Jump to content

shahzadb

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Computer is running just fine. Just want to make sure this is not a temporary solution, what if in a week or so, my computer goes back to being slow, do I follow- the steps above or start new thread?
  2. thanks Kevin. I found the Win 7 Key with your help My computer now is running fine, I don't use this all the time, so I am not 100% sure, if all issues resolved. Did you find anything wrong with my PC based on logs? if I try to re-install windows and somehow get stuck doing it, will I be able to go back to my old settings.I do have an image copy of my hard drive what are steps to re-install windows? I would still like to solve this issue, w/o re-installing Win 7. but wanted to make sure I had opttions. Thanks
  3. I ran ESET first time, which had 5 infected files. But I didnt seen logs in C:\Program Files (x86)\ESET\ESET Online Scanner. That could be maybe, after the end of the scan, I checked "uninstall ESET" after close option. So, I re-ran the ESET scan again, and this time 0 files infected. See all logs below. If I re-install windows 7, wouldn't this make my Laptop restore to factory settings? Only thing concern me is that I don't have Windows 7 CD, but when I right-click on the My Computer, and there is an Acitivation Key for Windows. Can I used that Key to acitivate my Windows 7 pro, if I download Win 7 file from microsoft's website? I do have all drivers of my laptop. Thanks ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK FRST LastRegBack: 2015-05-24 11:40 ==================== End of log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015 Ran by Owner at 2015-05-25 20:14:22 Running from C:\Users\Owner\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1921474701-2290882765-2420123044-500 - Administrator - Disabled) Guest (S-1-5-21-1921474701-2290882765-2420123044-501 - Limited - Enabled) Owner (S-1-5-21-1921474701-2290882765-2420123044-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Symantec Endpoint Protection (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 256HD Bat-pack (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\256HD Bat-pack) (Version: - ) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) A2 Studios ICC World T20 2014 Patch (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\A2 Studios ICC World T20 2014 Patch) (Version: - ) ActivClient x86 (Version: 6.2 - ActivIdentity) Hidden Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) Airfoil (HKLM\...\Airfoil) (Version: 3.6.5 - Rogue Amoeba) Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden BIOS Configuration for HP ProtectTools (HKLM\...\{4A48FBE1-723F-4297-9DD0-9D7E123D78D9}) (Version: 4.00 D2 - Hewlett-Packard) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.0.6 - Hewlett-Packard) DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC) Drive Encryption for HP ProtectTools (Version: 4.0.24 - Hewlett-Packard) Hidden Embedded Security for HP ProtectTools (HKLM\...\{85FBB6CC-82ED-47BA-9F9D-5F6313D75955}) (Version: 5.6.000 - Hewlett-Packard) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) File Sanitizer For HP ProtectTools (HKLM\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.10 - Hewlett-Packard) Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM\...\{511376F5-7E5A-4EC9-B603-193B1D425BC3}) (Version: 1.0.1.1 - Hewlett-Packard) HP ProtectTools Security Manager Suite (HKLM\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard) HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard) HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.11 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard) iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6257.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation) Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel) iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 7.1.0.20169 - Juniper Networks) Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.) LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe) Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Notepad++ (HKLM\...\Notepad++) (Version: 5.9 - ) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc) Privacy Manager for HP ProtectTools (HKLM\...\{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}) (Version: 1.0.1.599 - Hewlett-Packard) QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH) Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Symantec Endpoint Protection (HKLM\...\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}) (Version: 12.1.671.4971 - Symantec Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.1 - Synaptics Incorporated) The Logo Creator v6 6.0 (HKLM\...\The Logo Creator v6) (Version: 6.0 - Laughingbird Software) The Logo Creator v6.6 (HKLM\...\The Logo Creator) (Version: v6.6 - Laughingbird Software) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Usmleworld QBank (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Usmleworld QBank) (Version: - USMLEWORLD,LLC) VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Windows 7 Default Setting (HKLM\...\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}) (Version: 1.0.0.6 - Hewlett-Packard) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 15-05-2015 19:21:56 Windows Update 15-05-2015 19:53:22 Windows Update 20-05-2015 21:10:46 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03946FDA-AC30-415E-8511-246373801101} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {1E94AD85-C62F-48BC-9CA5-CBBCDC3C1BA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.) Task: {320ED430-7009-4AAA-AB82-90A3C2A7E940} - System32\Tasks\{551EF2BA-B517-4192-B03F-6F62402951D3} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {3324E4FD-A48C-4DE4-B1CB-A3CAD9A6DBCE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {3CFE400E-7E81-4064-B4A2-D1AD1278E268} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {51CF2FF4-EABE-49B3-AA0E-9B72236900EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {57EEB7BD-462D-4A53-908E-8A2243E74AC3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-14] (Microsoft Corporation) Task: {7CE81F08-F3F4-422B-98A2-6E7813FD23BB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-14] (Microsoft Corporation) Task: {8F61578B-F7D0-4C5D-8BA9-5522A6CE63CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-21] (Microsoft Corporation) Task: {A0F87BC4-D1B5-4A58-858A-F2FB58BC6389} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.) Task: {AED3CD7D-5213-4D39-AEF5-8ACFFEF4BE6D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {B79AD643-BB00-4CF3-9B02-DA315443DF4F} - System32\Tasks\{DA562DE9-73D0-41B4-AA99-73FF2CCF0736} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBU9ZTTJ\JavaSetup8u31.com" -d C:\Users\Owner\Desktop Task: {D43E4695-F7D9-4B07-A772-BD2A39EA77B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated) Task: {D90AC761-1E6F-4528-A275-8005533DC278} - System32\Tasks\{F7255762-8F36-47CD-837E-230140331F24} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {E8F34C05-E4D5-4A2F-89EB-6C8468572D51} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-14 14:14 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2015-03-14 15:44 - 2015-03-14 15:44 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2009-06-29 16:10 - 2009-06-29 16:10 - 00300600 _____ () C:\Windows\system32\flcdlmsg.dll 2011-03-21 14:56 - 2011-03-21 14:56 - 01230704 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2011-03-21 14:57 - 2011-03-21 14:57 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2011-12-13 11:50 - 2011-12-13 11:50 - 00224512 _____ () C:\Program Files\RemoteSound\RemoteSound.exe 2011-03-24 08:21 - 2011-03-24 08:21 - 02278912 _____ () C:\Program Files\RemoteSound\QtCore4.dll 2011-03-24 08:21 - 2011-03-24 08:21 - 08151040 _____ () C:\Program Files\RemoteSound\QtGui4.dll 2011-03-24 08:21 - 2011-03-24 08:21 - 00911872 _____ () C:\Program Files\RemoteSound\QtNetwork4.dll 2011-12-08 04:22 - 2011-12-08 04:22 - 00176128 _____ () C:\Program Files\RemoteSound\ScienPixMedia.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 05127182 _____ () C:\Program Files\RemoteSound\avcodec-52.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00077326 _____ () C:\Program Files\RemoteSound\avutil-50.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00762894 _____ () C:\Program Files\RemoteSound\avformat-52.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00207374 _____ () C:\Program Files\RemoteSound\swscale-0.dll 2011-12-08 04:19 - 2011-12-08 04:19 - 00019456 _____ () C:\Program Files\RemoteSound\ScienPixWAL.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{9FD4ECCA-063F-4AC5-A5E0-270B80E95A5B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{83527828-F0BD-4065-B45A-F4CCC1135F21}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{843490A2-A59D-4E8F-B47E-8AAEC47D8A94}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{E27CCD43-D03D-455F-A08D-872B1CE76D5B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{D50D7D2C-2A84-4FF1-9049-CD167F533F94}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{3CB04CE3-F2EE-41E3-8399-BDDD5A346151}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{A31FD9BE-DE74-4FD6-8F9B-A78690F238B6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{E4F3E31D-C166-457A-835E-D945E5DF5549}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4CFA4455-19BA-4641-871E-14163E49E7E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{74C0C364-8D76-427A-944E-CCEAAD32ACEF}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe FirewallRules: [{3C5EF1A3-948D-4B4C-97B8-B547521950AF}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe FirewallRules: [{E03167AE-D11B-4E38-BF47-2D3E6F8076D8}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe FirewallRules: [{E31B585A-6082-4146-9AFD-3EA882B880E3}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe FirewallRules: [{08565DFA-7D0D-4AFD-A8CD-D011D860475D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{09DBD2CD-3536-4359-93FA-1B730D1D3B32}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5EE34852-EEB1-4D87-817C-A1228CBBF233}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{DE5983D4-7040-4D01-8318-74CA226E678D}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{00EEFA34-E80E-4524-B631-31DD3B9B7F55}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{267596C5-A858-48AE-9507-B6523D6AC9D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{B53C5DA8-0801-4955-96EB-6AA7D477ED0B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{55D965DB-E3AD-4467-B14F-24BF3F61A247}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{E1435E80-F11F-4037-9521-F020B5A33C3F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{F776FAE6-C44C-4E26-BBEB-C80205C1DB86}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{061DC365-AB39-4154-A183-15BEDB6A3CFC}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{66A0904C-1E3A-4A31-89EB-6C3BA3018C3E}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{A455B9F8-5211-4DB3-992C-94C591A57856}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{940DF371-E6E6-42A6-AAF2-1C35D584696A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{B4D07608-A4F9-4982-A0CC-FC5F3A327313}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{3E8511B6-D9B9-4EE8-8C2D-C8977B0335DA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2015 06:14:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: HP-LAPTOP) Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\PROGRAMDATA\Symantec\SYMANTEC ENDPOINT PROTECTION\CurrentVersion Event Info: Open File Action Taken: Logged Actor Process: C:\PROGRAM FILES\ESET\ESET ONLINE SCANNER\ONLINECMDLINESCANNER.EXE (PID 10104) Time: Monday, May 25, 2015 6:14:52 PM Error: (05/25/2015 05:14:04 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: HP-LAPTOP) Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Event Info: Open Process Action Taken: Logged Actor Process: C:\PROGRAM FILES\ESET\ESET ONLINE SCANNER\ONLINECMDLINESCANNER.EXE (PID 3740) Time: Monday, May 25, 2015 5:14:04 PM Error: (05/25/2015 05:14:03 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: HP-LAPTOP) Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process Action Taken: Logged Actor Process: C:\PROGRAM FILES\ESET\ESET ONLINE SCANNER\ONLINECMDLINESCANNER.EXE (PID 3740) Time: Monday, May 25, 2015 5:14:03 PM Error: (05/25/2015 03:47:45 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: HP-LAPTOP) Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion Event Info: Open File Action Taken: Logged Actor Process: C:\PROGRAM FILES\ESET\ESET ONLINE SCANNER\ONLINECMDLINESCANNER.EXE (PID 3740) Time: Monday, May 25, 2015 3:47:45 PM Error: (05/25/2015 03:26:57 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: ) Description: Security Risk Found!Trojan.Gen.2 in File: C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\dwhc438.exe.xBAD by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (05/25/2015 03:26:35 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: ) Description: Security Risk Found!Trojan.Gen.2 in File: C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\dwh6097.exe.xBAD by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (05/25/2015 10:49:36 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485933 Error: (05/25/2015 10:49:36 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {7BCC4250-343C-4AC3-8A7F-6BBEE46D054E} Error: (05/25/2015 07:18:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 64631 Error: (05/25/2015 07:18:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 64631 System errors: ============= Error: (05/25/2015 02:24:20 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {C2BFE331-6739-4270-86C9-493D9A04CD38} Error: (05/22/2015 07:09:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (05/22/2015 07:09:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/22/2015 07:09:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/22/2015 07:09:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s). Error: (05/22/2015 07:09:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The hpqwmiex service terminated unexpectedly. It has done this 1 time(s). Error: (05/22/2015 07:08:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (05/22/2015 07:08:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Symantec Endpoint Protection service failed to start due to the following error: %%1053 Error: (05/22/2015 07:08:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Symantec Endpoint Protection service to connect. Error: (05/22/2015 07:08:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Microsoft Office: ========================= CodeIntegrity Errors: =================================== Date: 2015-05-24 10:38:59.594 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-23 20:04:32.218 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-22 19:05:42.797 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-21 20:52:55.761 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-20 20:58:28.972 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-20 20:43:29.118 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-15 19:09:03.616 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-13 20:27:02.574 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-13 20:24:06.032 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-13 20:21:37.922 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5 CPU M 520 @ 2.40GHz Percentage of memory in use: 39% Total physical RAM: 2991.38 MB Available physical RAM: 1801.87 MB Total Pagefile: 5981.07 MB Available Pagefile: 4255.93 MB Total Virtual: 2047.88 MB Available Virtual: 1915.19 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:145.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BB575B6D) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End of log ============================
  4. Hi Kevin, I was unable to reply back to this topic until yesterday. Here are the logs. Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-05-2015 01 Ran by Owner at 2015-05-20 20:52:26 Run:1 Running from C:\Users\Owner\Downloads Loaded Profiles: Owner (Available profiles: Owner) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start SearchScopes: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000 -> {9FC27FD9-3E62-45A1-8ED1-F4E48D2D8D17} URL = http://websearch.ask...9-C1F2DE911078 BHO: Somoto Toolbar -> {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -> C:\Program Files\somototoolbar\vmntemplateX.dll No File Toolbar: HKLM - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll No File Toolbar: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File S3 SYMTDI; \SystemRoot\System32\Drivers\SYMTDI.SYS [X] C:\Users\Owner\AppData\Local\Temp\ApnStub.exe C:\Users\Owner\AppData\Local\Temp\Burn4Free.exe C:\Users\Owner\AppData\Local\Temp\contentDATs.exe C:\Users\Owner\AppData\Local\Temp\converter.exe C:\Users\Owner\AppData\Local\Temp\dwh6097.exe C:\Users\Owner\AppData\Local\Temp\dwhc438.exe C:\Users\Owner\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Owner\AppData\Local\Temp\GoogleToolbarInstaller.exe C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Owner\AppData\Local\Temp\ose00000.exe C:\Users\Owner\AppData\Local\Temp\ose00001.exe C:\Users\Owner\AppData\Local\Temp\ose00002.exe C:\Users\Owner\AppData\Local\Temp\pslist.exe C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Owner\AppData\Local\Temp\setup.exe C:\Users\Owner\AppData\Local\Temp\Setup1.exe C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe C:\Users\Owner\AppData\Local\Temp\_isF076.exe C:\Users\Samir\AppData\Local\Temp\SkypeSetup.exe CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B0FF20F1-C857-4EA5-A2B8-A85372879B3D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File AlternateDataStreams: C:\ProgramData\TEMP:7A36BD6D Emptytemp: End ***************** "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9FC27FD9-3E62-45A1-8ED1-F4E48D2D8D17}" => Key deleted successfully. HKCR\CLSID\{9FC27FD9-3E62-45A1-8ED1-F4E48D2D8D17} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}" => Key deleted successfully. "HKCR\CLSID\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} => value deleted successfully. HKCR\CLSID\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} => Key not found. HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. SYMTDI => Service deleted successfully. C:\Users\Owner\AppData\Local\Temp\ApnStub.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\Burn4Free.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\contentDATs.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\converter.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\dwh6097.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\dwhc438.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\GoogleToolbarInstaller.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\ose00001.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\ose00002.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\pslist.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\setup.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\Setup1.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\_isF076.exe => Moved successfully. C:\Users\Samir\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B0FF20F1-C857-4EA5-A2B8-A85372879B3D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}" => Key deleted successfully. "HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}" => Key deleted successfully. C:\ProgramData\TEMP => ":7A36BD6D" ADS removed successfully. EmptyTemp: => Removed 3.6 GB temporary data. The system needed a reboot. ==== End of Fixlog 20:55:59 ==== MABM log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/21/2015 Scan Time: 9:13:08 PM Logfile: MABMlog_1.txt Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.05.21.04 Rootkit Database: v2015.05.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Owner Scan Type: Threat Scan Result: Completed Objects Scanned: 373886 Time Elapsed: 20 hr, 33 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Trojan.Downloader.NS, C:\Users\Owner\Downloads\soft-patcherv3.2.rar, Quarantined, [7dcb296dcfbb1224dcfd77f1e919847c], Physical Sectors: 0 (No malicious items detected) (end) AdwClearner # AdwCleaner v4.205 - Logfile created 22/05/2015 at 19:03:25 # Updated 21/05/2015 by Xplode # Database : 2015-05-21.2 [server] # Operating system : Windows 7 Professional Service Pack 1 (x86) # Username : Owner - HP-LAPTOP # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D} Key Deleted : HKCU\Software\Zugo Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17801 -\\ Mozilla Firefox v37.0.2 (x86 en-US) -\\ Google Chrome v43.0.2357.65 [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [1630 bytes] - [22/05/2015 17:48:57] AdwCleaner[s0].txt - [1573 bytes] - [22/05/2015 19:03:25] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1632 bytes] ########## JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.7.6 (05.21.2015:1) OS: Windows 7 Professional x86 Ran by Owner on Fri 05/22/2015 at 19:08:23.33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\93dbzy8q.default\searchplugins\bing-zugo.xml Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\93dbzy8q.default\minidumps [6 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 05/22/2015 at 19:12:09.63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Microsoft's " Malicious Software Removal --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.4, January 2012 Started On Fri Jan 13 17:47:21 2012 ->Scan ERROR: resource process://pid:7876 (code 0x00000490 (1168)) ->Scan ERROR: resource process://pid:12588 (code 0x00000490 (1168)) Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 13 17:48:38 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.5, February 2012 Started On Wed Feb 15 17:26:47 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 15 17:27:52 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.24, May 2015 (build 5.24.11401.0) Started On Fri May 22 19:56:20 2015 Engine: 1.1.11602.0 Signatures: 1.197.1100.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri May 22 20:02:26 2015 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.24, May 2015 (build 5.24.11401.0) Started On Fri May 22 20:03:35 2015 Engine: 1.1.11602.0 Signatures: 1.197.1100.0 Updates Computer is still slow as before. I your first reply # 2, you mention to use F11 to restore. I tried that, but there are option only to restore from image copy or backup. But no factory restore options. Its sayt to got my Disk Mgmt and see, if I have a separate restore harddrive active. I have attached a screenshot of my Disk mgmt, can you still if I have restore backup installed? Thanks
  5. Sorry for the confusion & thanks for the quick response. I have no utorrent or any illegal software install FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-05-2015 01 Ran by Owner (administrator) on HP-LAPTOP on 13-05-2015 18:57:16 Running from C:\Users\Owner\Downloads Loaded Profiles: Owner (Available profiles: Owner) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (Infineon Technologies AG) C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG) C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe (Infineon Technologies AG) C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe () C:\Program Files\RemoteSound\RemoteSound.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Infineon Technologies AG) C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Windows\System32\dinotify.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity) HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity) HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [354360 2009-08-07] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11227136 2009-07-06] (Hewlett-Packard) HKLM\...\Run: [iFXSPMGT] => C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-05-25] (Infineon Technologies AG) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-11-18] (IDT, Inc.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-01-04] (Synaptics Incorporated) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] () HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.) HKLM\...\runonceex: [ContentMerger] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions) Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll [2009-06-29] (Hewlett-Packard Limited) Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [X] HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Run: [RemoteSound] => C:\Program Files\RemoteSound\RemoteSound.exe [224512 2011-12-13] () HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-01-03] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-01-16] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ SearchScopes: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000 -> {9FC27FD9-3E62-45A1-8ED1-F4E48D2D8D17} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=58E483B0-E882-4BAB-A843-EF3F4B15C5D7&apn_sauid=B9FBCD27-5AB0-490B-93C9-C1F2DE911078& SearchScopes: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000 -> {B0F6A9E6-A20E-2078-1826-6C700C6E8C1D} URL = http://www.bing.com/search?q={searchTerms}&pc=Z045&form=ZGAIDF BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-07-06] (Hewlett-Packard) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-14] (Microsoft Corporation) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC) BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC) BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL [2011-05-13] (Symantec Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-14] (Microsoft Corporation) BHO: Somoto Toolbar -> {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -> C:\Program Files\somototoolbar\vmntemplateX.dll No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-14] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation) Toolbar: HKLM - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll No File Toolbar: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {C9BCAEA5-54DC-4504-A2A4-0AE2EEB080D0} https://connect2eaglesecure.american.edu/tools/xc_loader_activex.ocx DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-14] (Microsoft Corporation) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\93dbzy8q.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF SelectedSearchEngine: Bing FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-14] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-14] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\93dbzy8q.default\searchplugins\bing-zugo.xml [2011-05-25] FF Extension: Firebug - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\93dbzy8q.default\Extensions\firebug@software.joehewitt.com.xpi [2011-05-21] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-14] FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-14] FF HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-02] Chrome: ======= CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-28] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-28] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-28] CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-28] CHR Extension: (DivX HiQ) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2014-12-28] CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-13] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14] CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-28] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-12-28] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-28] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-07] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-07] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation) R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation) S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-06-29] (Hewlett-Packard Ltd) S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [File not signed] R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.) R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) [File not signed] R2 IFXSpMgtSrv; C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-05-25] (Infineon Technologies AG) R2 IFXTCS; C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984352 2009-05-25] (Infineon Technologies AG) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc) R2 PersonalSecureDriveService; C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-05-25] (Infineon Technologies AG) R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [137224 2011-06-14] (Symantec Corporation) R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe [1664744 2012-01-06] (Symantec Corporation) S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe [280496 2012-01-06] (Symantec Corporation) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe [229458 2009-11-18] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20150504.013\BHDrvx86.sys [1172184 2015-05-01] (Symantec Corporation) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-06-29] (Hewlett-Packard Development Company L.P.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-31] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-31] (Symantec Corporation) R1 IDSVix86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20150512.001\IDSvix86.sys [505048 2015-03-23] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150513.003\NAVENG.SYS [95704 2015-03-15] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150513.003\NAVEX15.SYS [1636696 2015-03-15] (Symantec Corporation) R1 NEOFLTR_710_20169; C:\Windows\system32\Drivers\NEOFLTR_710_20169.SYS [85064 2012-01-13] (Juniper Networks) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39712 2009-05-25] (Infineon Technologies AG) R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International) R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [109216 2009-07-29] () [File not signed] R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.) R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS [516216 2011-05-27] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS [50168 2011-05-27] (Symantec Corporation) S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [23984 2012-01-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS [340088 2011-05-02] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS [756856 2011-05-17] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [127096 2012-01-06] (Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS [136312 2011-05-10] (Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation) R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [92080 2012-01-06] (Symantec Corporation) R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [50096 2012-01-06] (Symantec Corporation) R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable_win7.sys [34024 2015-02-06] (Windows ® Win 7 DDK provider) S3 SYMTDI; \SystemRoot\System32\Drivers\SYMTDI.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-13 18:57 - 2015-05-13 18:59 - 00025517 _____ () C:\Users\Owner\Downloads\FRST.txt 2015-05-13 18:56 - 2015-05-13 18:57 - 08060928 _____ () C:\Users\Owner\Downloads\Files.zip.part 2015-05-13 18:56 - 2015-05-13 18:56 - 00000000 _____ () C:\Users\Owner\Downloads\Files.zip 2015-05-13 18:49 - 2015-05-13 18:57 - 00000000 ____D () C:\FRST 2015-05-13 18:42 - 2015-05-13 18:42 - 01144320 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe 2015-05-13 18:35 - 2015-05-13 18:42 - 31381395 _____ () C:\Users\Owner\Downloads\СВконтакт - by gasyul version 0.1.zip 2015-05-13 18:34 - 2015-05-13 18:35 - 35603623 _____ () C:\Users\Owner\Downloads\Sborka-xbey.ru.rar 2015-05-11 20:37 - 2015-05-11 20:37 - 26643093 _____ () C:\Users\Owner\Downloads\campus3122.zip 2015-05-11 20:01 - 2015-05-11 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-05-11 20:01 - 2015-05-11 20:01 - 00000000 ____D () C:\ProgramData\LogiShrd 2015-05-11 20:01 - 2015-05-11 20:01 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd 2015-05-11 20:00 - 2015-05-11 20:01 - 04147600 _____ ($Co_Name Inc.) C:\Users\Owner\Downloads\unifying250.exe 2015-05-02 14:29 - 2015-05-02 14:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-02 13:45 - 2015-05-02 13:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Airfoil 2015-04-18 13:56 - 2015-04-18 13:59 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-18 13:56 - 2015-04-18 13:56 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-18 13:56 - 2015-04-18 13:56 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-17 20:44 - 2015-04-17 20:44 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-04-17 20:44 - 2015-04-17 20:44 - 00000000 ___RD () C:\Program Files\Skype 2015-04-17 20:44 - 2015-04-17 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-17 20:44 - 2015-04-17 20:44 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-17 19:57 - 2015-03-22 23:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-17 19:57 - 2015-03-22 23:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-17 19:57 - 2015-03-22 23:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-17 19:57 - 2015-03-22 23:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-17 19:57 - 2015-03-22 23:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-17 19:57 - 2015-03-22 23:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-17 19:57 - 2015-03-22 22:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-17 19:57 - 2015-01-27 19:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-04-17 19:56 - 2015-03-22 23:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-17 19:56 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-17 19:56 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-17 19:56 - 2015-03-17 01:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-17 19:56 - 2015-03-17 01:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-17 19:56 - 2015-03-17 00:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-17 19:56 - 2015-03-17 00:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-17 19:56 - 2015-03-17 00:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-17 19:56 - 2015-03-17 00:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-17 19:56 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-17 19:56 - 2015-03-17 00:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-17 19:56 - 2015-03-17 00:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-17 19:56 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-17 19:56 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-17 19:56 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-17 19:56 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-17 19:56 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-17 19:56 - 2015-03-04 00:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-17 19:56 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-17 19:55 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-17 19:55 - 2015-03-24 23:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-17 19:55 - 2015-03-24 23:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-17 19:55 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-17 19:55 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-17 19:55 - 2015-03-24 23:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-17 19:55 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-17 19:55 - 2015-03-24 23:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-17 19:55 - 2015-03-24 23:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-17 19:55 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-17 19:55 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-17 19:55 - 2015-03-24 23:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-17 19:55 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-17 19:55 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-17 19:55 - 2015-03-12 23:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-17 19:55 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-17 19:55 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-17 19:55 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-17 19:55 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-17 19:55 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-17 19:55 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-17 19:55 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-17 19:55 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-17 19:55 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-17 19:55 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-17 19:55 - 2015-03-12 23:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-17 19:55 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-17 19:55 - 2015-03-12 23:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-17 19:55 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-17 19:55 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-17 19:55 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-17 19:55 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-17 19:55 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-17 19:55 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-17 19:55 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-17 19:55 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-17 19:55 - 2015-03-12 22:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-17 19:55 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-17 19:55 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-17 19:55 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-17 19:55 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-17 19:55 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-17 19:55 - 2015-03-05 00:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-17 19:55 - 2015-02-24 23:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-17 19:54 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-17 19:54 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-13 18:58 - 2011-03-27 16:35 - 01615164 _____ () C:\Windows\WindowsUpdate.log 2015-05-13 18:51 - 2014-12-28 20:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-13 18:40 - 2014-12-28 20:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-13 18:31 - 2014-12-28 20:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-11 20:05 - 2009-07-14 00:39 - 00086215 _____ () C:\Windows\setupact.log 2015-05-11 19:58 - 2009-07-14 00:34 - 00010112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-11 19:58 - 2009-07-14 00:34 - 00010112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-11 19:53 - 2011-03-27 13:56 - 00000000 ____D () C:\ProgramData\PDFC 2015-05-03 20:44 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-05-03 20:35 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-03 10:18 - 2014-12-28 19:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-02 13:45 - 2015-02-07 22:49 - 00000000 ____D () C:\Program Files\Airfoil 2015-05-02 13:44 - 2015-02-23 22:28 - 00000000 ____D () C:\Program Files\Acro Software 2015-05-02 13:42 - 2015-02-07 23:10 - 00001318 _____ () C:\Users\Owner\Desktop\Airfoil_Crash.log 2015-05-02 13:21 - 2015-02-07 22:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Rogue Amoeba 2015-05-02 13:17 - 2014-12-28 20:10 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-02 13:14 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat 2015-04-18 14:12 - 2014-12-28 20:02 - 00000000 ____D () C:\Users\Owner\Desktop\GWU 2015-04-18 14:02 - 2014-12-28 20:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-04-18 14:02 - 2011-07-26 16:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-04-17 20:47 - 2011-03-27 15:46 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-17 20:46 - 2011-03-27 13:48 - 00775084 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-17 20:44 - 2011-04-07 15:48 - 00000000 ____D () C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2011-03-27 14:42 - 2011-03-27 14:42 - 0000000 _____ () C:\Users\Owner\AppData\Local\AtStart.txt 2012-02-05 17:34 - 2012-02-05 17:34 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-03-27 14:42 - 2011-03-27 14:42 - 0000000 _____ () C:\Users\Owner\AppData\Local\DSwitch.txt 2011-03-27 14:42 - 2011-03-27 14:42 - 0000000 _____ () C:\Users\Owner\AppData\Local\QSwitch.txt 2011-04-07 15:49 - 2011-04-07 15:49 - 0000048 ____H () C:\ProgramData\ezsidmv.dat 2011-03-27 14:08 - 2015-05-03 20:35 - 0000503 _____ () C:\ProgramData\HPWALog.txt Some content of TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\ApnStub.exe C:\Users\Owner\AppData\Local\Temp\Burn4Free.exe C:\Users\Owner\AppData\Local\Temp\contentDATs.exe C:\Users\Owner\AppData\Local\Temp\converter.exe C:\Users\Owner\AppData\Local\Temp\dwh6097.exe C:\Users\Owner\AppData\Local\Temp\dwhc438.exe C:\Users\Owner\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Owner\AppData\Local\Temp\GoogleToolbarInstaller.exe C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Owner\AppData\Local\Temp\ose00000.exe C:\Users\Owner\AppData\Local\Temp\ose00001.exe C:\Users\Owner\AppData\Local\Temp\ose00002.exe C:\Users\Owner\AppData\Local\Temp\pslist.exe C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Owner\AppData\Local\Temp\setup.exe C:\Users\Owner\AppData\Local\Temp\Setup1.exe C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe C:\Users\Owner\AppData\Local\Temp\_isF076.exe C:\Users\Samir\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-11 23:20 ==================== End Of Log ============================ Additions.txtt\ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2015 01 Ran by Owner at 2015-05-13 18:59:47 Running from C:\Users\Owner\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1921474701-2290882765-2420123044-500 - Administrator - Disabled) Guest (S-1-5-21-1921474701-2290882765-2420123044-501 - Limited - Enabled) Owner (S-1-5-21-1921474701-2290882765-2420123044-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 256HD Bat-pack (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\256HD Bat-pack) (Version: - ) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) A2 Studios ICC World T20 2014 Patch (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\A2 Studios ICC World T20 2014 Patch) (Version: - ) ActivClient x86 (Version: 6.2 - ActivIdentity) Hidden Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) Airfoil (HKLM\...\Airfoil) (Version: 3.6.5 - Rogue Amoeba) Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden BIOS Configuration for HP ProtectTools (HKLM\...\{4A48FBE1-723F-4297-9DD0-9D7E123D78D9}) (Version: 4.00 D2 - Hewlett-Packard) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.0.6 - Hewlett-Packard) DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC) Drive Encryption for HP ProtectTools (Version: 4.0.24 - Hewlett-Packard) Hidden Embedded Security for HP ProtectTools (HKLM\...\{85FBB6CC-82ED-47BA-9F9D-5F6313D75955}) (Version: 5.6.000 - Hewlett-Packard) File Sanitizer For HP ProtectTools (HKLM\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.10 - Hewlett-Packard) Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM\...\{511376F5-7E5A-4EC9-B603-193B1D425BC3}) (Version: 1.0.1.1 - Hewlett-Packard) HP ProtectTools Security Manager Suite (HKLM\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard) HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard) HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.11 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard) iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6257.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation) Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel) iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 7.1.0.20169 - Juniper Networks) Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.) LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe) Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation) Malwarebytes Anti-Malware version 1.60.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.1.1000 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Notepad++ (HKLM\...\Notepad++) (Version: 5.9 - ) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc) Privacy Manager for HP ProtectTools (HKLM\...\{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}) (Version: 1.0.1.599 - Hewlett-Packard) QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH) Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Symantec Endpoint Protection (HKLM\...\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}) (Version: 12.1.671.4971 - Symantec Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.1 - Synaptics Incorporated) The Logo Creator v6 6.0 (HKLM\...\The Logo Creator v6) (Version: 6.0 - Laughingbird Software) The Logo Creator v6.6 (HKLM\...\The Logo Creator) (Version: v6.6 - Laughingbird Software) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Usmleworld QBank (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Usmleworld QBank) (Version: - USMLEWORLD,LLC) VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Windows 7 Default Setting (HKLM\...\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}) (Version: 1.0.0.6 - Hewlett-Packard) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B0FF20F1-C857-4EA5-A2B8-A85372879B3D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File ==================== Restore Points ========================= 14-03-2015 13:51:43 Windows Update 14-03-2015 21:49:27 Windows Update 15-03-2015 15:32:53 Windows Update 20-03-2015 00:05:45 Windows Update 24-03-2015 22:39:47 Windows Update 17-04-2015 19:54:48 Windows Update 17-04-2015 20:41:08 Windows Update 02-05-2015 13:25:59 Windows Update 11-05-2015 19:57:54 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1E94AD85-C62F-48BC-9CA5-CBBCDC3C1BA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.) Task: {320ED430-7009-4AAA-AB82-90A3C2A7E940} - System32\Tasks\{551EF2BA-B517-4192-B03F-6F62402951D3} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {33F8285D-7B93-4F9E-A938-A3AF6393CC94} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-14] (Microsoft Corporation) Task: {3CFE400E-7E81-4064-B4A2-D1AD1278E268} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {51CF2FF4-EABE-49B3-AA0E-9B72236900EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6A6968EC-13C4-41B4-AFB1-BF0DAA6ED9F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {723D24E8-A5CC-4093-B473-1057E2AD0936} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {80267204-FF28-4B6C-B9EC-719EDE3B2AC7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {8F61578B-F7D0-4C5D-8BA9-5522A6CE63CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-14] (Microsoft Corporation) Task: {A0F87BC4-D1B5-4A58-858A-F2FB58BC6389} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.) Task: {B4C269EB-E373-4C39-8338-9522B1C5DA4E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {B79AD643-BB00-4CF3-9B02-DA315443DF4F} - System32\Tasks\{DA562DE9-73D0-41B4-AA99-73FF2CCF0736} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBU9ZTTJ\JavaSetup8u31.com" -d C:\Users\Owner\Desktop Task: {D43E4695-F7D9-4B07-A772-BD2A39EA77B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated) Task: {D90AC761-1E6F-4528-A275-8005533DC278} - System32\Tasks\{F7255762-8F36-47CD-837E-230140331F24} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {DA5F96A9-8159-464A-84D0-3F55813CCD51} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {E26955E6-CEC6-4C1B-85D3-C1EA4DFDEA3A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {ECB7C185-0E18-47F1-BEDC-204E555A2388} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-14] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-14 14:14 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2015-03-14 15:44 - 2015-03-14 15:44 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2009-06-29 16:10 - 2009-06-29 16:10 - 00300600 _____ () C:\Windows\system32\flcdlmsg.dll 2011-03-21 14:56 - 2011-03-21 14:56 - 01230704 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2011-03-21 14:57 - 2011-03-21 14:57 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2011-12-13 11:50 - 2011-12-13 11:50 - 00224512 _____ () C:\Program Files\RemoteSound\RemoteSound.exe 2011-03-24 08:21 - 2011-03-24 08:21 - 02278912 _____ () C:\Program Files\RemoteSound\QtCore4.dll 2011-03-24 08:21 - 2011-03-24 08:21 - 08151040 _____ () C:\Program Files\RemoteSound\QtGui4.dll 2011-03-24 08:21 - 2011-03-24 08:21 - 00911872 _____ () C:\Program Files\RemoteSound\QtNetwork4.dll 2011-12-08 04:22 - 2011-12-08 04:22 - 00176128 _____ () C:\Program Files\RemoteSound\ScienPixMedia.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 05127182 _____ () C:\Program Files\RemoteSound\avcodec-52.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00077326 _____ () C:\Program Files\RemoteSound\avutil-50.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00762894 _____ () C:\Program Files\RemoteSound\avformat-52.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00207374 _____ () C:\Program Files\RemoteSound\swscale-0.dll 2011-12-08 04:19 - 2011-12-08 04:19 - 00019456 _____ () C:\Program Files\RemoteSound\ScienPixWAL.DLL 2015-04-18 14:02 - 2015-04-18 14:02 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll 2015-05-02 13:17 - 2015-04-27 22:07 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll 2015-05-02 13:17 - 2015-04-27 22:07 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll 2015-05-02 13:17 - 2015-04-27 22:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll 2010-08-15 14:34 - 2010-08-15 14:34 - 00204800 _____ () C:\Program Files\Notepad++\plugins\ComparePlugin.dll 2008-09-06 08:51 - 2008-09-06 08:51 - 00014336 _____ () C:\Program Files\Notepad++\plugins\NppExport.dll 2010-08-21 08:56 - 2010-08-21 08:56 - 01563648 _____ () C:\Program Files\Notepad++\plugins\NppFTP.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:7A36BD6D ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{9FD4ECCA-063F-4AC5-A5E0-270B80E95A5B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{83527828-F0BD-4065-B45A-F4CCC1135F21}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{843490A2-A59D-4E8F-B47E-8AAEC47D8A94}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{E27CCD43-D03D-455F-A08D-872B1CE76D5B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{D50D7D2C-2A84-4FF1-9049-CD167F533F94}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{3CB04CE3-F2EE-41E3-8399-BDDD5A346151}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{A31FD9BE-DE74-4FD6-8F9B-A78690F238B6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{E4F3E31D-C166-457A-835E-D945E5DF5549}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4CFA4455-19BA-4641-871E-14163E49E7E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{74C0C364-8D76-427A-944E-CCEAAD32ACEF}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe FirewallRules: [{3C5EF1A3-948D-4B4C-97B8-B547521950AF}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe FirewallRules: [{E03167AE-D11B-4E38-BF47-2D3E6F8076D8}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe FirewallRules: [{E31B585A-6082-4146-9AFD-3EA882B880E3}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe FirewallRules: [{08565DFA-7D0D-4AFD-A8CD-D011D860475D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{09DBD2CD-3536-4359-93FA-1B730D1D3B32}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5EE34852-EEB1-4D87-817C-A1228CBBF233}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{DE5983D4-7040-4D01-8318-74CA226E678D}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{00EEFA34-E80E-4524-B631-31DD3B9B7F55}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{267596C5-A858-48AE-9507-B6523D6AC9D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{B53C5DA8-0801-4955-96EB-6AA7D477ED0B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{55D965DB-E3AD-4467-B14F-24BF3F61A247}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{1D173EA7-F188-4DFA-A2CA-C2FB0D413056}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{E1435E80-F11F-4037-9521-F020B5A33C3F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{05A0BFFD-4D9E-4FE5-8C01-2A372CABF5AB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{D3C4F739-8A10-46AA-9492-A80692DDE60A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{F776FAE6-C44C-4E26-BBEB-C80205C1DB86}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{061DC365-AB39-4154-A183-15BEDB6A3CFC}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{66A0904C-1E3A-4A31-89EB-6C3BA3018C3E}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{A455B9F8-5211-4DB3-992C-94C591A57856}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/11/2015 10:55:42 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (05/03/2015 09:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9969 Error: (05/03/2015 09:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9969 Error: (05/03/2015 09:20:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/03/2015 08:45:28 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (05/02/2015 01:45:28 PM) (Source: MsiInstaller) (EventID: 10005) (User: HP-LAPTOP) Description: Product: Bonjour -- A later version of Bonjour is already installed on this computer. Error: (05/02/2015 01:12:38 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (04/18/2015 02:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5132 Error: (04/18/2015 02:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5132 Error: (04/18/2015 02:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (05/11/2015 10:45:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (05/02/2015 01:11:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 80. Error: (03/20/2015 03:04:28 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {2B6AA70F-492C-4CA4-B8FD-5499F1AB4295} Error: (03/15/2015 00:41:50 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (03/06/2015 07:15:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Defender service hung on starting. Error: (02/22/2015 03:17:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service. Error: (02/16/2015 11:24:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (02/15/2015 02:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (01/26/2015 08:23:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 105. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-05-03 20:35:15.860 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-03 10:19:17.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-02 13:47:54.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 13:58:45.718 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-17 19:45:30.844 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-28 09:49:24.107 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-24 22:31:21.802 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-23 08:00:07.264 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 23:59:43.769 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-16 21:09:26.106 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5 CPU M 520 @ 2.40GHz Percentage of memory in use: 63% Total physical RAM: 2991.38 MB Available physical RAM: 1078.89 MB Total Pagefile: 5981.05 MB Available Pagefile: 3481.63 MB Total Virtual: 2047.88 MB Available Virtual: 1919.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:126.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BB575B6D) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  6. My laptop is very slow. I don't have recovery CDs, other I would just factory restore. I have Win 7 HP 8440p. If you can guide me how to restore this back to factory, it would make our life easier. anyways, logs are below. FRST Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2015 01 Ran by Owner at 2015-05-13 18:59:47 Running from C:\Users\Owner\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1921474701-2290882765-2420123044-500 - Administrator - Disabled) Guest (S-1-5-21-1921474701-2290882765-2420123044-501 - Limited - Enabled) Owner (S-1-5-21-1921474701-2290882765-2420123044-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 256HD Bat-pack (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\256HD Bat-pack) (Version: - ) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) A2 Studios ICC World T20 2014 Patch (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\A2 Studios ICC World T20 2014 Patch) (Version: - ) ActivClient x86 (Version: 6.2 - ActivIdentity) Hidden Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) Airfoil (HKLM\...\Airfoil) (Version: 3.6.5 - Rogue Amoeba) Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden BIOS Configuration for HP ProtectTools (HKLM\...\{4A48FBE1-723F-4297-9DD0-9D7E123D78D9}) (Version: 4.00 D2 - Hewlett-Packard) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.0.6 - Hewlett-Packard) DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC) Drive Encryption for HP ProtectTools (Version: 4.0.24 - Hewlett-Packard) Hidden Embedded Security for HP ProtectTools (HKLM\...\{85FBB6CC-82ED-47BA-9F9D-5F6313D75955}) (Version: 5.6.000 - Hewlett-Packard) File Sanitizer For HP ProtectTools (HKLM\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.10 - Hewlett-Packard) Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM\...\{511376F5-7E5A-4EC9-B603-193B1D425BC3}) (Version: 1.0.1.1 - Hewlett-Packard) HP ProtectTools Security Manager Suite (HKLM\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard) HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard) HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.11 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard) iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6257.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation) Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel) iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 7.1.0.20169 - Juniper Networks) Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.) LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe) Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation) Malwarebytes Anti-Malware version 1.60.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.1.1000 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Notepad++ (HKLM\...\Notepad++) (Version: 5.9 - ) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc) Privacy Manager for HP ProtectTools (HKLM\...\{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}) (Version: 1.0.1.599 - Hewlett-Packard) QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH) Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Symantec Endpoint Protection (HKLM\...\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}) (Version: 12.1.671.4971 - Symantec Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.1 - Synaptics Incorporated) The Logo Creator v6 6.0 (HKLM\...\The Logo Creator v6) (Version: 6.0 - Laughingbird Software) The Logo Creator v6.6 (HKLM\...\The Logo Creator) (Version: v6.6 - Laughingbird Software) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Usmleworld QBank (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Usmleworld QBank) (Version: - USMLEWORLD,LLC) VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Windows 7 Default Setting (HKLM\...\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}) (Version: 1.0.0.6 - Hewlett-Packard) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B0FF20F1-C857-4EA5-A2B8-A85372879B3D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File ==================== Restore Points ========================= 14-03-2015 13:51:43 Windows Update 14-03-2015 21:49:27 Windows Update 15-03-2015 15:32:53 Windows Update 20-03-2015 00:05:45 Windows Update 24-03-2015 22:39:47 Windows Update 17-04-2015 19:54:48 Windows Update 17-04-2015 20:41:08 Windows Update 02-05-2015 13:25:59 Windows Update 11-05-2015 19:57:54 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1E94AD85-C62F-48BC-9CA5-CBBCDC3C1BA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.) Task: {320ED430-7009-4AAA-AB82-90A3C2A7E940} - System32\Tasks\{551EF2BA-B517-4192-B03F-6F62402951D3} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {33F8285D-7B93-4F9E-A938-A3AF6393CC94} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-14] (Microsoft Corporation) Task: {3CFE400E-7E81-4064-B4A2-D1AD1278E268} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {51CF2FF4-EABE-49B3-AA0E-9B72236900EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6A6968EC-13C4-41B4-AFB1-BF0DAA6ED9F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {723D24E8-A5CC-4093-B473-1057E2AD0936} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {80267204-FF28-4B6C-B9EC-719EDE3B2AC7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {8F61578B-F7D0-4C5D-8BA9-5522A6CE63CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-14] (Microsoft Corporation) Task: {A0F87BC4-D1B5-4A58-858A-F2FB58BC6389} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.) Task: {B4C269EB-E373-4C39-8338-9522B1C5DA4E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {B79AD643-BB00-4CF3-9B02-DA315443DF4F} - System32\Tasks\{DA562DE9-73D0-41B4-AA99-73FF2CCF0736} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBU9ZTTJ\JavaSetup8u31.com" -d C:\Users\Owner\Desktop Task: {D43E4695-F7D9-4B07-A772-BD2A39EA77B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated) Task: {D90AC761-1E6F-4528-A275-8005533DC278} - System32\Tasks\{F7255762-8F36-47CD-837E-230140331F24} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {DA5F96A9-8159-464A-84D0-3F55813CCD51} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {E26955E6-CEC6-4C1B-85D3-C1EA4DFDEA3A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {ECB7C185-0E18-47F1-BEDC-204E555A2388} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-14] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-14 14:14 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2015-03-14 15:44 - 2015-03-14 15:44 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2009-06-29 16:10 - 2009-06-29 16:10 - 00300600 _____ () C:\Windows\system32\flcdlmsg.dll 2011-03-21 14:56 - 2011-03-21 14:56 - 01230704 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2011-03-21 14:57 - 2011-03-21 14:57 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2011-12-13 11:50 - 2011-12-13 11:50 - 00224512 _____ () C:\Program Files\RemoteSound\RemoteSound.exe 2011-03-24 08:21 - 2011-03-24 08:21 - 02278912 _____ () C:\Program Files\RemoteSound\QtCore4.dll 2011-03-24 08:21 - 2011-03-24 08:21 - 08151040 _____ () C:\Program Files\RemoteSound\QtGui4.dll 2011-03-24 08:21 - 2011-03-24 08:21 - 00911872 _____ () C:\Program Files\RemoteSound\QtNetwork4.dll 2011-12-08 04:22 - 2011-12-08 04:22 - 00176128 _____ () C:\Program Files\RemoteSound\ScienPixMedia.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 05127182 _____ () C:\Program Files\RemoteSound\avcodec-52.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00077326 _____ () C:\Program Files\RemoteSound\avutil-50.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00762894 _____ () C:\Program Files\RemoteSound\avformat-52.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00207374 _____ () C:\Program Files\RemoteSound\swscale-0.dll 2011-12-08 04:19 - 2011-12-08 04:19 - 00019456 _____ () C:\Program Files\RemoteSound\ScienPixWAL.DLL 2015-04-18 14:02 - 2015-04-18 14:02 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll 2015-05-02 13:17 - 2015-04-27 22:07 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll 2015-05-02 13:17 - 2015-04-27 22:07 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll 2015-05-02 13:17 - 2015-04-27 22:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll 2010-08-15 14:34 - 2010-08-15 14:34 - 00204800 _____ () C:\Program Files\Notepad++\plugins\ComparePlugin.dll 2008-09-06 08:51 - 2008-09-06 08:51 - 00014336 _____ () C:\Program Files\Notepad++\plugins\NppExport.dll 2010-08-21 08:56 - 2010-08-21 08:56 - 01563648 _____ () C:\Program Files\Notepad++\plugins\NppFTP.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:7A36BD6D ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{9FD4ECCA-063F-4AC5-A5E0-270B80E95A5B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{83527828-F0BD-4065-B45A-F4CCC1135F21}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{843490A2-A59D-4E8F-B47E-8AAEC47D8A94}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{E27CCD43-D03D-455F-A08D-872B1CE76D5B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{D50D7D2C-2A84-4FF1-9049-CD167F533F94}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{3CB04CE3-F2EE-41E3-8399-BDDD5A346151}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{A31FD9BE-DE74-4FD6-8F9B-A78690F238B6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{E4F3E31D-C166-457A-835E-D945E5DF5549}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4CFA4455-19BA-4641-871E-14163E49E7E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{74C0C364-8D76-427A-944E-CCEAAD32ACEF}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe FirewallRules: [{3C5EF1A3-948D-4B4C-97B8-B547521950AF}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe FirewallRules: [{E03167AE-D11B-4E38-BF47-2D3E6F8076D8}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe FirewallRules: [{E31B585A-6082-4146-9AFD-3EA882B880E3}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe FirewallRules: [{08565DFA-7D0D-4AFD-A8CD-D011D860475D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{09DBD2CD-3536-4359-93FA-1B730D1D3B32}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5EE34852-EEB1-4D87-817C-A1228CBBF233}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{DE5983D4-7040-4D01-8318-74CA226E678D}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{00EEFA34-E80E-4524-B631-31DD3B9B7F55}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{267596C5-A858-48AE-9507-B6523D6AC9D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{B53C5DA8-0801-4955-96EB-6AA7D477ED0B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{55D965DB-E3AD-4467-B14F-24BF3F61A247}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{1D173EA7-F188-4DFA-A2CA-C2FB0D413056}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{E1435E80-F11F-4037-9521-F020B5A33C3F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{05A0BFFD-4D9E-4FE5-8C01-2A372CABF5AB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{D3C4F739-8A10-46AA-9492-A80692DDE60A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{F776FAE6-C44C-4E26-BBEB-C80205C1DB86}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{061DC365-AB39-4154-A183-15BEDB6A3CFC}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{66A0904C-1E3A-4A31-89EB-6C3BA3018C3E}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{A455B9F8-5211-4DB3-992C-94C591A57856}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/11/2015 10:55:42 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (05/03/2015 09:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9969 Error: (05/03/2015 09:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9969 Error: (05/03/2015 09:20:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/03/2015 08:45:28 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (05/02/2015 01:45:28 PM) (Source: MsiInstaller) (EventID: 10005) (User: HP-LAPTOP) Description: Product: Bonjour -- A later version of Bonjour is already installed on this computer. Error: (05/02/2015 01:12:38 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (04/18/2015 02:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5132 Error: (04/18/2015 02:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5132 Error: (04/18/2015 02:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (05/11/2015 10:45:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (05/02/2015 01:11:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 80. Error: (03/20/2015 03:04:28 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {2B6AA70F-492C-4CA4-B8FD-5499F1AB4295} Error: (03/15/2015 00:41:50 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (03/06/2015 07:15:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Defender service hung on starting. Error: (02/22/2015 03:17:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service. Error: (02/16/2015 11:24:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (02/15/2015 02:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (01/26/2015 08:23:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 105. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-05-03 20:35:15.860 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-03 10:19:17.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-02 13:47:54.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 13:58:45.718 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-17 19:45:30.844 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-28 09:49:24.107 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-24 22:31:21.802 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-23 08:00:07.264 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 23:59:43.769 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-16 21:09:26.106 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5 CPU M 520 @ 2.40GHz Percentage of memory in use: 63% Total physical RAM: 2991.38 MB Available physical RAM: 1078.89 MB Total Pagefile: 5981.05 MB Available Pagefile: 3481.63 MB Total Virtual: 2047.88 MB Available Virtual: 1919.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:126.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BB575B6D) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Additions.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2015 01 Ran by Owner at 2015-05-13 18:59:47 Running from C:\Users\Owner\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1921474701-2290882765-2420123044-500 - Administrator - Disabled) Guest (S-1-5-21-1921474701-2290882765-2420123044-501 - Limited - Enabled) Owner (S-1-5-21-1921474701-2290882765-2420123044-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 256HD Bat-pack (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\256HD Bat-pack) (Version: - ) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) A2 Studios ICC World T20 2014 Patch (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\A2 Studios ICC World T20 2014 Patch) (Version: - ) ActivClient x86 (Version: 6.2 - ActivIdentity) Hidden Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) Airfoil (HKLM\...\Airfoil) (Version: 3.6.5 - Rogue Amoeba) Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden BIOS Configuration for HP ProtectTools (HKLM\...\{4A48FBE1-723F-4297-9DD0-9D7E123D78D9}) (Version: 4.00 D2 - Hewlett-Packard) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.0.6 - Hewlett-Packard) DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC) Drive Encryption for HP ProtectTools (Version: 4.0.24 - Hewlett-Packard) Hidden Embedded Security for HP ProtectTools (HKLM\...\{85FBB6CC-82ED-47BA-9F9D-5F6313D75955}) (Version: 5.6.000 - Hewlett-Packard) File Sanitizer For HP ProtectTools (HKLM\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.10 - Hewlett-Packard) Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM\...\{511376F5-7E5A-4EC9-B603-193B1D425BC3}) (Version: 1.0.1.1 - Hewlett-Packard) HP ProtectTools Security Manager Suite (HKLM\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard) HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard) HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.11 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard) iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6257.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation) Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel) iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 7.1.0.20169 - Juniper Networks) Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.) LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe) Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation) Malwarebytes Anti-Malware version 1.60.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.1.1000 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Notepad++ (HKLM\...\Notepad++) (Version: 5.9 - ) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc) Privacy Manager for HP ProtectTools (HKLM\...\{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}) (Version: 1.0.1.599 - Hewlett-Packard) QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH) Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Symantec Endpoint Protection (HKLM\...\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}) (Version: 12.1.671.4971 - Symantec Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.1 - Synaptics Incorporated) The Logo Creator v6 6.0 (HKLM\...\The Logo Creator v6) (Version: 6.0 - Laughingbird Software) The Logo Creator v6.6 (HKLM\...\The Logo Creator) (Version: v6.6 - Laughingbird Software) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Usmleworld QBank (HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\...\Usmleworld QBank) (Version: - USMLEWORLD,LLC) VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Windows 7 Default Setting (HKLM\...\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}) (Version: 1.0.0.6 - Hewlett-Packard) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B0FF20F1-C857-4EA5-A2B8-A85372879B3D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File CustomCLSID: HKU\S-1-5-21-1921474701-2290882765-2420123044-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll No File ==================== Restore Points ========================= 14-03-2015 13:51:43 Windows Update 14-03-2015 21:49:27 Windows Update 15-03-2015 15:32:53 Windows Update 20-03-2015 00:05:45 Windows Update 24-03-2015 22:39:47 Windows Update 17-04-2015 19:54:48 Windows Update 17-04-2015 20:41:08 Windows Update 02-05-2015 13:25:59 Windows Update 11-05-2015 19:57:54 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1E94AD85-C62F-48BC-9CA5-CBBCDC3C1BA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.) Task: {320ED430-7009-4AAA-AB82-90A3C2A7E940} - System32\Tasks\{551EF2BA-B517-4192-B03F-6F62402951D3} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {33F8285D-7B93-4F9E-A938-A3AF6393CC94} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-14] (Microsoft Corporation) Task: {3CFE400E-7E81-4064-B4A2-D1AD1278E268} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {51CF2FF4-EABE-49B3-AA0E-9B72236900EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6A6968EC-13C4-41B4-AFB1-BF0DAA6ED9F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {723D24E8-A5CC-4093-B473-1057E2AD0936} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {80267204-FF28-4B6C-B9EC-719EDE3B2AC7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {8F61578B-F7D0-4C5D-8BA9-5522A6CE63CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-14] (Microsoft Corporation) Task: {A0F87BC4-D1B5-4A58-858A-F2FB58BC6389} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.) Task: {B4C269EB-E373-4C39-8338-9522B1C5DA4E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {B79AD643-BB00-4CF3-9B02-DA315443DF4F} - System32\Tasks\{DA562DE9-73D0-41B4-AA99-73FF2CCF0736} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBU9ZTTJ\JavaSetup8u31.com" -d C:\Users\Owner\Desktop Task: {D43E4695-F7D9-4B07-A772-BD2A39EA77B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated) Task: {D90AC761-1E6F-4528-A275-8005533DC278} - System32\Tasks\{F7255762-8F36-47CD-837E-230140331F24} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {DA5F96A9-8159-464A-84D0-3F55813CCD51} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {E26955E6-CEC6-4C1B-85D3-C1EA4DFDEA3A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {ECB7C185-0E18-47F1-BEDC-204E555A2388} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-14] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-14 14:14 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2015-03-14 15:44 - 2015-03-14 15:44 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2009-06-29 16:10 - 2009-06-29 16:10 - 00300600 _____ () C:\Windows\system32\flcdlmsg.dll 2011-03-21 14:56 - 2011-03-21 14:56 - 01230704 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2011-03-21 14:57 - 2011-03-21 14:57 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll 2009-06-17 11:40 - 2009-06-17 11:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2011-12-13 11:50 - 2011-12-13 11:50 - 00224512 _____ () C:\Program Files\RemoteSound\RemoteSound.exe 2011-03-24 08:21 - 2011-03-24 08:21 - 02278912 _____ () C:\Program Files\RemoteSound\QtCore4.dll 2011-03-24 08:21 - 2011-03-24 08:21 - 08151040 _____ () C:\Program Files\RemoteSound\QtGui4.dll 2011-03-24 08:21 - 2011-03-24 08:21 - 00911872 _____ () C:\Program Files\RemoteSound\QtNetwork4.dll 2011-12-08 04:22 - 2011-12-08 04:22 - 00176128 _____ () C:\Program Files\RemoteSound\ScienPixMedia.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 05127182 _____ () C:\Program Files\RemoteSound\avcodec-52.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00077326 _____ () C:\Program Files\RemoteSound\avutil-50.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00762894 _____ () C:\Program Files\RemoteSound\avformat-52.dll 2011-11-07 08:06 - 2011-11-07 08:06 - 00207374 _____ () C:\Program Files\RemoteSound\swscale-0.dll 2011-12-08 04:19 - 2011-12-08 04:19 - 00019456 _____ () C:\Program Files\RemoteSound\ScienPixWAL.DLL 2015-04-18 14:02 - 2015-04-18 14:02 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll 2015-05-02 13:17 - 2015-04-27 22:07 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll 2015-05-02 13:17 - 2015-04-27 22:07 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll 2015-05-02 13:17 - 2015-04-27 22:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll 2010-08-15 14:34 - 2010-08-15 14:34 - 00204800 _____ () C:\Program Files\Notepad++\plugins\ComparePlugin.dll 2008-09-06 08:51 - 2008-09-06 08:51 - 00014336 _____ () C:\Program Files\Notepad++\plugins\NppExport.dll 2010-08-21 08:56 - 2010-08-21 08:56 - 01563648 _____ () C:\Program Files\Notepad++\plugins\NppFTP.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:7A36BD6D ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1921474701-2290882765-2420123044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{9FD4ECCA-063F-4AC5-A5E0-270B80E95A5B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{83527828-F0BD-4065-B45A-F4CCC1135F21}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{843490A2-A59D-4E8F-B47E-8AAEC47D8A94}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{E27CCD43-D03D-455F-A08D-872B1CE76D5B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{D50D7D2C-2A84-4FF1-9049-CD167F533F94}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{3CB04CE3-F2EE-41E3-8399-BDDD5A346151}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{A31FD9BE-DE74-4FD6-8F9B-A78690F238B6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{E4F3E31D-C166-457A-835E-D945E5DF5549}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4CFA4455-19BA-4641-871E-14163E49E7E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{74C0C364-8D76-427A-944E-CCEAAD32ACEF}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe FirewallRules: [{3C5EF1A3-948D-4B4C-97B8-B547521950AF}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe FirewallRules: [{E03167AE-D11B-4E38-BF47-2D3E6F8076D8}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe FirewallRules: [{E31B585A-6082-4146-9AFD-3EA882B880E3}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe FirewallRules: [{08565DFA-7D0D-4AFD-A8CD-D011D860475D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{09DBD2CD-3536-4359-93FA-1B730D1D3B32}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5EE34852-EEB1-4D87-817C-A1228CBBF233}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{DE5983D4-7040-4D01-8318-74CA226E678D}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{00EEFA34-E80E-4524-B631-31DD3B9B7F55}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{267596C5-A858-48AE-9507-B6523D6AC9D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{B53C5DA8-0801-4955-96EB-6AA7D477ED0B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{55D965DB-E3AD-4467-B14F-24BF3F61A247}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{1D173EA7-F188-4DFA-A2CA-C2FB0D413056}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{E1435E80-F11F-4037-9521-F020B5A33C3F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{05A0BFFD-4D9E-4FE5-8C01-2A372CABF5AB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{D3C4F739-8A10-46AA-9492-A80692DDE60A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{F776FAE6-C44C-4E26-BBEB-C80205C1DB86}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{061DC365-AB39-4154-A183-15BEDB6A3CFC}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{66A0904C-1E3A-4A31-89EB-6C3BA3018C3E}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe FirewallRules: [{A455B9F8-5211-4DB3-992C-94C591A57856}] => (Allow) C:\Program Files\RemoteSound\RemoteSound.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/11/2015 10:55:42 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (05/03/2015 09:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9969 Error: (05/03/2015 09:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9969 Error: (05/03/2015 09:20:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/03/2015 08:45:28 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (05/02/2015 01:45:28 PM) (Source: MsiInstaller) (EventID: 10005) (User: HP-LAPTOP) Description: Product: Bonjour -- A later version of Bonjour is already installed on this computer. Error: (05/02/2015 01:12:38 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (04/18/2015 02:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5132 Error: (04/18/2015 02:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5132 Error: (04/18/2015 02:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (05/11/2015 10:45:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (05/02/2015 01:11:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 80. Error: (03/20/2015 03:04:28 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {2B6AA70F-492C-4CA4-B8FD-5499F1AB4295} Error: (03/15/2015 00:41:50 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (03/06/2015 07:15:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Defender service hung on starting. Error: (02/22/2015 03:17:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service. Error: (02/16/2015 11:24:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (02/15/2015 02:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (01/26/2015 08:23:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 105. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-05-03 20:35:15.860 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-03 10:19:17.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-05-02 13:47:54.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 13:58:45.718 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-17 19:45:30.844 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-28 09:49:24.107 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-24 22:31:21.802 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-23 08:00:07.264 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 23:59:43.769 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-16 21:09:26.106 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5 CPU M 520 @ 2.40GHz Percentage of memory in use: 63% Total physical RAM: 2991.38 MB Available physical RAM: 1078.89 MB Total Pagefile: 5981.05 MB Available Pagefile: 3481.63 MB Total Virtual: 2047.88 MB Available Virtual: 1919.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:126.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BB575B6D) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.