2014-08-18 14:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-17 10:15 - 2014-08-18 14:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-17 09:59 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-17 09:59 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-17 09:58 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-17 09:58 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-17 09:58 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-17 09:58 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-17 09:58 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-17 09:58 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-17 09:57 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-17 09:57 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-17 09:57 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-17 09:57 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-17 09:57 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-17 09:57 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-09-17 09:57 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-17 09:57 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-17 09:57 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-17 09:57 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-09-17 09:57 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-17 09:56 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-17 09:56 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-17 09:56 - 2014-07-15 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-17 09:56 - 2014-07-15 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-17 09:56 - 2014-07-06 20:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 09:56 - 2014-07-06 20:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-17 09:56 - 2014-07-06 19:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-17 09:56 - 2014-07-06 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-17 09:56 - 2014-07-06 19:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-17 09:56 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-17 09:56 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-17 09:56 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-17 09:56 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-17 09:56 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-17 09:56 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-17 09:56 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-17 09:56 - 2014-06-03 04:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-17 09:56 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-17 09:56 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-17 09:56 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-17 09:56 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-17 09:56 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-17 09:56 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-17 09:56 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-17 09:56 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-09-17 09:56 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-09-17 09:56 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-17 09:56 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-17 09:56 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-17 09:56 - 2014-03-26 08:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-17 09:56 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-09-17 09:56 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-09-17 09:56 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-17 09:56 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-17 09:56 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-09-17 09:56 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-09-17 09:53 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-17 09:53 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-17 09:53 - 2014-08-22 18:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-17 09:53 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-17 09:53 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-17 09:53 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-17 09:53 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-17 09:53 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-17 09:53 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-17 09:53 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-17 09:53 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-17 09:53 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-17 09:53 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-17 09:24 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-17 09:24 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-17 09:24 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-17 09:24 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-17 09:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-17 09:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-17 09:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-17 09:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-17 09:07 - 2014-09-17 09:07 - 00000000 ____D () C:\ProgramData\savernet
2014-09-17 09:01 - 2014-09-17 13:09 - 00000000 ____D () C:\FRST
2014-09-17 08:58 - 2014-09-17 13:09 - 00000000 ____D () C:\tmp
2014-09-16 19:09 - 2014-09-16 19:09 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{04B02AD9-B64B-4214-AB66-981B57B76000}
2014-09-13 20:05 - 2014-09-13 21:01 - 00000000 ____D () C:\Windows\pss
2014-09-13 19:42 - 2013-08-01 19:09 - 00338432 _____ (Microsoft Corporation) C:\conhost.exe
2014-09-13 18:29 - 2014-09-13 18:29 - 00000000 ____D () C:\ProgramData\FineDeAlSoft
2014-08-31 19:53 - 2014-08-31 19:55 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{1BE24E67-5D47-4B73-BDBA-D61050E20278}
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-08-23 21:59 - 2014-08-23 21:59 - 00000000 ____D () C:\Users\Jim Davis\AppData\Roaming\27578

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 13:09 - 2014-09-17 09:01 - 00000000 ____D () C:\FRST
2014-09-17 13:09 - 2014-09-17 08:58 - 00000000 ____D () C:\tmp
2014-09-17 13:09 - 2013-08-15 16:01 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 13:08 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 13:08 - 2009-07-13 22:51 - 00058235 _____ () C:\Windows\setupact.log
2014-09-17 13:07 - 2011-10-14 09:03 - 01225765 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 12:26 - 2013-08-15 16:01 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 11:07 - 2009-07-13 22:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 11:07 - 2009-07-13 22:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 10:59 - 2011-10-14 14:40 - 00125522 _____ () C:\Windows\PFRO.log
2014-09-17 10:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-17 10:53 - 2011-10-14 18:01 - 00787916 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-17 10:53 - 2009-07-13 23:13 - 00787916 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-17 10:40 - 2011-12-30 18:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-17 10:40 - 2011-12-30 18:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-17 10:40 - 2009-07-13 22:45 - 00985000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 10:37 - 2009-07-14 01:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-17 10:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-17 10:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-17 10:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-17 10:03 - 2011-12-30 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-17 10:02 - 2013-08-15 16:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-17 09:07 - 2014-09-17 09:07 - 00000000 ____D () C:\ProgramData\savernet
2014-09-17 09:07 - 2014-08-15 18:50 - 00000000 ____D () C:\ProgramData\965eb95a91a4207b
2014-09-16 19:09 - 2014-09-16 19:09 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{04B02AD9-B64B-4214-AB66-981B57B76000}
2014-09-13 21:01 - 2014-09-13 20:05 - 00000000 ____D () C:\Windows\pss
2014-09-13 19:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Registration
2014-09-13 18:29 - 2014-09-13 18:29 - 00000000 ____D () C:\ProgramData\FineDeAlSoft
2014-08-31 19:55 - 2014-08-31 19:53 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{1BE24E67-5D47-4B73-BDBA-D61050E20278}
2014-08-31 18:01 - 2011-10-14 12:17 - 00000000 ____D () C:\Users\My New C Drive\QuickBooks Pro
2014-08-30 18:46 - 2013-08-27 11:02 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-08-30 18:45 - 2014-07-09 19:42 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-08-29 13:01 - 2011-10-14 12:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-25 06:53 - 2011-10-14 09:59 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 21:59 - 2014-08-23 21:59 - 00000000 ____D () C:\Users\Jim Davis\AppData\Roaming\27578
2014-08-22 20:07 - 2014-09-17 09:53 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:45 - 2014-09-17 09:53 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 18:59 - 2014-09-17 09:53 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 12:05 - 2014-09-17 10:15 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 11:39 - 2014-09-17 10:15 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 17:01 - 2014-09-17 10:15 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 16:29 - 2014-09-17 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 16:29 - 2014-09-17 10:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 16:26 - 2014-09-17 10:15 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 16:20 - 2014-09-17 10:15 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 16:19 - 2014-09-17 10:15 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 16:15 - 2014-09-17 10:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 16:15 - 2014-09-17 10:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 16:14 - 2014-09-17 10:15 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 16:14 - 2014-09-17 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 16:08 - 2014-09-17 10:15 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 16:08 - 2014-09-17 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 16:08 - 2014-09-17 10:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 16:05 - 2014-09-17 10:15 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 16:03 - 2014-09-17 10:15 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 16:03 - 2014-09-17 10:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 16:03 - 2014-09-17 10:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 15:57 - 2014-09-17 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 15:56 - 2014-09-17 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 15:51 - 2014-09-17 10:15 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 15:46 - 2014-09-17 10:15 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 15:45 - 2014-09-17 10:15 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 15:45 - 2014-09-17 10:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 15:44 - 2014-09-17 10:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 15:44 - 2014-09-17 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 15:42 - 2014-09-17 10:15 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 15:40 - 2014-09-17 10:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 15:39 - 2014-09-17 10:15 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 15:39 - 2014-09-17 10:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 15:39 - 2014-09-17 10:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 15:38 - 2014-09-17 10:15 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 15:37 - 2014-09-17 10:15 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 15:36 - 2014-09-17 10:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 15:35 - 2014-09-17 10:15 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 15:27 - 2014-09-17 10:15 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 15:25 - 2014-09-17 10:15 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 15:25 - 2014-09-17 10:15 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 15:23 - 2014-09-17 10:15 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 15:23 - 2014-09-17 10:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 15:22 - 2014-09-17 10:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 15:19 - 2014-09-17 10:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 15:17 - 2014-09-17 10:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 15:17 - 2014-09-17 10:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 15:16 - 2014-09-17 10:15 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 15:15 - 2014-09-17 10:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 15:15 - 2014-09-17 10:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 15:09 - 2014-09-17 10:15 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 15:08 - 2014-09-17 10:15 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 15:07 - 2014-09-17 10:15 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 14:55 - 2014-09-17 10:15 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 14:46 - 2014-09-17 10:15 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 14:38 - 2014-09-17 10:15 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 14:38 - 2014-09-17 10:15 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 14:36 - 2014-09-17 10:15 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\Users\My New C Drive\mediaplayer.exe
C:\Users\My New C Drive\VIRTPART.DAT

 

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Jim Davis at 2014-09-17 13:11:18
Running from C:\tmp
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AirLink101 AWLH6075 (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.9.0 - Ralink)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AtomTime Pro 3.1a (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1a - Naissan Innovations, LLC)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C5150n - C5200n  Series GDI Driver from OKI® Printing Solutions for Windows  (HKLM-x32\...\{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}) (Version: 210 - OKI® Printing Solutions)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.5012.58 - CyberLink Corp.)
CyberLink PowerDVD 11 (x32 Version: 11.0.5012.58 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectXInstallService (x32 Version: 9.0.0 - Roxio) Hidden
DVDFab 8.2.3.0 (21/12/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.1.4.0 (17/04/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
EMC 10 Content (HKLM-x32\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Roxo, Inc.)
EMCGadgets64 (HKLM\...\{02AD9D20-03D2-4DE0-8793-E8253026AD86}) (Version: 1.0.020 - Sonic)
FineDeAlSoft (HKLM-x32\...\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}) (Version:  - FinoEDEaLSoFt) <==== ATTENTION
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}) (Version: 4.2.205.5730 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
less2ppay (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version:  - leSs2PPay) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
MP3 CD Converter Professional 5.03 (HKLM-x32\...\MP3 CD Converter Professional) (Version: 5.03 - YuanSoft Inc)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Paragon Hard Disk Manager™ 11 Suite (HKLM-x32\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
QuickBooks (x32 Version: 22.0.4010.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4010.2206 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (HKLM-x32\...\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}) (Version: 1.1.0 - Roxio)
Roxio Central Audio (HKLM-x32\...\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}) (Version: 3.6.0 - Roxio)
Roxio Central Copy (HKLM-x32\...\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}) (Version: 3.6.0 - Roxio)
Roxio Central Core (HKLM-x32\...\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}) (Version: 3.6.0 - Roxio)
Roxio Central Data (HKLM-x32\...\{08E81ABD-79F7-49C2-881F-FD6CB0975693}) (Version: 3.6.0 - Roxio)
Roxio Central Tools (HKLM-x32\...\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}) (Version: 3.6.0 - Roxio)
Roxio CinePlayer (HKLM-x32\...\{1B683082-8791-4D00-8ADE-6C8986FCCC68}) (Version: 3.9 - Roxio)
Roxio CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Roxio)
Roxio Disc Gallery (HKLM-x32\...\{3E67A8DA-FE7B-4160-8465-F5571EA18753}) (Version: 3.1 - Roxio)
Roxio Easy Media Creator 10 Suite (HKLM-x32\...\{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}) (Version: 1.0.044 - Roxio)
Roxio File Backup (HKLM-x32\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.1.0 - Roxio)
Roxio MediaShare (HKLM-x32\...\{9A9A1828-31D1-4590-A99F-022B7237AFAE}) (Version: 1.0.0 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
savernet (HKLM-x32\...\{614925F9-841A-53FE-A28F-DC30FA07239B}) (Version:  - savernet)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version:  - VSO-Software SARL)
Watchtower Library 2010 - English (HKLM-x32\...\{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}) (Version: 12.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2011 - English (HKLM-x32\...\{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2012 - English (HKLM-x32\...\{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2013 - English (HKLM-x32\...\{004E8ED2-315C-4473-A934-032D5D7B3A02}) (Version: 15.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinSpeed (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}) (Version:  - 24soft) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4180303317-644901574-3286542257-1001_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4180303317-644901574-3286542257-1001_Classes\CLSID\{2AE7F22A-D7C9-45C3-89FE-D2E867D2F850}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4180303317-644901574-3286542257-1001_Classes\CLSID\{52A2D454-4577-4DF9-9633-982CACA731C1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4180303317-644901574-3286542257-1001_Classes\CLSID\{56029FB1-75C1-3E21-8AB0-510CFB690C19}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4180303317-644901574-3286542257-1001_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4180303317-644901574-3286542257-1001_Classes\CLSID\{8FB3E315-3B98-3637-9319-EC63384FFD0F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4180303317-644901574-3286542257-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-4180303317-644901574-3286542257-1001_Classes\CLSID\{E1498787-6EA8-35AC-B54A-93DCC1C4147D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4180303317-644901574-3286542257-1001_Classes\CLSID\{E343B57F-853A-4671-9992-7C6D262CB06D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-10-2011 22:16:13 Windows Update
23-10-2011 06:14:05 Installed AirLink101 Wireless N PCI Adapter
23-10-2011 06:40:56 Removed AirLink101 Wireless N PCI Adapter
23-10-2011 06:50:04 Installed AirLink101 Wireless N PCI Adapter
25-10-2011 16:32:05 Windows Update
25-10-2011 18:50:16 Windows Update
27-10-2011 14:35:46 Windows Update
01-11-2011 19:23:35 Windows Update
01-11-2011 19:26:43 Removed Norton Ghost.
01-11-2011 19:34:23 Installed Paragon Hard Disk Manager™ 11 Suite.
02-11-2011 00:19:46 Windows Update
16-08-2014 00:30:37 Garmin Express
16-08-2014 00:31:09 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-08-2014 00:32:17 Garmin Express
14-09-2014 15:27:33 Windows Update
15-09-2014 03:12:14 Windows Defender Checkpoint
17-09-2014 15:23:40 Windows Update
17-09-2014 15:57:30 Windows Update
17-09-2014 16:46:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14957ACC-C513-4619-B622-B7EBF3570C31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)
Task: {3B36D460-A5FF-4F71-B9B0-0E195562B546} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)
Task: {4435AA26-F3D4-4130-B616-542D2D4E0EDE} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {E216BCF9-5685-493E-AFEC-BD167E3716FD} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-15 18:07 - 2013-08-06 01:36 - 00085568 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2014-08-15 18:22 - 2014-08-15 18:22 - 04304896 _____ () C:\ProgramData\WinSpeed\WinSpeed_x64.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-15 18:08 - 2011-11-04 01:28 - 00260096 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll
2014-08-15 18:22 - 2014-08-15 18:22 - 04127232 _____ () c:\ProgramData\WinSpeed\WinSpeed.dll
2014-08-15 18:22 - 2014-08-15 18:22 - 00186192 _____ () c:\ProgramData\WinSpeed\WinSpeedSvc.dll
2014-08-15 18:21 - 2014-08-15 18:21 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-15 18:21 - 2014-08-15 18:21 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:80337C03

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Airlink101 Wireless Monitor.lnk => C:\Windows\pss\Airlink101 Wireless Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Users\My New C Drive\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl11 => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2014 10:30:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.16659, time stamp: 0x5338aef8
Exception code: 0xc00000fd
Fault offset: 0x001106e5
Faulting process id: 0x1dd4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/17/2014 10:23:11 AM) (Source: MsiInstaller) (EventID: 11935) (User: DELL00)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}

Error: (09/17/2014 10:13:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.16659, time stamp: 0x5338aef8
Exception code: 0xc00000fd
Fault offset: 0x001106e5
Faulting process id: 0x27c8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/17/2014 09:24:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.16659, time stamp: 0x5338aef8
Exception code: 0xc00000fd
Fault offset: 0x00110a5c
Faulting process id: 0x25a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/16/2014 07:27:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16521 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1270

Start Time: 01cfd215ff44d283

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/16/2014 07:23:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.16521 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1190

Start Time: 01cfd215e5a0e1a2

Termination Time: 3

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 32f6a750-3e09-11e4-9ddd-0023aee6c67f

Error: (09/14/2014 08:38:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.16659, time stamp: 0x5338aef8
Exception code: 0xc00000fd
Fault offset: 0x001117e5
Faulting process id: 0x1be0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/14/2014 06:23:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.16659, time stamp: 0x5338aef8
Exception code: 0xc00000fd
Fault offset: 0x00110a5c
Faulting process id: 0x2d70
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/14/2014 01:45:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.16659, time stamp: 0x5338aef8
Exception code: 0xc00000fd
Fault offset: 0x001117e5
Faulting process id: 0x118c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/14/2014 00:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.16659, time stamp: 0x5338aef8
Exception code: 0xc00000fd
Fault offset: 0x001117e5
Faulting process id: 0x2a14
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (09/17/2014 01:10:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/17/2014 01:09:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (09/17/2014 01:09:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update service service failed to start due to the following error:
%%1053

Error: (09/17/2014 01:09:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Update service service to connect.

Error: (09/17/2014 01:09:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (09/17/2014 11:01:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/17/2014 11:00:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (09/17/2014 10:59:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update service service failed to start due to the following error:
%%1053

Error: (09/17/2014 10:59:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Update service service to connect.

Error: (09/17/2014 10:59:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (09/17/2014 10:30:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.165214a5bc6b7MSHTML.dll11.0.9600.166595338aef8c00000fd001106e51dd401cfd29436ff254dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllddf04659-3e87-11e4-a084-0023aee6c67f

Error: (09/17/2014 10:23:11 AM) (Source: MsiInstaller) (EventID: 11935) (User: DELL00)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/17/2014 10:13:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.165214a5bc6b7MSHTML.dll11.0.9600.166595338aef8c00000fd001106e527c801cfd2921c916189C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll8da62bf0-3e85-11e4-a084-0023aee6c67f

Error: (09/17/2014 09:24:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.165214a5bc6b7MSHTML.dll11.0.9600.166595338aef8c00000fd00110a5c25a001cfd28b2eda7bf5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlla78ccd3d-3e7e-11e4-87b9-0023aee6c67f

Error: (09/16/2014 07:27:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.16521127001cfd215ff44d2830C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/16/2014 07:23:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.16521119001cfd215e5a0e1a23C:\Program Files\Internet Explorer\iexplore.exe32f6a750-3e09-11e4-9ddd-0023aee6c67f

Error: (09/14/2014 08:38:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.165214a5bc6b7MSHTML.dll11.0.9600.166595338aef8c00000fd001117e51be001cfd08df41317f8C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll5a169f71-3c81-11e4-8ef2-0023aee6c67f

Error: (09/14/2014 06:23:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.165214a5bc6b7MSHTML.dll11.0.9600.166595338aef8c00000fd00110a5c2d7001cfd07a7c383140C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll86dca3fd-3c6e-11e4-8ef2-0023aee6c67f

Error: (09/14/2014 01:45:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.165214a5bc6b7MSHTML.dll11.0.9600.166595338aef8c00000fd001117e5118c01cfd053840e9645C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlla100acfd-3c47-11e4-8ef2-0023aee6c67f

Error: (09/14/2014 00:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.165214a5bc6b7MSHTML.dll11.0.9600.166595338aef8c00000fd001117e52a1401cfd049a023d70bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll06966819-3c3e-11e4-8ef2-0023aee6c67f

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 19%
Total physical RAM: 6134.99 MB
Available physical RAM: 4936.84 MB
Total Pagefile: 12268.16 MB
Available Pagefile: 11061.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (CDELL00) (Fixed) (Total:931.41 GB) (Free:717.14 GB) NTFS
Drive d: (DDELL00) (Fixed) (Total:931.41 GB) (Free:788.6 GB) NTFS
Drive e: (EDELL00) (Fixed) (Total:931.51 GB) (Free:369.69 GB) NTFS
Drive x: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4CDAD4A5)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C2E4544D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C7665C92)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 PM

Posted 17 September 2014 - 06:22 PM

Ok, please do the following steps. How is your computer running afterwards?


Step 1

Please download this attached Attached File  fixlist.txt   2.8KB   5 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.

Edited by aharonov, 17 September 2014 - 06:23 PM.


#5 jimdavis222

jimdavis222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:01:46 PM

Posted 18 September 2014 - 10:17 AM

My computerr is running great (but you already knew that), no run away con-surrogate processed. This may be routine to you but it blows me away that you can not only analyze the problem, create a fix, but that you also do this as a voluntere. My hat is off to you.

 

FIXLOG.TXT

   

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Jim Davis at 2014-09-17 17:54:19 Run:2
Running from C:\tmp
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-4180303317-644901574-3286542257-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~3\WinSpeed\WINSPE~1.DLL => C:\ProgramData\WinSpeed\WinSpeed_x64.dll [4304896 2014-08-15] ()
AppInit_DLLs-x32: c:\progra~3\winspeed\winspeed.dll => c:\ProgramData\WinSpeed\WinSpeed.dll [4127232 2014-08-15] ()
C:\ProgramData\WinSpeed
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MCBDD0F47-DA0B-4480-B7AC-297203C9E68A&SearchSource=58&CUI=&UM=6&UP=SP04216820-0913-4DFC-AAA3-0E8F2FFDFA3C&q={searchTerms}&SSPV=
BHO: FineDeAlSoft -> {63709815-26B5-31D9-F955-A7A9C07E8C33} -> C:\ProgramData\FineDeAlSoft\5I6UdsW2.x64.dll ()
BHO: savernet -> {7C1B3011-1638-EEC6-9760-64BD86FF3454} -> C:\ProgramData\savernet\Ix.x64.dll ()
C:\ProgramData\FineDeAlSoft
C:\ProgramData\savernet
BHO: less2ppay -> {9BF813BC-7081-B079-8F4D-34B1EEA85A87} -> C:\ProgramData\less2ppay\6ONHWfeUq.x64.dll ()
BHO-x32: FineDeAlSoft -> {63709815-26B5-31D9-F955-A7A9C07E8C33} -> C:\ProgramData\FineDeAlSoft\5I6UdsW2.dll ()
BHO-x32: savernet -> {7C1B3011-1638-EEC6-9760-64BD86FF3454} -> C:\ProgramData\savernet\Ix.dll ()
C:\ProgramData\less2ppay
BHO-x32: less2ppay -> {9BF813BC-7081-B079-8F4D-34B1EEA85A87} -> C:\ProgramData\less2ppay\6ONHWfeUq.dll ()
CHR HomePage: Default -> hxxp://websearch.calcitapp.info/
CHR RestoreOnStartup: Default -> "hxxp://websearch.calcitapp.info/"
CHR StartupUrls: Default -> "hxxp://websearch.calcitapp.info/"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchProvider: Default -> Conduit Search
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (Follow) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2014-09-13]
R2 f1f78e38; c:\ProgramData\WinSpeed\WinSpeedSvc.dll [186192 2014-08-15] () [File not signed]
S2 SessionLauncher; C:\Users\JIMDAV~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
2014-08-23 21:59 - 2014-08-23 21:59 - 00000000 ____D () C:\Users\Jim Davis\AppData\Roaming\27578
2014-09-17 09:07 - 2014-08-15 18:50 - 00000000 ____D () C:\ProgramData\965eb95a91a4207b
Task: {E216BCF9-5685-493E-AFEC-BD167E3716FD} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
EmptyTemp:
*****************

Processes closed successfully.
"HKU\S-1-5-21-4180303317-644901574-3286542257-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-4180303317-644901574-3286542257-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"C:\PROGRA~3\WinSpeed\WINSPE~1.DLL" => Value Data removed successfully.
"c:\progra~3\winspeed\winspeed.dll" => Value Data removed successfully.
C:\ProgramData\WinSpeed => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63709815-26B5-31D9-F955-A7A9C07E8C33}" => Key deleted successfully.
"HKCR\CLSID\{63709815-26B5-31D9-F955-A7A9C07E8C33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C1B3011-1638-EEC6-9760-64BD86FF3454}" => Key deleted successfully.
"HKCR\CLSID\{7C1B3011-1638-EEC6-9760-64BD86FF3454}" => Key deleted successfully.
C:\ProgramData\FineDeAlSoft => Moved successfully.
C:\ProgramData\savernet => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BF813BC-7081-B079-8F4D-34B1EEA85A87}" => Key deleted successfully.
"HKCR\CLSID\{9BF813BC-7081-B079-8F4D-34B1EEA85A87}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63709815-26B5-31D9-F955-A7A9C07E8C33}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{63709815-26B5-31D9-F955-A7A9C07E8C33}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C1B3011-1638-EEC6-9760-64BD86FF3454}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7C1B3011-1638-EEC6-9760-64BD86FF3454}" => Key deleted successfully.
C:\ProgramData\less2ppay => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BF813BC-7081-B079-8F4D-34B1EEA85A87}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BF813BC-7081-B079-8F4D-34B1EEA85A87}" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome RestoreOnStartup deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij => Moved successfully.
f1f78e38 => Service deleted successfully.
SessionLauncher => Service deleted successfully.
C:\Users\Jim Davis\AppData\Roaming\27578 => Moved successfully.
C:\ProgramData\965eb95a91a4207b => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E216BCF9-5685-493E-AFEC-BD167E3716FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E216BCF9-5685-493E-AFEC-BD167E3716FD}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
EmptyTemp: => Removed 8.5 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

LOG.TXT

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3b2fe5dfe484b648adae23fb57c6e7b1
# engine=20205
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-18 05:39:23
# local_time=2014-09-17 11:39:23 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 162562213 0 0
# scanned=1014124
# found=41
# cleaned=0
# scan_time=17799
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Jim Davis\AppData\Roaming\OpenCandy\164B5F70EB844421A8ADAEA619149C32\sp-downloader.exe"
sh=53119F831BD05CC5CC83D60108F245FF7DE2EC94 ft=1 fh=bc670b2721aa8fe3 vn="a variant of Win32/AdWare.SpeedingUpMyPC.N application" ac=I fn="C:\Documents and Settings\Jim Davis\AppData\Roaming\OpenCandy\E1EC7F039C794E918ED60D09A7259648\OptimizerPro.exe"
sh=8AD78F6C02E2BDEFFF5F03509870F735DF039EAD ft=1 fh=ae9f45027de786cd vn="Win32/JoyDownloader.D potentially unwanted application" ac=I fn="C:\Documents and Settings\Jim Davis\AppData\Roaming\rmi\offer_downloader.exe"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G potentially unwanted application" ac=I fn="C:\Documents and Settings\Jim Davis\AppData\Roaming\Systweak\ssd\SSDPTstub.exe"
sh=2BC53C443C3F49300B02E414041175BDAB1000CB ft=1 fh=89cd747b85455411 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Documents and Settings\My New C Drive\My Download Files\7-Zip\7zipfree_8675.exe"
sh=7C1D846068959896DFF7B0B55A4B515304F4A7B6 ft=1 fh=a3aac1bc7ac06539 vn="Win32/OutBrowse.Q potentially unwanted application" ac=I fn="C:\Documents and Settings\My New C Drive\My Download Files\FireFox\Firefox.exe"
sh=7C0528F0F8B870A4F7E0DAEAEFA74ABEACCEFD00 ft=1 fh=ce3a0a24bbfbcb9c vn="a variant of Win32/InstallCore.AY potentially unwanted application" ac=I fn="C:\Documents and Settings\My New C Drive\My Download Files\Mozilla\Firefox_Setup_16.0.1.exe"
sh=43449182574F30807AABACE08424C6F9F1817990 ft=1 fh=0c0de320661e3896 vn="a variant of Win32/InstallCore.X potentially unwanted application" ac=I fn="C:\Documents and Settings\My New C Drive\My Download Files\Mozilla\mozilla-firefox.exe"
sh=ABEDCEDB852505A48E9264128F447A5DA5C26193 ft=1 fh=f13b5078d9215d8d vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Documents and Settings\My New C Drive\VADIS\Scripts\Voccs\vocsstart.exe"
sh=4F686E74144A6259AADB500D0729276CB0B72176 ft=1 fh=c71c0011a89366e2 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\FineDeAlSoft\5I6UdsW2.dll"
sh=EB2D581817C3AB51B355F5D14172B7E3A2E69739 ft=1 fh=c71c0011a53a89cd vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\FineDeAlSoft\5I6UdsW2.exe"
sh=6B874523E23A59722384A6859D431104F817173C ft=1 fh=b43bc1389bd463ee vn="a variant of Win64/Adware.MultiPlug.E application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\FineDeAlSoft\5I6UdsW2.x64.dll"
sh=EE0A71CB689233A1830110E6DA00B79F838DFD6B ft=1 fh=c71c0011d7fb515b vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\less2ppay\6ONHWfeUq.dll"
sh=4FACDE1396ACAF1837E4CD25FA9B7984129D6454 ft=1 fh=c71c00111ecaafee vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\less2ppay\6ONHWfeUq.exe"
sh=7CBED94F3C3F913DCCD215D72DAA0B8C2C32DDA5 ft=1 fh=c71c001174cc3b61 vn="a variant of Win64/Adware.MultiPlug.D application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\less2ppay\6ONHWfeUq.x64.dll"
sh=6448F31738DD051276940EB4F38A3FC6A4FF87E4 ft=1 fh=c71c00111687293e vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\savernet\Ix.dll"
sh=6568715BF94CECC354DE362ADE42896A2FD8F3D5 ft=1 fh=c71c0011441cfcbe vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\savernet\Ix.exe"
sh=45F61CFDF3738C4B1C17E50BC3FCB6E009B03CDE ft=1 fh=8f163eead0fcb79a vn="a variant of Win64/Adware.MultiPlug.E application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\savernet\Ix.x64.dll"
sh=58194D24471CA7888FCD01035E5845794FE6AC97 ft=1 fh=c71c00116b12b075 vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\WinSpeed\WinSpeed.dll"
sh=4F9C3763DFB97EE3C1072FD8931CCBFBE66003EF ft=1 fh=86510af3b79c7b30 vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\WinSpeed\WinSpeedSvc.dll"
sh=2E515B2AA67A8066770FCD18B92BEF333AB2D4D1 ft=1 fh=c71c00111baeeee0 vn="a variant of Win64/SProtector.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\WinSpeed\WinSpeed_x64.dll"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Jim Davis\AppData\Roaming\OpenCandy\164B5F70EB844421A8ADAEA619149C32\sp-downloader.exe"
sh=53119F831BD05CC5CC83D60108F245FF7DE2EC94 ft=1 fh=bc670b2721aa8fe3 vn="a variant of Win32/AdWare.SpeedingUpMyPC.N application" ac=I fn="C:\Users\Jim Davis\AppData\Roaming\OpenCandy\E1EC7F039C794E918ED60D09A7259648\OptimizerPro.exe"
sh=8AD78F6C02E2BDEFFF5F03509870F735DF039EAD ft=1 fh=ae9f45027de786cd vn="Win32/JoyDownloader.D potentially unwanted application" ac=I fn="C:\Users\Jim Davis\AppData\Roaming\rmi\offer_downloader.exe"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G potentially unwanted application" ac=I fn="C:\Users\Jim Davis\AppData\Roaming\Systweak\ssd\SSDPTstub.exe"
sh=2BC53C443C3F49300B02E414041175BDAB1000CB ft=1 fh=89cd747b85455411 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Users\My New C Drive\My Download Files\7-Zip\7zipfree_8675.exe"
sh=7C1D846068959896DFF7B0B55A4B515304F4A7B6 ft=1 fh=a3aac1bc7ac06539 vn="Win32/OutBrowse.Q potentially unwanted application" ac=I fn="C:\Users\My New C Drive\My Download Files\FireFox\Firefox.exe"
sh=7C0528F0F8B870A4F7E0DAEAEFA74ABEACCEFD00 ft=1 fh=ce3a0a24bbfbcb9c vn="a variant of Win32/InstallCore.AY potentially unwanted application" ac=I fn="C:\Users\My New C Drive\My Download Files\Mozilla\Firefox_Setup_16.0.1.exe"
sh=43449182574F30807AABACE08424C6F9F1817990 ft=1 fh=0c0de320661e3896 vn="a variant of Win32/InstallCore.X potentially unwanted application" ac=I fn="C:\Users\My New C Drive\My Download Files\Mozilla\mozilla-firefox.exe"
sh=ABEDCEDB852505A48E9264128F447A5DA5C26193 ft=1 fh=f13b5078d9215d8d vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Users\My New C Drive\VADIS\Scripts\Voccs\vocsstart.exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="D:\Documents and Settings\Jim Davis\AppData\Roaming\OpenCandy\164B5F70EB844421A8ADAEA619149C32\sp-downloader.exe"
sh=53119F831BD05CC5CC83D60108F245FF7DE2EC94 ft=1 fh=bc670b2721aa8fe3 vn="a variant of Win32/AdWare.SpeedingUpMyPC.N application" ac=I fn="D:\Documents and Settings\Jim Davis\AppData\Roaming\OpenCandy\E1EC7F039C794E918ED60D09A7259648\OptimizerPro.exe"
sh=8AD78F6C02E2BDEFFF5F03509870F735DF039EAD ft=1 fh=ae9f45027de786cd vn="Win32/JoyDownloader.D potentially unwanted application" ac=I fn="D:\Documents and Settings\Jim Davis\AppData\Roaming\rmi\offer_downloader.exe"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G potentially unwanted application" ac=I fn="D:\Documents and Settings\Jim Davis\AppData\Roaming\Systweak\ssd\SSDPTstub.exe"
sh=2BC53C443C3F49300B02E414041175BDAB1000CB ft=1 fh=89cd747b85455411 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="D:\Documents and Settings\My New C Drive\My Download Files\7-Zip\7zipfree_8675.exe"
sh=7C1D846068959896DFF7B0B55A4B515304F4A7B6 ft=1 fh=a3aac1bc7ac06539 vn="Win32/OutBrowse.Q potentially unwanted application" ac=I fn="D:\Documents and Settings\My New C Drive\My Download Files\FireFox\Firefox.exe"
sh=7C0528F0F8B870A4F7E0DAEAEFA74ABEACCEFD00 ft=1 fh=ce3a0a24bbfbcb9c vn="a variant of Win32/InstallCore.AY potentially unwanted application" ac=I fn="D:\Documents and Settings\My New C Drive\My Download Files\Mozilla\Firefox_Setup_16.0.1.exe"
sh=43449182574F30807AABACE08424C6F9F1817990 ft=1 fh=0c0de320661e3896 vn="a variant of Win32/InstallCore.X potentially unwanted application" ac=I fn="D:\Documents and Settings\My New C Drive\My Download Files\Mozilla\mozilla-firefox.exe"
sh=ABEDCEDB852505A48E9264128F447A5DA5C26193 ft=1 fh=f13b5078d9215d8d vn="probably unknown NewHeur_PE virus" ac=I fn="D:\Documents and Settings\My New C Drive\VADIS\Scripts\Voccs\vocsstart.exe"
sh=2BC53C443C3F49300B02E414041175BDAB1000CB ft=1 fh=89cd747b85455411 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="D:\Users\My New C Drive\My Download Files\7-Zip\7zipfree_8675.exe"
sh=ABEDCEDB852505A48E9264128F447A5DA5C26193 ft=1 fh=f13b5078d9215d8d vn="probably unknown NewHeur_PE virus" ac=I fn="D:\Users\My New C Drive\VADIS\Scripts\Voccs\vocsstart.exe"

 

 

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Jim Davis (administrator) on DELL00 on 18-09-2014 09:04:55
Running from C:\tmp
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\AirLink101\AWLH6075\Common\RaUI.exe
(Apple Inc.) C:\Users\My New C Drive\iTunes\iTunesHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Users\My New C Drive\QuickBooks Pro\QBW32.EXE
() C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-30] ()
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [240112 2007-08-24] (Sonic Solutions)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Users\My New C Drive\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2305912 2012-08-28] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [DMXLauncher] => C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe [113136 2007-08-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4180303317-644901574-3286542257-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-4180303317-644901574-3286542257-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Airlink101 Wireless Monitor.lnk
ShortcutTarget: Airlink101 Wireless Monitor.lnk -> C:\Program Files (x86)\AirLink101\AWLH6075\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Users\My New C Drive\QuickBooks Pro\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C94731B898ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={80FAA2D4-B844-41DE-8B5A-F367ACED78DD}&mid=bd2280a5014947d3b304d16ae8022f8c-bcd14f1b64190dc7a568c8fa483e79a387d2c31a&lang=en&ds=ft013&pr=sa&d=2013-08-27 11:02:29&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Users\My New C Drive\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Users\My New C Drive\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://websearch.calcitapp.info/
CHR RestoreOnStartup: Default -> "hxxp://websearch.calcitapp.info/"
CHR StartupUrls: Default -> "hxxp://websearch.calcitapp.info/"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchProvider: Default -> Conduit Search
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Users\My New C Drive\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-24]
CHR Extension: (YouTube) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-24]
CHR Extension: (Google Search) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-24]
CHR Extension: (Set New Tab To Google) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp [2014-09-17]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Traffic Rank) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipgijiceofkdddeceikmdjledafnehk [2014-08-15]
CHR Extension: (Gmail) - C:\Users\Jim Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-08-06] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2014-02-12] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2014-02-12] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-28] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe [75040 2009-07-15] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [210720 2009-07-15] (Ralink Technology, Corp.)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-08-31] (Company) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-15] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-15] (AVG Technologies)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2007-08-18] (Sonic Solutions)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-10-18] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-10-18] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-10-18] (Paragon)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [32456 2014-02-12] (CyberLink Corp.)
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 08:55 - 2014-09-18 08:55 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{48508C02-3166-4CCD-85CA-3ACB3FA00766}
2014-09-17 13:12 - 2014-09-17 13:12 - 00000000 __SHD () C:\Users\Jim Davis\AppData\Local\EmieUserList
2014-09-17 13:12 - 2014-09-17 13:12 - 00000000 __SHD () C:\Users\Jim Davis\AppData\Local\EmieSiteList
2014-09-17 10:15 - 2014-08-19 12:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-17 10:15 - 2014-08-19 11:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-17 10:15 - 2014-08-18 17:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-17 10:15 - 2014-08-18 16:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-17 10:15 - 2014-08-18 16:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-17 10:15 - 2014-08-18 16:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-17 10:15 - 2014-08-18 16:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-17 10:15 - 2014-08-18 16:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-17 10:15 - 2014-08-18 16:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-17 10:15 - 2014-08-18 16:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-17 10:15 - 2014-08-18 16:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-17 10:15 - 2014-08-18 16:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-17 10:15 - 2014-08-18 16:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-17 10:15 - 2014-08-18 16:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-17 10:15 - 2014-08-18 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-17 10:15 - 2014-08-18 16:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-17 10:15 - 2014-08-18 16:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-17 10:15 - 2014-08-18 16:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-17 10:15 - 2014-08-18 16:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-17 10:15 - 2014-08-18 15:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-17 10:15 - 2014-08-18 15:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-17 10:15 - 2014-08-18 15:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-17 10:15 - 2014-08-18 15:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-17 10:15 - 2014-08-18 15:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-17 10:15 - 2014-08-18 15:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-17 10:15 - 2014-08-18 15:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-17 10:15 - 2014-08-18 15:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-17 10:15 - 2014-08-18 15:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-17 10:15 - 2014-08-18 15:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-17 10:15 - 2014-08-18 15:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-17 10:15 - 2014-08-18 15:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-17 10:15 - 2014-08-18 15:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-17 10:15 - 2014-08-18 15:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-17 10:15 - 2014-08-18 15:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-17 10:15 - 2014-08-18 15:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-17 10:15 - 2014-08-18 15:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-17 10:15 - 2014-08-18 15:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-17 10:15 - 2014-08-18 15:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-17 10:15 - 2014-08-18 15:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-17 10:15 - 2014-08-18 15:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-17 10:15 - 2014-08-18 15:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-17 10:15 - 2014-08-18 15:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-17 10:15 - 2014-08-18 15:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-17 10:15 - 2014-08-18 15:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-17 10:15 - 2014-08-18 15:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-17 10:15 - 2014-08-18 15:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-17 10:15 - 2014-08-18 15:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-17 10:15 - 2014-08-18 15:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-17 10:15 - 2014-08-18 15:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-17 10:15 - 2014-08-18 15:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-17 10:15 - 2014-08-18 15:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-17 10:15 - 2014-08-18 14:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-17 10:15 - 2014-08-18 14:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-17 10:15 - 2014-08-18 14:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-17 10:15 - 2014-08-18 14:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-17 10:15 - 2014-08-18 14:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-17 09:59 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-17 09:59 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-17 09:58 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-17 09:58 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-17 09:58 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-17 09:58 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-17 09:58 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-17 09:58 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-17 09:57 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-17 09:57 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-17 09:57 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-17 09:57 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-17 09:57 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-17 09:57 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-09-17 09:57 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-09-17 09:57 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-17 09:57 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-17 09:57 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-17 09:57 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-17 09:57 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-09-17 09:57 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-17 09:56 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-17 09:56 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-17 09:56 - 2014-07-15 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-17 09:56 - 2014-07-15 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-17 09:56 - 2014-07-06 20:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 09:56 - 2014-07-06 20:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-17 09:56 - 2014-07-06 19:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-17 09:56 - 2014-07-06 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-17 09:56 - 2014-07-06 19:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-17 09:56 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-17 09:56 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-17 09:56 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-17 09:56 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-17 09:56 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-17 09:56 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-17 09:56 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-17 09:56 - 2014-06-03 04:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-17 09:56 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-17 09:56 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-17 09:56 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-17 09:56 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-17 09:56 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-17 09:56 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-17 09:56 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-17 09:56 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-09-17 09:56 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-09-17 09:56 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-17 09:56 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-17 09:56 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-17 09:56 - 2014-03-26 08:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-17 09:56 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-09-17 09:56 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-09-17 09:56 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-17 09:56 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-17 09:56 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-09-17 09:56 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-09-17 09:53 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-17 09:53 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-17 09:53 - 2014-08-22 18:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-17 09:53 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-17 09:53 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-17 09:53 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-17 09:53 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-17 09:53 - 2014-05-30 02:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-17 09:53 - 2014-05-30 01:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-17 09:53 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-17 09:53 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-17 09:53 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-17 09:53 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-17 09:53 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-17 09:53 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-17 09:24 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-17 09:24 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-17 09:24 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-17 09:24 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-17 09:24 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-17 09:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-17 09:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-17 09:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-17 09:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-17 09:01 - 2014-09-18 09:04 - 00000000 ____D () C:\FRST
2014-09-17 08:58 - 2014-09-18 09:04 - 00000000 ____D () C:\tmp
2014-09-16 19:09 - 2014-09-16 19:09 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{04B02AD9-B64B-4214-AB66-981B57B76000}
2014-09-13 20:05 - 2014-09-17 18:33 - 00000000 ____D () C:\Windows\pss
2014-09-13 19:42 - 2013-08-01 19:09 - 00338432 _____ (Microsoft Corporation) C:\conhost.exe
2014-08-31 19:53 - 2014-08-31 19:55 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{1BE24E67-5D47-4B73-BDBA-D61050E20278}
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 09:04 - 2014-09-17 09:01 - 00000000 ____D () C:\FRST
2014-09-18 09:04 - 2014-09-17 08:58 - 00000000 ____D () C:\tmp
2014-09-18 08:56 - 2009-07-13 22:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 08:56 - 2009-07-13 22:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 08:55 - 2014-09-18 08:55 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{48508C02-3166-4CCD-85CA-3ACB3FA00766}
2014-09-18 08:48 - 2013-08-15 16:01 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 08:48 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 08:48 - 2009-07-13 22:51 - 00058515 _____ () C:\Windows\setupact.log
2014-09-18 08:47 - 2011-10-14 09:03 - 01275758 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 08:26 - 2013-08-15 16:01 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 00:13 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-09-17 18:33 - 2014-09-13 20:05 - 00000000 ____D () C:\Windows\pss
2014-09-17 18:32 - 2011-10-14 14:40 - 00168574 _____ () C:\Windows\PFRO.log
2014-09-17 13:12 - 2014-09-17 13:12 - 00000000 __SHD () C:\Users\Jim Davis\AppData\Local\EmieUserList
2014-09-17 13:12 - 2014-09-17 13:12 - 00000000 __SHD () C:\Users\Jim Davis\AppData\Local\EmieSiteList
2014-09-17 10:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-17 10:53 - 2011-10-14 18:01 - 00787916 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-17 10:53 - 2009-07-13 23:13 - 00787916 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-17 10:40 - 2011-12-30 18:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-17 10:40 - 2011-12-30 18:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-17 10:40 - 2009-07-13 22:45 - 00985000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 10:37 - 2009-07-14 01:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-17 10:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-17 10:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-17 10:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-17 10:03 - 2011-12-30 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-17 10:02 - 2013-08-15 16:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-16 19:09 - 2014-09-16 19:09 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{04B02AD9-B64B-4214-AB66-981B57B76000}
2014-09-13 19:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Registration
2014-08-31 19:55 - 2014-08-31 19:53 - 00000000 ____D () C:\Users\Jim Davis\AppData\Local\{1BE24E67-5D47-4B73-BDBA-D61050E20278}
2014-08-31 18:01 - 2011-10-14 12:17 - 00000000 ____D () C:\Users\My New C Drive\QuickBooks Pro
2014-08-30 18:46 - 2013-08-27 11:02 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-08-30 18:45 - 2014-07-09 19:42 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-08-29 13:01 - 2011-10-14 12:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-25 06:53 - 2011-10-14 09:59 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 20:07 - 2014-09-17 09:53 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:45 - 2014-09-17 09:53 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 18:59 - 2014-09-17 09:53 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 12:05 - 2014-09-17 10:15 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 11:39 - 2014-09-17 10:15 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

Files to move or delete:
====================
C:\Users\My New C Drive\mediaplayer.exe
C:\Users\My New C Drive\VIRTPART.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-18 00:04

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 PM

Posted 18 September 2014 - 10:26 AM

Hello,

(but you already knew that)

That's right, but it's always important to get the confirmation that this is indeed the case. :)

It's looking good. ESET hasn't found any active malware. Just a few remnants.


Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • I don't need the log file.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 12 ActiveX




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#7 jimdavis222

jimdavis222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:01:46 PM

Posted 18 September 2014 - 03:54 PM

I forwarded a thank you via PayPal. I appreciate so much your taking time to help me, and others, with our problems. If it is not to much, I would like to aks your opinion about my second system. It is a Dell XPS 400 running XP Pro. Since XP is no longer supported by Microsoft is it worth looking for simular problems and trying to fix them? I am hanging on the the XP platform because of compatibility issues with the hardware I use for my wife's activities.

 

Again thank you for your time, skills, and advice.

 

Jim Davis



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 PM

Posted 18 September 2014 - 04:18 PM

Thank you very much for your donation, Jim!

Of course it's recommended to change from XP to a more modern operating system the sooner the better (particularly if the computer is connected to the internet).
But if this is not possible at the moment then it's always better in my eyes to try to fix a system than to do just nothing about the problems..
So if you want me to have a look at the XP machine, too, then you can run FRST on it and post the logs here in this thread.

#9 jimdavis222

jimdavis222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:01:46 PM

Posted 18 September 2014 - 05:27 PM

Thank you for your kind understanding. I will take you up on your offer for my XP machine.

I had to cut and paste both files because I could not find the browse feature to attach the second file

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Jim Davis (administrator) on DELL1 on 18-09-2014 16:10:47
Running from C:\My Download Files\FRST Recovery
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(CyberLink) C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
(Oki Data Corporation) C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
() C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Symantec Corporation) C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Ralink Technology, Corp.) C:\Program Files\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(CACE Technologies) C:\Program Files\WinPcap\rpcapd.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
(Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
(Sonic Solutions) C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTXFISPI.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(OLYMPUS Optical Co.,Ltd) C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oki Data Corporation) C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [139264 2005-06-17] (Intel Corporation)
HKLM\...\Run: [CTDVDDET] => C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [45056 2003-06-18] (Creative Technology Ltd)
HKLM\...\Run: [AudioDrvEmulator] => C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [49152 2005-11-04] (Creative Technology Ltd.)
HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [1695744 2005-03-08] (Sonic Solutions)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [EPSON Stylus Photo R300 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [RemoteControl11] => C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe [234792 2011-05-18] (CyberLink Corp.)
HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1632360 2011-10-07] ()
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-08] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Auto EPSON Stylus Photo R300 Series on DELL4] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-12-12] (RealNetworks, Inc.)
HKLM\...\Run: [EPSON Stylus Photo R300 Series (Copy 1)] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
ShortcutTarget: Device Detector 2.lnk -> C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-v/search/redirect/?type=default&user_id=7e1e6b6b-369a-46dc-b9fa-8f4bd59de742&query={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: PlayBryte BHO -> {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jim Davis\Application Data\Mozilla\Firefox\Profiles\o4k1kg6g.default
FF Homepage: hxxp://xfinity.comcast.net/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-10]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-12]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR CustomProfile: C:\Documents and Settings\Jim Davis\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Search) - C:\Documents and Settings\Jim Davis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-17]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Jim Davis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-11-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Jim Davis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [536472 2010-03-02] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-03-10] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-03-10] () [File not signed]
R2 CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-05-18] ()
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-05-12] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-05-12] (CyberLink)
R2 DCSLoader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE [24576 2004-03-01] (Oki Data Corporation)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FlipShare Service; C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe [439616 2008-11-13] ()
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 GhostStartService; C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe [200704 2002-08-14] (Symantec Corporation) [File not signed]
R2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140 2005-06-17] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-07] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe [75040 2009-07-15] (Ralink Technology, Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation)
S2 Update service; C:\Program Files\Popcorn Time\Updater.exe [179200 2014-09-13] (Company) [File not signed]
R2 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 SessionLauncher; C:\DOCUME~1\JIMDAV~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-08-09] (Cisco Systems, Inc.) [File not signed]
S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-02-23] (Printing Communications Assoc., Inc. (PCAUSA))
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2002-08-14] (Adaptec) [File not signed]
R3 ATIAVPCI; C:\WINDOWS\System32\DRIVERS\atinavxx.sys [135296 2005-03-04] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [9072 2007-06-20] (Sonic Solutions)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [9200 2007-06-20] (Sonic Solutions)
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [291456 2005-03-08] (Sonic Solutions) [File not signed]
R1 Cinemsup; C:\WINDOWS\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd)
R0 drvmcdb; C:\WINDOWS\System32\DRIVERS\drvmcdb.sys [88016 2005-01-27] (Sonic Solutions) [File not signed]
S3 DSXUSB; C:\WINDOWS\System32\DRIVERS\DSXUSB.sys [39635 2002-01-21] (OLYMPUS OPTICAL CO.,LTD.) [File not signed]
R1 DVDVRRdr_xp; C:\WINDOWS\system32\Drivers\DVDVRRdr_xp.sys [141184 2005-03-08] (Windows ® 2000 DDK provider) [File not signed]
R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [24064 2005-03-08] (Sonic Solutions) [File not signed]
R1 GhPciScan; C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [5632 2002-08-14] (Symantec Corporation) [File not signed]
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [23808 2005-03-08] (Sonic Solutions) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [32512 2010-02-23] (CACE Technologies) [File not signed]
R2 ntk_PowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [71664 2011-05-18] (Cyberlink Corp.)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2012-05-18] (VSO Software) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [9216 2005-11-08] (Creative Technology Ltd.)
R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [117760 2005-03-08] (Sonic Solutions) [File not signed]
S3 RAPIProtocol; C:\WINDOWS\System32\DRIVERS\RAPIProtocol.sys [16512 2009-07-15] (Ralink Technology, Corp.) [File not signed]
R3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [966912 2009-07-15] (Ralink Technology, Corp.)
S4 RxFilter; C:\WINDOWS\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
R3 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2010-03-10] (silex technology, Inc.)
R2 thdudf; C:\WINDOWS\System32\DRIVERS\thdudf.sys [66944 2011-08-10] (TOSHIBA Corporation) [File not signed]
R1 UDFReadr; C:\WINDOWS\system32\Drivers\UDFReadr.sys [202496 2005-03-08] (Sonic Solutions) [File not signed]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [77296 2011-05-20] (CyberLink Corp.)
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 16:10 - 2014-09-18 16:10 - 00000000 ____D () C:\FRST
2014-09-18 09:36 - 2014-09-18 09:36 - 00000802 _____ () C:\Documents and Settings\All Users\Desktop\Popcorn Time.lnk
2014-09-18 09:36 - 2014-09-18 09:36 - 00000000 ____D () C:\Program Files\Popcorn Time
2014-09-18 09:36 - 2014-09-18 09:36 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-09-18 09:36 - 2014-09-18 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Popcorn Time
2014-09-18 09:36 - 2014-09-18 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-09-18 09:36 - 2014-06-14 08:03 - 00218200 _____ () C:\WINDOWS\system32\unrar.dll
2014-09-17 20:24 - 2014-09-17 20:24 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-09-17 20:19 - 2014-09-18 08:53 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-17 20:19 - 2014-09-18 08:48 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-17 20:18 - 2014-09-17 20:18 - 00000000 __SHD () C:\Documents and Settings\LocalService\IETldCache
2014-09-17 20:12 - 2014-09-17 20:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-17 20:11 - 2014-09-17 20:11 - 00021146 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-09-17 20:11 - 2014-09-17 20:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-09-17 20:10 - 2014-09-17 20:11 - 00021854 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-09-17 20:10 - 2014-09-17 20:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-09-17 20:09 - 2014-09-17 20:09 - 00012951 _____ () C:\WINDOWS\KB2934207.log
2014-09-17 20:09 - 2014-09-17 20:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-09-17 20:09 - 2014-09-17 20:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-09-17 19:50 - 2014-09-17 19:50 - 00011620 _____ () C:\WINDOWS\KB2914368.log
2014-09-17 19:50 - 2014-09-17 19:50 - 00011598 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-09-17 19:50 - 2014-09-17 19:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-09-17 19:50 - 2014-09-17 19:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-09-17 19:49 - 2014-09-17 19:49 - 00011593 _____ () C:\WINDOWS\KB2904266.log
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-09-17 19:48 - 2014-09-17 19:48 - 00008201 _____ () C:\WINDOWS\KB2900986.log
2014-09-17 19:48 - 2014-09-17 19:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-09-17 19:48 - 2014-09-17 19:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-09-17 19:48 - 2014-09-17 19:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-09-17 19:48 - 2014-09-17 19:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-09-17 19:45 - 2014-09-17 19:45 - 00009059 _____ () C:\WINDOWS\KB2862335.log
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-09-17 19:38 - 2014-09-17 19:38 - 00009929 _____ () C:\WINDOWS\KB2868038.log
2014-09-17 19:38 - 2014-09-17 19:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-09-17 19:38 - 2014-09-17 19:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-09-17 19:36 - 2014-09-17 19:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-09-17 19:36 - 2014-09-17 19:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-09-17 19:35 - 2014-09-17 19:35 - 00006458 _____ () C:\WINDOWS\KB2834904-v2.log
2014-09-17 19:35 - 2014-09-17 19:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-09-17 19:35 - 2014-09-17 19:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-09-17 19:33 - 2014-09-17 19:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-09-17 19:27 - 2014-09-17 19:27 - 00008105 _____ () C:\WINDOWS\KB2807986.log
2014-09-17 19:27 - 2014-09-17 19:27 - 00005429 _____ () C:\WINDOWS\KB2834886.log
2014-09-17 19:27 - 2014-09-17 19:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-09-17 19:27 - 2014-09-17 19:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-09-17 19:27 - 2014-09-17 19:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-09-17 19:27 - 2014-09-17 19:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-09-17 19:26 - 2014-09-17 19:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-09-17 19:26 - 2014-09-17 19:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-09-17 19:19 - 2014-09-17 20:11 - 00024494 _____ () C:\WINDOWS\KB2922229.log
2014-09-17 19:19 - 2014-09-17 20:10 - 00018824 _____ () C:\WINDOWS\KB2930275.log
2014-09-17 19:19 - 2014-09-17 20:10 - 00017545 _____ () C:\WINDOWS\KB2929961.log
2014-09-17 19:19 - 2014-02-25 19:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-09-17 19:19 - 2014-02-25 19:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-09-17 19:18 - 2014-09-17 19:50 - 00016906 _____ () C:\WINDOWS\KB2916036.log
2014-09-17 19:17 - 2014-09-17 19:49 - 00016590 _____ () C:\WINDOWS\KB2898715.log
2014-09-17 19:17 - 2014-09-17 19:49 - 00016228 _____ () C:\WINDOWS\KB2893294.log
2014-09-17 19:17 - 2014-09-17 19:49 - 00015725 _____ () C:\WINDOWS\KB2892075.log
2014-09-17 19:17 - 2014-09-17 19:48 - 00015512 _____ () C:\WINDOWS\KB2862152.log
2014-09-17 19:16 - 2014-09-17 19:48 - 00014953 _____ () C:\WINDOWS\KB2868626.log
2014-09-17 19:16 - 2014-09-17 19:48 - 00013933 _____ () C:\WINDOWS\KB2876331.log
2014-09-17 19:16 - 2013-08-08 18:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2014-09-17 19:16 - 2013-08-08 18:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2014-09-17 19:16 - 2013-08-08 18:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-09-17 19:16 - 2013-07-02 20:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-09-17 19:16 - 2009-03-18 05:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-09-17 19:15 - 2014-09-17 19:38 - 00013130 _____ () C:\WINDOWS\KB2847311.log
2014-09-17 19:15 - 2014-09-17 19:36 - 00012002 _____ () C:\WINDOWS\KB2864063.log
2014-09-17 19:15 - 2014-09-17 19:36 - 00011481 _____ () C:\WINDOWS\KB2876217.log
2014-09-17 19:15 - 2013-07-16 18:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2014-09-17 19:15 - 2013-07-16 18:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2014-09-17 19:14 - 2014-09-17 19:35 - 00012124 _____ () C:\WINDOWS\KB2859537.log
2014-09-17 19:14 - 2014-09-17 19:33 - 00010956 _____ () C:\WINDOWS\KB2850869.log
2014-09-17 19:13 - 2014-09-17 19:27 - 00013877 _____ () C:\WINDOWS\KB2813345.log
2014-09-17 19:13 - 2014-09-17 19:27 - 00012751 _____ () C:\WINDOWS\KB2820917.log
2014-09-17 19:12 - 2014-09-17 19:27 - 00012122 _____ () C:\WINDOWS\KB2780091.log
2014-09-17 19:12 - 2014-09-17 19:26 - 00012100 _____ () C:\WINDOWS\KB2802968.log
2014-09-17 19:12 - 2013-02-11 18:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2014-09-17 19:12 - 2013-02-11 18:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2014-08-23 18:10 - 2014-08-23 18:10 - 00000000 ____D () C:\Documents and Settings\Jim Davis\Application Data\15631
2014-08-23 17:34 - 2014-08-23 17:34 - 00001587 _____ () C:\Documents and Settings\All Users\Desktop\DVDFab 9 US.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 16:11 - 2011-08-09 17:57 - 00000000 ____D () C:\Documents and Settings\Jim Davis\Local Settings\Temp
2014-09-18 16:10 - 2014-09-18 16:10 - 00000000 ____D () C:\FRST
2014-09-18 16:04 - 2014-07-23 07:59 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 15:24 - 2012-07-25 07:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-18 09:51 - 2011-08-10 00:32 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-09-18 09:36 - 2014-09-18 09:36 - 00000802 _____ () C:\Documents and Settings\All Users\Desktop\Popcorn Time.lnk
2014-09-18 09:36 - 2014-09-18 09:36 - 00000000 ____D () C:\Program Files\Popcorn Time
2014-09-18 09:36 - 2014-09-18 09:36 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-09-18 09:36 - 2014-09-18 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Popcorn Time
2014-09-18 09:36 - 2014-09-18 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-09-18 09:27 - 2011-08-09 20:11 - 00000000 ____D () C:\My Download Files
2014-09-18 08:53 - 2014-09-17 20:19 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-18 08:53 - 2011-08-09 11:37 - 00604532 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-18 08:49 - 2014-01-08 21:26 - 00000308 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-823518204-1500820517-725345543-1003.job
2014-09-18 08:49 - 2011-08-09 19:25 - 00453684 _____ () C:\WINDOWS\wmsetup.log
2014-09-18 08:48 - 2014-09-17 20:19 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-18 08:48 - 2014-07-23 07:59 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 08:48 - 2014-02-13 09:29 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-823518204-1500820517-725345543-1003.job
2014-09-18 08:48 - 2014-01-08 21:26 - 00000316 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-823518204-1500820517-725345543-1003.job
2014-09-18 08:48 - 2011-08-10 04:05 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1500820517-725345543-1003.job
2014-09-18 08:48 - 2001-08-23 06:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-18 08:46 - 2011-08-09 19:55 - 02083494 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-18 08:45 - 2011-08-09 17:52 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-18 08:45 - 2011-08-09 11:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-18 08:45 - 2011-08-09 11:38 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-17 20:26 - 2011-08-09 20:08 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-09-17 20:26 - 2011-08-09 20:08 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-09-17 20:26 - 2011-08-09 17:57 - 00000278 ___SH () C:\Documents and Settings\Jim Davis\ntuser.ini
2014-09-17 20:26 - 2011-08-09 17:55 - 00032510 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-17 20:24 - 2014-09-17 20:24 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-09-17 20:21 - 2011-08-10 02:01 - 00000000 ____D () C:\QuickBooks Pro
2014-09-17 20:20 - 2013-12-12 09:34 - 00000294 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-823518204-1500820517-725345543-1003.job
2014-09-17 20:18 - 2014-09-17 20:18 - 00000000 __SHD () C:\Documents and Settings\LocalService\IETldCache
2014-09-17 20:18 - 2011-08-09 17:55 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-09-17 20:18 - 2011-08-09 11:36 - 00837736 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-17 20:17 - 2012-06-29 19:08 - 02736850 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-1500820517-725345543-1003-0.dat
2014-09-17 20:17 - 2012-06-29 19:08 - 00638598 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-09-17 20:17 - 2011-08-09 17:57 - 00000000 ____D () C:\Documents and Settings\Jim Davis
2014-09-17 20:16 - 2014-09-17 20:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-17 20:12 - 2012-12-29 15:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-09-17 20:11 - 2014-09-17 20:11 - 00021146 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-09-17 20:11 - 2014-09-17 20:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-09-17 20:11 - 2014-09-17 20:10 - 00021854 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-09-17 20:11 - 2014-09-17 19:19 - 00024494 _____ () C:\WINDOWS\KB2922229.log
2014-09-17 20:11 - 2012-12-29 15:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-17 20:11 - 2011-08-09 20:15 - 00398846 _____ () C:\WINDOWS\updspapi.log
2014-09-17 20:11 - 2011-08-09 19:43 - 00244740 _____ () C:\WINDOWS\netfxocm.log
2014-09-17 20:11 - 2011-08-09 19:43 - 00070598 _____ () C:\WINDOWS\tabletoc.log
2014-09-17 20:11 - 2011-08-09 19:34 - 00100241 _____ () C:\WINDOWS\medctroc.Log
2014-09-17 20:11 - 2011-08-09 11:37 - 01575295 _____ () C:\WINDOWS\iis6.log
2014-09-17 20:11 - 2011-08-09 11:37 - 01413722 _____ () C:\WINDOWS\FaxSetup.log
2014-09-17 20:11 - 2011-08-09 11:37 - 00691488 _____ () C:\WINDOWS\ocgen.log
2014-09-17 20:11 - 2011-08-09 11:37 - 00652146 _____ () C:\WINDOWS\tsoc.log
2014-09-17 20:11 - 2011-08-09 11:37 - 00480468 _____ () C:\WINDOWS\comsetup.log
2014-09-17 20:11 - 2011-08-09 11:37 - 00440946 _____ () C:\WINDOWS\msmqinst.log
2014-09-17 20:11 - 2011-08-09 11:37 - 00290222 _____ () C:\WINDOWS\ntdtcsetup.log
2014-09-17 20:11 - 2011-08-09 11:37 - 00078589 _____ () C:\WINDOWS\ocmsn.log
2014-09-17 20:11 - 2011-08-09 11:37 - 00071064 _____ () C:\WINDOWS\msgsocm.log
2014-09-17 20:11 - 2011-08-09 11:37 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-09-17 20:11 - 2011-08-09 11:37 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-09-17 20:10 - 2014-09-17 20:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-09-17 20:10 - 2014-09-17 19:19 - 00018824 _____ () C:\WINDOWS\KB2930275.log
2014-09-17 20:10 - 2014-09-17 19:19 - 00017545 _____ () C:\WINDOWS\KB2929961.log
2014-09-17 20:09 - 2014-09-17 20:09 - 00012951 _____ () C:\WINDOWS\KB2934207.log
2014-09-17 20:09 - 2014-09-17 20:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-09-17 20:09 - 2014-09-17 20:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-09-17 19:50 - 2014-09-17 19:50 - 00011620 _____ () C:\WINDOWS\KB2914368.log
2014-09-17 19:50 - 2014-09-17 19:50 - 00011598 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-09-17 19:50 - 2014-09-17 19:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-09-17 19:50 - 2014-09-17 19:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-09-17 19:50 - 2014-09-17 19:18 - 00016906 _____ () C:\WINDOWS\KB2916036.log
2014-09-17 19:49 - 2014-09-17 19:49 - 00011593 _____ () C:\WINDOWS\KB2904266.log
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-09-17 19:49 - 2014-09-17 19:17 - 00016590 _____ () C:\WINDOWS\KB2898715.log
2014-09-17 19:49 - 2014-09-17 19:17 - 00016228 _____ () C:\WINDOWS\KB2893294.log
2014-09-17 19:49 - 2014-09-17 19:17 - 00015725 _____ () C:\WINDOWS\KB2892075.log
2014-09-17 19:49 - 2011-08-09 21:58 - 00032678 _____ () C:\WINDOWS\system32\TZLog.log
2014-09-17 19:48 - 2014-09-17 19:48 - 00008201 _____ () C:\WINDOWS\KB2900986.log
2014-09-17 19:48 - 2014-09-17 19:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-09-17 19:48 - 2014-09-17 19:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-09-17 19:48 - 2014-09-17 19:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-09-17 19:48 - 2014-09-17 19:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-09-17 19:48 - 2014-09-17 19:17 - 00015512 _____ () C:\WINDOWS\KB2862152.log
2014-09-17 19:48 - 2014-09-17 19:16 - 00014953 _____ () C:\WINDOWS\KB2868626.log
2014-09-17 19:48 - 2014-09-17 19:16 - 00013933 _____ () C:\WINDOWS\KB2876331.log
2014-09-17 19:45 - 2014-09-17 19:45 - 00009059 _____ () C:\WINDOWS\KB2862335.log
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-09-17 19:45 - 2011-08-09 11:37 - 00403388 _____ () C:\WINDOWS\setupapi.log
2014-09-17 19:38 - 2014-09-17 19:38 - 00009929 _____ () C:\WINDOWS\KB2868038.log
2014-09-17 19:38 - 2014-09-17 19:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-09-17 19:38 - 2014-09-17 19:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-09-17 19:38 - 2014-09-17 19:15 - 00013130 _____ () C:\WINDOWS\KB2847311.log
2014-09-17 19:37 - 2001-08-23 06:00 - 00001000 _____ () C:\WINDOWS\win.ini
2014-09-17 19:36 - 2014-09-17 19:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-09-17 19:36 - 2014-09-17 19:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-09-17 19:36 - 2014-09-17 19:15 - 00012002 _____ () C:\WINDOWS\KB2864063.log
2014-09-17 19:36 - 2014-09-17 19:15 - 00011481 _____ () C:\WINDOWS\KB2876217.log
2014-09-17 19:35 - 2014-09-17 19:35 - 00006458 _____ () C:\WINDOWS\KB2834904-v2.log
2014-09-17 19:35 - 2014-09-17 19:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-09-17 19:35 - 2014-09-17 19:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-09-17 19:35 - 2014-09-17 19:14 - 00012124 _____ () C:\WINDOWS\KB2859537.log
2014-09-17 19:33 - 2014-09-17 19:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-09-17 19:33 - 2014-09-17 19:14 - 00010956 _____ () C:\WINDOWS\KB2850869.log
2014-09-17 19:28 - 2011-08-10 04:41 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-09-17 19:27 - 2014-09-17 19:27 - 00008105 _____ () C:\WINDOWS\KB2807986.log
2014-09-17 19:27 - 2014-09-17 19:27 - 00005429 _____ () C:\WINDOWS\KB2834886.log
2014-09-17 19:27 - 2014-09-17 19:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-09-17 19:27 - 2014-09-17 19:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-09-17 19:27 - 2014-09-17 19:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-09-17 19:27 - 2014-09-17 19:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-09-17 19:27 - 2014-09-17 19:13 - 00013877 _____ () C:\WINDOWS\KB2813345.log
2014-09-17 19:27 - 2014-09-17 19:13 - 00012751 _____ () C:\WINDOWS\KB2820917.log
2014-09-17 19:27 - 2014-09-17 19:12 - 00012122 _____ () C:\WINDOWS\KB2780091.log
2014-09-17 19:27 - 2011-08-09 20:14 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-09-17 19:26 - 2014-09-17 19:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-09-17 19:26 - 2014-09-17 19:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-09-17 19:26 - 2014-09-17 19:12 - 00012100 _____ () C:\WINDOWS\KB2802968.log
2014-09-17 19:21 - 2012-07-27 09:07 - 00016215 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-09-17 19:06 - 2011-08-09 17:52 - 00001513 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-09-17 08:56 - 2011-08-20 21:01 - 27262976 _____ () C:\VIRTPART.DAT
2014-09-17 08:37 - 2011-08-10 01:50 - 00002495 _____ () C:\Documents and Settings\Jim Davis\Desktop\Microsoft Excel 2003.lnk
2014-09-12 17:30 - 2011-08-10 01:35 - 00000288 _____ () C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
2014-09-09 20:31 - 2014-07-26 07:45 - 00000456 _____ () C:\Documents and Settings\Jim Davis\Desktop\Caleb Videos.url
2014-09-09 13:24 - 2012-04-15 18:29 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-09 13:24 - 2011-08-21 08:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-05 20:26 - 2014-01-08 21:26 - 00000334 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-823518204-1500820517-725345543-1003.job
2014-09-04 08:29 - 2011-08-10 04:05 - 00000294 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1500820517-725345543-1003.job
2014-08-31 20:10 - 2011-08-20 20:39 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-08-29 16:46 - 2012-04-13 19:07 - 00000009 _____ () C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
2014-08-29 13:01 - 2011-08-09 22:00 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-23 18:50 - 2011-08-10 00:55 - 00000000 ____D () C:\Program Files\EPSON Print CD
2014-08-23 18:10 - 2014-08-23 18:10 - 00000000 ____D () C:\Documents and Settings\Jim Davis\Application Data\15631
2014-08-23 17:47 - 2014-06-30 15:34 - 00000000 ____D () C:\Program Files\DVDFab 9 US
2014-08-23 17:34 - 2014-08-23 17:34 - 00001587 _____ () C:\Documents and Settings\All Users\Desktop\DVDFab 9 US.lnk
2014-08-23 17:34 - 2014-06-30 15:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab 9 US

Some content of TEMP:
====================
C:\Documents and Settings\Jim Davis\Local Settings\Temp\fp_pl_pfs_installer-1.exe
C:\Documents and Settings\Jim Davis\Local Settings\Temp\fp_pl_pfs_installer-2.exe
C:\Documents and Settings\Jim Davis\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Jim Davis\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Jim Davis\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Jim Davis\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Jim Davis\Local Settings\Temp\MSIZAP.EXE
C:\Documents and Settings\Jim Davis\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Jim Davis\Local Settings\Temp\SystemRequirementsLabx.exe
C:\Documents and Settings\Jim Davis\Local Settings\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Documents and Settings\Jim Davis\Local Settings\Temp\_is7A.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

ATTACH.TXT

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Jim Davis at 2014-09-18 16:11:39
Running from C:\My Download Files\FRST Recovery
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AirLink101 AWLH6075 (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.9.0 - Ralink)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applet_App (HKLM\...\Applet_App) (Version:  - )
Applet_Copy (HKLM\...\Applet_Copy) (Version:  - )
Applet_Email (HKLM\...\Applet_Email) (Version:  - )
Applet_Epp (HKLM\...\Applet_Epp) (Version:  - )
Applet_File (HKLM\...\Applet_File) (Version:  - )
Applet_OCR (HKLM\...\Applet_OCR) (Version:  - )
Applet_Photoshop (HKLM\...\Applet_Photoshop) (Version:  - )
Applet_Web (HKLM\...\Applet_Web) (Version:  - )
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Parental Control (HKLM\...\InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}) (Version: 1.0.0.1 - ATI Technologies)
ATI Parental Control (Version: 1.0.0.1 - ATI Technologies) Hidden
AtomTime Pro 3.1a (HKLM\...\AtomTime Pro_is1) (Version: 3.1a - Naissan Innovations, LLC)
Belkin Daily DJ (HKLM\...\BelkinDailyDj) (Version:  - )
Belkin Music Labeler (HKLM\...\BelkinLabeler) (Version:  - )
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.0.0 - Belkin International, Inc.)
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Transfer (HKLM\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
Copy Utility (HKLM\...\Copy Utility) (Version:  - )
Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - )
CyberLink PowerDVD 11 (HKLM\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1719.51 - CyberLink Corp.)
CyberLink PowerDVD 11 (Version: 11.0.1719.51 - CyberLink Corp.) Hidden
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
DirectXInstallService (Version: 9.0.0 - Roxio) Hidden
DVDFab 8.1.8.1 (05/05/2012) Qt Beta (HKLM\...\DVDFab 8 Qt Beta_is1) (Version:  - Fengtao Software Inc.)
DVDFab 8.2.2.9 (18/06/2013) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.1.4.0 (17/04/2014) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.1.6.4 (21/08/2014) (HKLM\...\DVDFab 9 US_is1) (Version:  - Fengtao Software Inc.)
Elevated Installer (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Roxo, Inc.)
EPSON CardMonitor (HKLM\...\{109D28C7-FB38-483A-9C91-001CB59E2699}) (Version:  - )
EPSON Photo Print (HKLM\...\EPSON Photo Print) (Version:  - )
EPSON PhotoStarter3.0 (HKLM\...\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}) (Version:  - )
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Epson Professional Print Sample (HKLM\...\{E7B46D0D-A63D-42AB-9D1D-75A88C280F78}) (Version:  - )
EPSON Smart Panel (HKLM\...\EPSON Smart Panel) (Version:  - )
EPSON TWAIN 5 (HKLM\...\{9A3EABC0-CA06-11D4-BF77-00104B130C19}) (Version:  - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
FlipShare (HKLM\...\{7732DA71-2FB6-5C99-D0D9-58A2DB360895}) (Version: 4.0.6.31692 - Pure Digital Technologies)
Garmin Express (HKLM\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM\...\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}) (Version: 4.2.205.5730 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 2.2.0.1621 - Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 1.80.19.0 - Symantec Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 6.2 (HKLM\...\{8C5FAD77-F678-4758-A296-C12F08D179E0}) (Version: 6.20.182.0 - Microsoft)
Microsoft IntelliType Pro 6.2 (HKLM\...\{345112D9-0930-4A68-AB71-A831BA5DE7AA}) (Version: 6.20.182.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 CD Converter Professional 5.03 (HKLM\...\MP3 CD Converter Professional) (Version: 5.03 - YuanSoft Inc)
MP3 WAV Converter 2.65 (HKLM\...\MP3 WAV Converter 2.65) (Version:  - )
MP3 WAV Converter 3.26 (HKLM\...\MP3 WAV Converter 3.26) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Mover (HKLM\...\Music Mover_is1) (Version:  - )
Norton SystemWorks 2003 (HKLM\...\{43C3D832-AC96-463A-2003-1B8D1BFA2523}) (Version: 6.0.0 - Symantec Corporation)
NVIDIA Control Panel 285.58 (Version: 285.58 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 285.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.58 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA nView 135.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.95 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden
NWZ-S540 WALKMAN Guide (HKLM\...\{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}) (Version: 2.0.00.07010 - Sony Corporation)
OKI LPR Utility (HKLM\...\OKI LPR Utility) (Version:  - )
Olympus DSS Player 2002 (HKLM\...\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}) (Version:  - )
P.I.M. II Plug-In (HKLM\...\{735D7AC9-BC7B-4491-9D06-7F4642849E7C}) (Version:  - )
PlayBryte (HKLM\...\Playbryte) (Version:  - Playbryte)
Popcorn Time (HKLM\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
QuickBooks (Version: 22.0.4015.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4015.2206 - Intuit Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (HKLM\...\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}) (Version: 1.1.0 - Roxio)
Roxio Central Audio (HKLM\...\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}) (Version: 3.6.0 - Roxio)
Roxio Central Copy (HKLM\...\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}) (Version: 3.6.0 - Roxio)
Roxio Central Core (HKLM\...\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}) (Version: 3.6.0 - Roxio)
Roxio Central Data (HKLM\...\{08E81ABD-79F7-49C2-881F-FD6CB0975693}) (Version: 3.6.0 - Roxio)
Roxio Central Tools (HKLM\...\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}) (Version: 3.6.0 - Roxio)
Roxio CinePlayer (HKLM\...\{1B683082-8791-4D00-8ADE-6C8986FCCC68}) (Version: 3.9 - Roxio)
Roxio CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Roxio)
Roxio Disc Gallery (HKLM\...\{3E67A8DA-FE7B-4160-8465-F5571EA18753}) (Version: 3.1 - Roxio)
Roxio Easy Media Creator 10 Suite (HKLM\...\{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}) (Version: 1.0.044 - Roxio)
Roxio Easy Media Creator 7 (HKLM\...\{A99C6296-A311-4D6C-9602-53B4241921D5}) (Version: 7.5.0.47 - Roxio, Inc.)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.1.0 - Roxio)
Roxio MediaShare (HKLM\...\{9A9A1828-31D1-4590-A99F-022B7237AFAE}) (Version: 1.0.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version:  - )
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
Sound Blaster X-Fi (HKLM\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - )
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Video Mover (HKLM\...\Video Mover_is1) (Version:  - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
VSO Inspector 2.0.2 (HKLM\...\VSO Inspector_is1) (Version:  - VSO-Software SARL)
Watchtower Library 2010 - English (HKLM\...\{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}) (Version: 12.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2011 - English (HKLM\...\{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2012 - English (HKLM\...\{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2013 - English (HKLM\...\{004E8ED2-315C-4473-A934-032D5D7B3A02}) (Version: 15.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\QuickBooks Pro\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\QuickBooks Pro\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\QuickBooks Pro\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\QuickBooks Pro\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-1500820517-725345543-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

24-06-2014 14:38:04 System Checkpoint
25-06-2014 16:34:26 System Checkpoint
26-06-2014 16:52:13 System Checkpoint
27-06-2014 17:01:37 System Checkpoint
29-06-2014 03:25:15 System Checkpoint
30-06-2014 13:31:52 System Checkpoint
01-07-2014 14:05:29 System Checkpoint
02-07-2014 17:40:07 System Checkpoint
03-07-2014 18:35:46 System Checkpoint
04-07-2014 18:46:57 System Checkpoint
05-07-2014 18:48:21 System Checkpoint
07-07-2014 12:49:07 System Checkpoint
08-07-2014 16:20:58 System Checkpoint
09-07-2014 16:29:21 System Checkpoint
10-07-2014 14:40:34 Installed Microsoft Visual C++ 2005 Redistributable
11-07-2014 17:16:13 System Checkpoint
12-07-2014 21:56:57 System Checkpoint
13-07-2014 21:57:05 System Checkpoint
14-07-2014 21:57:46 System Checkpoint
16-07-2014 00:05:37 System Checkpoint
17-07-2014 13:06:40 System Checkpoint
18-07-2014 19:23:15 System Checkpoint
19-07-2014 22:45:27 System Checkpoint
21-07-2014 00:16:21 System Checkpoint
22-07-2014 01:30:53 System Checkpoint
23-07-2014 14:41:47 System Checkpoint
24-07-2014 15:01:10 System Checkpoint
24-07-2014 17:52:17 Garmin Express
24-07-2014 17:52:39 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
24-07-2014 17:53:42 Garmin Express
25-07-2014 19:15:00 System Checkpoint
26-07-2014 20:25:35 System Checkpoint
27-07-2014 22:52:40 System Checkpoint
29-07-2014 01:34:11 System Checkpoint
30-07-2014 14:48:13 System Checkpoint
31-07-2014 15:33:57 System Checkpoint
01-08-2014 16:59:44 System Checkpoint
03-08-2014 14:41:52 System Checkpoint
04-08-2014 18:15:16 System Checkpoint
06-08-2014 01:31:36 System Checkpoint
07-08-2014 15:15:05 System Checkpoint
08-08-2014 19:33:33 System Checkpoint
09-08-2014 22:31:31 System Checkpoint
11-08-2014 14:27:21 System Checkpoint
12-08-2014 17:56:39 System Checkpoint
13-08-2014 22:07:23 System Checkpoint
14-08-2014 22:58:34 System Checkpoint
16-08-2014 01:05:42 System Checkpoint
17-08-2014 02:00:02 System Checkpoint
18-08-2014 14:51:37 System Checkpoint
19-08-2014 17:36:04 System Checkpoint
20-08-2014 23:15:03 System Checkpoint
22-08-2014 19:46:17 System Checkpoint
23-08-2014 20:37:02 System Checkpoint
24-08-2014 23:03:25 System Checkpoint
26-08-2014 15:06:24 System Checkpoint
27-08-2014 15:58:28 System Checkpoint
28-08-2014 17:02:24 System Checkpoint
29-08-2014 18:45:52 System Checkpoint
01-09-2014 15:56:05 System Checkpoint
02-09-2014 16:36:41 System Checkpoint
03-09-2014 21:28:02 System Checkpoint
04-09-2014 22:37:56 System Checkpoint
06-09-2014 02:05:34 System Checkpoint
07-09-2014 23:10:15 System Checkpoint
09-09-2014 00:00:06 System Checkpoint
10-09-2014 00:05:52 System Checkpoint
11-09-2014 18:29:12 System Checkpoint
12-09-2014 22:59:31 System Checkpoint
13-09-2014 23:24:28 System Checkpoint
15-09-2014 15:36:23 System Checkpoint
16-09-2014 18:14:59 System Checkpoint
17-09-2014 18:23:52 System Checkpoint
18-09-2014 01:21:19 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 06:00 - 2001-08-23 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job => C:\Program Files\Norton SystemWorks\OBC.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-823518204-1500820517-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-823518204-1500820517-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-823518204-1500820517-725345543-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-823518204-1500820517-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-823518204-1500820517-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1500820517-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1500820517-725345543-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-07 16:18 - 2010-03-10 15:56 - 00152064 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2014-07-07 16:18 - 2010-03-10 15:56 - 00049152 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2011-08-14 15:29 - 2011-05-18 21:00 - 00083240 _____ () C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2008-11-13 13:17 - 2008-11-13 13:17 - 00439616 _____ () C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
2008-11-13 13:15 - 2008-11-13 13:15 - 01581056 _____ () C:\Program Files\Pure Digital Technologies\FlipShare\QtCore4.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-10 08:37 - 2010-02-23 12:50 - 00057395 _____ () C:\WINDOWS\system32\pthreadVC.dll
2011-08-09 20:11 - 1998-10-17 07:00 - 00033792 _____ () C:\My Download Files\Winzip\WZSHLEXT.DLL
2014-07-07 16:18 - 2010-03-10 15:56 - 00132096 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2007-08-18 03:09 - 2007-08-18 03:09 - 00044016 _____ () C:\Program Files\Common Files\Roxio Shared\DLLShared\apm.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:80337C03

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Airlink101 Wireless Monitor.lnk => C:\WINDOWS\pss\Airlink101 Wireless Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OKI LPR Utility.lnk => C:\WINDOWS\pss\OKI LPR Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\WINDOWS\pss\QuickBooks_Standard_21.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ContentTransferWMDetector.exe => C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GhostStartTrayApp => C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
MSCONFIG\startupreg: InstaLAN => "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: VolPanel => "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2014 02:17:00 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/17/2014 02:17:00 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/17/2014 02:17:00 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/17/2014 08:31:44 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/17/2014 08:31:44 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/17/2014 08:31:44 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/16/2014 09:33:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/16/2014 09:33:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/16/2014 09:33:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/15/2014 08:08:16 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

System errors:
=============
Error: (09/18/2014 09:36:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update service service failed to start due to the following error:
%%193

Error: (09/18/2014 08:46:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (09/18/2014 08:46:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (09/17/2014 08:20:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (09/17/2014 08:20:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (09/17/2014 10:56:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (09/17/2014 10:56:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (09/17/2014 10:38:25 AM) (Source: DCOM) (EventID: 10005) (User: DELL1)
Description: DCOM got error "%%1055" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (09/17/2014 10:14:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (09/17/2014 10:14:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (09/17/2014 02:17:00 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/17/2014 02:17:00 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/17/2014 02:17:00 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/17/2014 08:31:44 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/17/2014 08:31:44 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/17/2014 08:31:44 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/16/2014 09:33:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/16/2014 09:33:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/16/2014 09:33:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/15/2014 08:08:16 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

==================== Memory info ===========================

Processor:  Intel® Pentium® D CPU 3.20GHz
Percentage of memory in use: 20%
Total physical RAM: 3070.09 MB
Available physical RAM: 2439.27 MB
Total Pagefile: 4955.07 MB
Available Pagefile: 4562.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.8 MB

==================== Drives ================================

Drive c: (CDELL1) (Fixed) (Total:465.76 GB) (Free:293.54 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (CDELL1) (Fixed) (Total:465.76 GB) (Free:297.18 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: ED377A29)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 928395F0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 PM

Posted 18 September 2014 - 05:46 PM

This doesn't look too bad. Are you experiencing any problems on this computer?
But especially since there is no antivirus software installed we should get a second opinion from ESET anyway.


Step 1

Please download this attached Attached File  fixlist.txt   400bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#11 jimdavis222

jimdavis222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:01:46 PM

Posted 18 September 2014 - 11:09 PM

I would describe this machine as being a little inconsistent when loading web pages or even explorer (IE8). Since both systems are on the same home network I guess I just wanted to check it's health. Here are the 2 files

 

FIXLOG.TXT

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Jim Davis at 2014-09-18 17:19:08 Run:1
Running from C:\My Download Files\FRST Recovery
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-v/search/redirect/?type=default&user_id=7e1e6b6b-369a-46dc-b9fa-8f4bd59de742&query={searchTerms}
BHO: PlayBryte BHO -> {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}" => Key deleted successfully.
"HKCR\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}" => Key deleted successfully.
"HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}" => Key deleted successfully.
EmptyTemp: => Removed 2.5 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

LOG.TXT

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e5545d77e40fb848ab6f8eee233c5ef8
# engine=20223
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-19 03:00:35
# local_time=2014-09-18 09:00:35 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=532760
# found=29
# cleaned=0
# scan_time=12765
sh=5E5E3CD71CCECAAEBB1749F37BFCBE912ECBB6F9 ft=0 fh=0000000000000000 vn="HTML/TrojanClicker.Agent.A trojan" ac=I fn="C:\BIN\Temporary Internet Files\Content.IE5\W5Q74TU7\popup[1].htm"
sh=CC8AA091B5BE48E2811E0AE1AC14CB2CD933D666 ft=1 fh=d481c084ce4f06ba vn="a variant of Win32/FirseriaInstaller.M potentially unwanted application" ac=I fn="C:\Documents and Settings\Jim Davis\My Documents\Downloads\java.exe"
sh=EEDC416548E24EFAF74987E4FDF0F071C995C457 ft=1 fh=81512fb56572bf19 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Documents and Settings\Jim Davis\My Documents\Downloads\java_installer.exe"
sh=B6B176A17C0795CB0DCE2F7C301AA80B36F07B1A ft=1 fh=b198d92d252b5228 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Documents and Settings\Jim Davis\My Documents\Downloads\mediaplayer.exe"
sh=2BC53C443C3F49300B02E414041175BDAB1000CB ft=1 fh=89cd747b85455411 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\My Download Files\7-Zip\7zipfree_8675.exe"
sh=D6A0D7D0B3D19AFA5E8C9D61A684B08098A0B945 ft=1 fh=21d733a5d88a8a74 vn="multiple threats" ac=I fn="C:\My Download Files\Cell Phone Ringers\dolphinfree-screensaver.exe"
sh=7C0528F0F8B870A4F7E0DAEAEFA74ABEACCEFD00 ft=1 fh=ce3a0a24bbfbcb9c vn="a variant of Win32/InstallCore.AY potentially unwanted application" ac=I fn="C:\My Download Files\Mozilla\Firefox_Setup_16.0.1.exe"
sh=43449182574F30807AABACE08424C6F9F1817990 ft=1 fh=0c0de320661e3896 vn="a variant of Win32/InstallCore.X potentially unwanted application" ac=I fn="C:\My Download Files\Mozilla\mozilla-firefox.exe"
sh=44846869F51B08C1E8D644CB65DEAE4EACE76E15 ft=1 fh=2fc2d2772c00b8aa vn="multiple threats" ac=I fn="C:\My Download Files\Ringtone\xingtonefree.exe"
sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Program Files\InstallConverter bundle uninstaller_Installer Converter new - sync_1154524\uninstaller.exe"
sh=AB368E4649E20A8CD42AE80D3F1948B7F060BC5B ft=1 fh=731b264463aa25a6 vn="a variant of MSIL/Adware.iBryte.A application" ac=I fn="C:\Program Files\Playbryte\uninstall.exe"
sh=ABEDCEDB852505A48E9264128F447A5DA5C26193 ft=1 fh=f13b5078d9215d8d vn="probably unknown NewHeur_PE virus" ac=I fn="C:\VADIS\Scripts\Voccs\vocsstart.exe"
sh=5E5E3CD71CCECAAEBB1749F37BFCBE912ECBB6F9 ft=0 fh=0000000000000000 vn="HTML/TrojanClicker.Agent.A trojan" ac=I fn="D:\BIN\Temporary Internet Files\Content.IE5\W5Q74TU7\popup[1].htm"
sh=EB6AA6E142A33CEE2C2B47C3C201BDF6B28FA846 ft=1 fh=fc79af95b58d1e11 vn="Win32/Toolbar.Babylon potentially unwanted application" ac=I fn="D:\Documents and Settings\Jim Davis\Local Settings\Temp\is754907076\MyBabylonTB.exe"
sh=3F7976498661C306FE1B73EA0F8FD80C7C30F3F7 ft=1 fh=93a499006a4dae46 vn="Win32/Wajam.C potentially unwanted application" ac=I fn="D:\Documents and Settings\Jim Davis\Local Settings\Temp\is754907076\wajam_download.exe"
sh=ECFBD75DC048D8E0D4BC6BBB5FC06DB12602930D ft=0 fh=0000000000000000 vn="HTML/IFrame.M trojan" ac=I fn="D:\Documents and Settings\Jim Davis\Local Settings\Temporary Internet Files\Content.IE5\TVYX02L3\111-sambuca[1].htm"
sh=CC8AA091B5BE48E2811E0AE1AC14CB2CD933D666 ft=1 fh=d481c084ce4f06ba vn="a variant of Win32/FirseriaInstaller.M potentially unwanted application" ac=I fn="D:\Documents and Settings\Jim Davis\My Documents\Downloads\java.exe"
sh=EEDC416548E24EFAF74987E4FDF0F071C995C457 ft=1 fh=81512fb56572bf19 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="D:\Documents and Settings\Jim Davis\My Documents\Downloads\java_installer.exe"
sh=B6B176A17C0795CB0DCE2F7C301AA80B36F07B1A ft=1 fh=b198d92d252b5228 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="D:\Documents and Settings\Jim Davis\My Documents\Downloads\mediaplayer.exe"
sh=2BC53C443C3F49300B02E414041175BDAB1000CB ft=1 fh=89cd747b85455411 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="D:\My Download Files\7-Zip\7zipfree_8675.exe"
sh=D6A0D7D0B3D19AFA5E8C9D61A684B08098A0B945 ft=1 fh=21d733a5d88a8a74 vn="multiple threats" ac=I fn="D:\My Download Files\Cell Phone Ringers\dolphinfree-screensaver.exe"
sh=9C7798B1D95D5F5E354316D5192C408937BE5608 ft=1 fh=0d207aa43aaab8ea vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="D:\My Download Files\FRST Recovery\64 Bit Systems\Clean-up\7zip_installer.exe"
sh=9C7798B1D95D5F5E354316D5192C408937BE5608 ft=1 fh=0d207aa43aaab8ea vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="D:\My Download Files\FRST Recovery\64 Bit Systems\DelFix for XP\7zip_installer.exe"
sh=7C0528F0F8B870A4F7E0DAEAEFA74ABEACCEFD00 ft=1 fh=ce3a0a24bbfbcb9c vn="a variant of Win32/InstallCore.AY potentially unwanted application" ac=I fn="D:\My Download Files\Mozilla\Firefox_Setup_16.0.1.exe"
sh=43449182574F30807AABACE08424C6F9F1817990 ft=1 fh=0c0de320661e3896 vn="a variant of Win32/InstallCore.X potentially unwanted application" ac=I fn="D:\My Download Files\Mozilla\mozilla-firefox.exe"
sh=44846869F51B08C1E8D644CB65DEAE4EACE76E15 ft=1 fh=2fc2d2772c00b8aa vn="multiple threats" ac=I fn="D:\My Download Files\Ringtone\xingtonefree.exe"
sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="D:\Program Files\InstallConverter bundle uninstaller_Installer Converter new - sync_1154524\uninstaller.exe"
sh=AB368E4649E20A8CD42AE80D3F1948B7F060BC5B ft=1 fh=731b264463aa25a6 vn="a variant of MSIL/Adware.iBryte.A application" ac=I fn="D:\Program Files\Playbryte\uninstall.exe"
sh=ABEDCEDB852505A48E9264128F447A5DA5C26193 ft=1 fh=f13b5078d9215d8d vn="probably unknown NewHeur_PE virus" ac=I fn="D:\VADIS\Scripts\Voccs\vocsstart.exe"

 



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 PM

Posted 19 September 2014 - 06:21 AM

That looks ok. ESET hasn't found anything of interest. But I see that there are many downloaded setups in the ESET log. This happens when you download software from third party download sites as they often bundle some unwanted stuff (adware) to it. Try to always download software from its producer directly.
You can do the clean up steps on this computer as well. And update Java (Java 7 Update 51).

#13 jimdavis222

jimdavis222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:01:46 PM

Posted 19 September 2014 - 09:50 AM

Thanks again for all of your help. My wife uses this machine probably 1/3 of the time and she is not very computer savvy. she tends to trust what she sees on screen. Again I applaud your skills and dedication to helping others. I don't know where you live but you certainly appear to have a great deal of energy considering your last post yesterday and your first post to me today. You were off line maybe 5/6 hours... amazing.

 

Am I correct in understanding your last instructions, you would like me to run DelFix only as the clean up for this machine?



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 PM

Posted 19 September 2014 - 01:36 PM

You're very welcome.
Yes you can uninstall ESET Online Scanner and run DelFix und this computer as well. Then we're done.

All the best.

#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 PM

Posted 19 September 2014 - 01:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users