JPGR
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by JPGR
-
Can't start, delete, or install Malwarebytes (MB)
JPGR replied to JPGR's topic in Malwarebytes for Windows Support Forum
You folks are wonderful, with amazing results. Everything working fine now after video review. Thank you! -
Can't start, delete, or install Malwarebytes (MB)
JPGR replied to JPGR's topic in Malwarebytes for Windows Support Forum
Hello Porthos - Thank you for your reply! When you say use the support tool and do a repair with the tool, do you mean clicking the 3rd window that says, "Repair System"? If so, I'd like to learn a bit more about the tool before I do - would you be able to point me please to somewhere I could read up on its functions a bit before I do that? (I'm a bit uncomfortable with the words, "Restore Windows Services to default state", and I'm unfamiliar with the meaning of the several options/check boxes listed.) Thank you! -
Can't start, delete, or install Malwarebytes (MB)
JPGR replied to JPGR's topic in Malwarebytes for Windows Support Forum
This post is to attach the MBST-Grab file as instructed, thank you! mbst-grab-results.zip -
Can't start, delete, or install Malwarebytes (MB)
JPGR replied to JPGR's topic in Malwarebytes for Windows Support Forum
EDIT/Update: I "allowed all cookies", still couldn't start or delete MB. Potentially all 3rd party cookies were blocked in "Settings". With cookies allowed I did get a new message when I double clicked on MBSetup to install: "Install Malwarebytes - An error has occurred". Thanks - -
Hi - W10 Pro on MS Surface 6 here, Malwarebytes 3.x Premium. A day or so ago I noticed: 1) MB wasn't on. It always used to be on automatically, when I noticed it wasn't I'd click on the icon, and and there'd be a spinning circle for a few seconds which would then stop, then nothing else would happen, including MB didn't open :( 2) Windows Security Virus and Threat Protection (WSVTP) said it needed to update, but when I clicked yes, it just kept sitting there with the moving "...", and nothing else. At around that time I got aW10 prompt to update, which I did. Immediately thereafter both MB and WSVTP seemed to be working perfectly. I did a full system scan with MB and also with WSVTP, and they both said everything was clean. But today, I see MB is back to the unresponsive behavior I noted above - click on it, and nothing happened. I then tried to delete MB via Control Panel, but the dialogue window that opened up just sat there, the little bar didn't even start to move across the page. I then downloaded a new MB and double clicked to install. The little dark green "Installing" bar fairly quickly moved across about 1/3 of the way, but will not progress further (the "light green" bar within the overall darker green bar itself is moving L-R periodically, but the darker green bar has been stuck at about 1/3 for about 20 minutes now). WSVTP says it's happy, up to date, etc. Can someone possibly look the above over please, and see if any suggestions come to mind for how to get a working Malwarebytes back? Thank you!
-
I'm pretty sure I have an infection: au_.exe
JPGR replied to JPGR's topic in Resolved Malware Removal Logs
Attached as requested, thank you. Addition - nonomber.txt FRST - nonomber.txt -
I'm pretty sure I have an infection: au_.exe
JPGR replied to JPGR's topic in Resolved Malware Removal Logs
FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-10-2016 Ran by afenton (administrator) on FENTON-D7GJ3D1 (12-10-2016 19:10:55) Running from \\server1\private$\afenton\Downloads Loaded Profiles: afenton (Available Profiles: afenton & Administrator & root & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (McKesson MIG) C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Prosoftnet) C:\Program Files\IBackupWindows\ib_service.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\logWriter.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe () C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Prosoftnet) C:\Program Files\IBackupWindows\ib_bglaunch.exe (Prosoftnet) C:\Program Files\IBackupWindows\ib_tray.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe Failed to access process -> FRST.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.) HKLM\...\Run: [Synchronization Manager] => C:\WINDOWS\system32\mobsync.exe [143360 2008-04-13] (Microsoft Corporation) HKLM\...\Run: [IBackup Background process] => C:\Program Files\IBackupWindows\ib_bglaunch.exe [160008 2016-04-11] (Prosoftnet) HKLM\...\Run: [IBackup Tray] => C:\Program Files\IBackupWindows\ib_tray.exe [2222344 2016-04-11] (Prosoftnet) HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1473760 2016-09-23] (Trend Micro Inc.) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation) HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation) HKLM Group Policy restriction on software: %userprofile%\appdata\local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %localappdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %localappdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\appdata\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\Spotify\spWebInst0.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\Spotify\spotifyLauncher.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\Spotify\spotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\appdata\LocalLow\Temp\SpotifyUninstall.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\cryptnet32: cryptnet32.dll [X] Winlogon\Notify\NavLogon: HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1033728 2008-04-13] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1033728 2008-04-13] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Policies\Explorer: [DisablePersonalDirChange] 1 HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\MountPoints2: {742d997f-ff0a-11e2-bb9e-00038a000015} - F:\MotoCastSetup.exe -a HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1033728 2008-04-13] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD8335931943] => cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-507F1C84" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD8335931943 /f HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1033728 2008-04-13] (Microsoft Corporation) <==== ATTENTION ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ClientLogCollector.lnk [2015-10-06] ShortcutTarget: ClientLogCollector.lnk -> C:\Program Files\McKesson\ClientLogCollector\AliClientLogCollector.exe (McKesson Imaging & Workflow Solutions) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Online plug-in.lnk [2016-10-12] ShortcutTarget: Online plug-in.lnk -> C:\WINDOWS\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1362468806-2297102619-1991856889-1139] => AutoConfigURL: [S-1-5-21-1362468806-2297102619-1991856889-1139] => Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.2 Tcpip\..\Interfaces\{07600FC0-E89C-4DF1-8577-7538D5BE857A}: [DhcpNameServer] 10.0.0.4 Tcpip\..\Interfaces\{9DFAEDB8-0E12-4712-A7AA-84810C6D2933}: [DhcpNameServer] 10.0.0.2 Tcpip\..\Interfaces\{E792913E-436B-4C5A-8168-0652397055C0}: [DhcpNameServer] 10.0.0.2 Internet Explorer: ================== HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=B8DF URLSearchHook: HKLM - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc) URLSearchHook: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc) SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> DefaultScope {427CC8B8-0502-4D84-BFAE-E48FE4E850E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> {427CC8B8-0502-4D84-BFAE-E48FE4E850E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22] (AOL Inc) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-03-10] (Sun Microsystems, Inc.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated) BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\module\BES\TmBpIe32.dll [2014-10-30] (Trend Micro Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-03-10] (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2014-03-10] (Sun Microsystems, Inc.) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated) Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22] (AOL Inc) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.) Toolbar: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22] (AOL Inc) Toolbar: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.) Toolbar: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} hxxps://ctzmdportal.iasishealthcare.com/portal/applets/SharedSession.dll DPF: {1A988C5B-7C51-4A6A-8635-6B83BA1288B2} hxxps://cetxpacshrsd.christushealth.org/hrs/download/Setup.cab DPF: {36600F07-8977-445A-96DF-A37BCF51FAFB} hxxp://bhspacs.baptisthealthsystem.com/Sapphire/download/Setup.cab DPF: {4CDE7458-CB28-4C11-BEF7-9F1D63E1FD9F} hxxps://portal.baptisthealthsystem.com/hppportlets/include/LaunchHeo.dll DPF: {5273A32B-C0FA-4497-89D1-329C3AC328FF} hxxp://10.71.16.215/idxrad/ClientBin/IDXWindowHandler.cab DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} hxxps://my.christushealth.org/vericis%5Fweb/vwr_data//,DanaInfo=santarosacpacs.christushealth.org+webvwr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} hxxps://hpfwtxf.hca.corpad.net/portal/mckesson/eig/viewer/mckapprun.cab DPF: {B02DFC8D-F8D3-46BB-AABF-DB1B4A9DAF4A} hxxp://bhspacs.baptisthealthsystem.com/HRS/download/AliUpdate.cab DPF: {BD413F3F-67C3-4100-AC76-36FC47A7EEA0} hxxps://my.christushealth.org/vericis%5Fweb/,DanaInfo=santarosacpacs.christushealth.org+vwr_data//msmpg4.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} hxxp://10.71.16.39/iSite3_5.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://vanguardhealth.webex.com/client/T27L10NSP32CP1/support/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://sanantoniora.clio.medcity.net/dana-cached/sc/JuniperSetupClient.cab Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.) Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2013-03-11] (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-07] (Microsoft Corporation) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\module\BES\TmBpIe32.dll [2014-10-30] (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Documents and Settings\afenton\Application Data\Mozilla\Firefox\Profiles\swx8zdzr.default-1465259549742 [2016-10-12] FF Homepage: C:\Documents and Settings\afenton\Application Data\Mozilla\Firefox\Profiles\swx8zdzr.default-1465259549742 -> hxxp://www.nytimes.com/ FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-12] [not signed] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2014-03-10] [not signed] FF HKLM\...\Firefox\Extensions: [{52d08c03-d98f-40ed-bd1c-e4ee1d7b9bdd}] - C:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension [2016-04-13] FF HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Firefox\Extensions: [{D0864A31-7C1D-11E1-826D-B8AC6F996F26}] - C:\Documents and Settings\afenton\Local Settings\Application Data\{D0864A31-7C1D-11E1-826D-B8AC6F996F26} FF Extension: (Translate This!) - C:\Documents and Settings\afenton\Local Settings\Application Data\{D0864A31-7C1D-11E1-826D-B8AC6F996F26} [2012-04-01] [not signed] FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] () FF Plugin: @Citrix.com/npagee,version=9.3.58.5 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2012-08-17] (Citrix Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll [2014-03-10] (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-03-10] (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @palmsource.com/installer,version=1.0 -> C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll [2007-03-19] () FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ieatgpc.dll [2012-01-12] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll [2012-01-12] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2012-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\afenton\Application Data\mozilla\plugins\npagee.dll [2012-08-17] (Citrix Systems, Inc.) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-12-13] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-12] CHR Extension: (Google Docs) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04] CHR Extension: (Google Drive) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05] CHR Extension: (Google Search) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Chromebleed) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-06-04] CHR Extension: (Google Docs Offline) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05] CHR Extension: (Gmail) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AliUpdate; C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe [85072 2011-05-09] (McKesson MIG) S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC) S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-12-09] (Juniper Networks) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-04-12] (Macrovision Europe Ltd.) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-02] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2006-12-10] (Hewlett-Packard Co.) [File not signed] S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [602112 2007-05-16] (Hewlett-Packard Co.) [File not signed] R2 IBService; C:\Program Files\IBackupWindows\ib_service.exe [242952 2016-04-11] (Prosoftnet) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2014-03-10] (Sun Microsystems, Inc.) R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [156272 2012-08-17] (Citrix Systems, Inc) R2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [3069664 2016-09-23] (Trend Micro Inc.) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-03-11] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.) [File not signed] R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.) R2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [80384 2016-09-23] (Trend Micro Inc.) R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [375296 2016-09-07] () [File not signed] R3 TmCCSF; C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe [764344 2016-09-23] (Trend Micro Inc.) R2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [2899472 2016-09-23] (Trend Micro Inc.) R3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [694832 2014-01-22] (Trend Micro Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation) R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [189272 2011-10-18] (Citrix Systems, Inc.) S3 ctxva51; C:\WINDOWS\System32\DRIVERS\ctxva51.sys [42096 2012-08-17] (Citrix Systems, Inc.) R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [121168 2013-10-03] (Citrix Systems, Inc.) R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [58920 2016-07-28] () R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-12] (Malwarebytes) R1 NEOFLTR_803_30619; C:\WINDOWS\system32\Drivers\NEOFLTR_803_30619.SYS [92984 2014-04-09] (Juniper Networks, Inc.) S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.) S3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) [File not signed] S3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [260352 2005-01-27] (Analog Devices, Inc.) [File not signed] R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) R2 tmactmon; C:\WINDOWS\system32\drivers\tmactmon.sys [113888 2016-08-04] () [File not signed] R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [324320 2016-08-22] () [File not signed] R2 tmevtmgr; C:\WINDOWS\system32\drivers\tmevtmgr.sys [83680 2016-08-04] () [File not signed] R2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [294152 2015-07-02] (Trend Micro Inc.) R2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [38152 2015-07-02] (Trend Micro Inc.) R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90712 2015-05-15] (Trend Micro Inc.) R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [94816 2016-08-02] (Trend Micro Inc.) S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [40824 2011-01-21] (Windows (R) 2000 DDK provider) S1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [381032 2011-01-21] (Paragon) R2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1608744 2015-07-02] (Trend Micro Inc.) R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) S0 cerc6; no ImagePath U2 CertPropSvc; no ImagePath S4 IntelIde; no ImagePath S3 synasusb; System32\Drivers\synasusb.sys [X] S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] U1 WS2IFSL; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-12 19:10 - 2016-10-12 19:10 - 00000000 ____D C:\FRST 2016-10-12 19:04 - 2016-10-12 19:04 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2016-10-12 19:04 - 2016-10-12 19:04 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2016-10-12 17:12 - 2016-10-12 17:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro Security Agent 2016-10-10 22:21 - 2016-10-10 22:21 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-12 19:12 - 2010-04-12 14:32 - 00000000 ____D C:\Documents and Settings\afenton\Local Settings\Temp 2016-10-12 19:04 - 2016-02-12 02:59 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-10-12 19:04 - 2012-05-03 20:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-10-12 19:00 - 2016-04-18 19:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit 2016-10-12 18:59 - 2009-11-12 09:58 - 00000215 ___SH C:\boot.ini 2016-10-12 18:59 - 2008-04-13 18:00 - 00000710 _____ C:\WINDOWS\win.ini 2016-10-12 18:59 - 2008-04-13 18:00 - 00000227 ____N C:\WINDOWS\system.ini 2016-10-12 18:56 - 2014-04-29 15:51 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-10-12 18:53 - 2014-03-12 20:13 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2016-10-12 18:53 - 2010-05-25 23:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-12 18:50 - 2010-04-12 14:24 - 00000120 _____ C:\WINDOWS\system32\config\netlogon.ftl 2016-10-12 18:50 - 2009-11-12 17:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-10-12 18:46 - 2010-04-12 14:32 - 00000178 ___SH C:\Documents and Settings\afenton\ntuser.ini 2016-10-12 18:46 - 2009-11-12 17:05 - 00032086 _____ C:\WINDOWS\SchedLgU.Txt 2016-10-12 18:45 - 2010-04-12 13:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2016-10-12 18:30 - 2013-05-16 16:34 - 00278038 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2016-10-12 18:30 - 2010-04-12 14:32 - 00000000 ____D C:\Documents and Settings\afenton 2016-10-12 18:30 - 2009-11-12 09:52 - 00000000 ____D C:\WINDOWS\security 2016-10-12 18:29 - 2010-05-28 16:13 - 00000000 ____D C:\WINDOWS\pss 2016-10-12 18:13 - 2010-05-25 23:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-12 17:10 - 2009-11-12 09:59 - 00639532 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-10-12 16:28 - 2010-04-12 14:25 - 00000000 __SHD C:\WINDOWS\CSC 2016-10-12 15:12 - 2009-11-12 09:52 - 00000000 ___HD C:\WINDOWS\inf 2016-10-12 15:07 - 2010-05-13 12:32 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2016-10-12 14:23 - 2009-11-12 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-10-11 23:07 - 2016-04-13 14:39 - 00000000 ____D C:\Program Files\IBackupWindows 2016-10-11 16:56 - 2011-02-21 16:21 - 00000245 _____ C:\Documents and Settings\afenton\sharedSession.properties 2016-10-11 14:03 - 2010-05-25 14:47 - 00000000 ____D C:\Documents and Settings\afenton\Desktop\Personal 2016-10-10 22:21 - 2014-04-29 15:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-10-08 15:00 - 2014-03-12 20:13 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2016-10-07 09:46 - 2010-05-25 14:02 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2016-10-02 14:06 - 2010-04-12 13:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet 2016-09-27 20:51 - 2010-04-12 14:32 - 00000000 ____D C:\Documents and Settings\afenton\Local Settings\Application Data\Adobe 2016-09-18 17:54 - 2008-04-13 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2016-09-16 12:37 - 2013-05-16 22:11 - 00435504 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1362468806-2297102619-1991856889-1139-0.dat 2016-09-15 14:47 - 2015-11-06 10:40 - 00002447 _____ C:\Documents and Settings\All Users\Desktop\Kareo.lnk ==================== Files in the root of some directories ======= 2011-09-03 18:48 - 2011-09-03 19:35 - 0000288 _____ () C:\Documents and Settings\afenton\Application Data\.backup.dm 2014-04-29 15:07 - 2014-04-29 15:07 - 0000064 _____ () C:\Documents and Settings\afenton\Application Data\mbam.context.scan 2011-03-10 19:18 - 2011-09-17 13:44 - 0006144 _____ () C:\Documents and Settings\afenton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-04-27 19:42 - 2010-04-27 19:42 - 0000130 _____ () C:\Documents and Settings\afenton\Local Settings\Application Data\fusioncache.dat 2011-01-05 17:53 - 2010-10-06 12:57 - 0004238 _____ () C:\Documents and Settings\All Users\hCare_Access.ico 2010-04-22 11:09 - 2010-04-22 11:18 - 0000811 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log Some files in TEMP: ==================== C:\Documents and Settings\afenton\Local Settings\Temp\Abspdf.exe C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfu.dll C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfuamd64.dll C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfui.dll C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfuia64.dll C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfuiamd64.dll C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfuiia64.dll C:\Documents and Settings\afenton\Local Settings\Temp\AcsInstall.dll C:\Documents and Settings\afenton\Local Settings\Temp\cdintf.dll C:\Documents and Settings\afenton\Local Settings\Temp\dsHostCheckerSetup.exe C:\Documents and Settings\afenton\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe C:\Documents and Settings\afenton\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Documents and Settings\afenton\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Documents and Settings\afenton\Local Settings\Temp\jre-6u45-windows-i586-iftw_2f3dd198.exe C:\Documents and Settings\afenton\Local Settings\Temp\jre-8u101-windows-au.exe C:\Documents and Settings\afenton\Local Settings\Temp\JuniperSetupClientInstaller.exe C:\Documents and Settings\afenton\Local Settings\Temp\MSETUP4.EXE C:\Documents and Settings\afenton\Local Settings\Temp\PDFPRT400.exe C:\Documents and Settings\afenton\Local Settings\Temp\Reg.exe C:\Documents and Settings\afenton\Local Settings\Temp\SHFOLDER.DLL C:\Documents and Settings\afenton\Local Settings\Temp\SRAssetsHelper.dll C:\Documents and Settings\afenton\Local Settings\Temp\tmp170D.tmp.exe C:\Documents and Settings\afenton\Local Settings\Temp\tmp172D.tmp.exe C:\Documents and Settings\afenton\Local Settings\Temp\tmp1731.tmp.exe C:\Documents and Settings\afenton\Local Settings\Temp\uninstall.exe C:\Documents and Settings\afenton\Local Settings\Temp\WFBS-SVC_Agent.exe C:\Documents and Settings\afenton\Local Settings\Temp\xmllite.dll C:\Documents and Settings\afenton\Local Settings\Temp\~39A.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-10-2016 Ran by afenton (12-10-2016 19:12:42) Running from \\server1\private$\afenton\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) (2009-11-12 21:41:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-57989841-1979792683-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.FENTON-D7GJ3D1 ASPNET (S-1-5-21-57989841-1979792683-1177238915-1004 - Limited - Enabled) Guest (S-1-5-21-57989841-1979792683-1177238915-501 - Limited - Disabled) HelpAssistant (S-1-5-21-57989841-1979792683-1177238915-1000 - Limited - Disabled) root (S-1-5-21-57989841-1979792683-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\root SUPPORT_388945a0 (S-1-5-21-57989841-1979792683-1177238915-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Security Agent (Enabled - Up to date) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden 7500_7600_7700_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden Adobe Acrobat 8.3.1 - CPSID_83708 (HKLM\...\Adobe Acrobat 8 Standard - English, Français, Deutsch_831) (Version: - Adobe Systems Incorporated) Adobe Acrobat 8.3.1 Standard (HKLM\...\Adobe Acrobat 8 Standard - English, Français, Deutsch) (Version: 8.3.1 - Adobe Systems) Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) AOL Toolbar (HKLM\...\AOL Toolbar) (Version: - ) AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL LLC) Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden BPD_Scan (Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (Version: 82.0.173.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.03 - Broadcom Corporation) Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.) Brother MFL-Pro Suite MFC-J470DW (HKLM\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.) BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.) Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.) Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.) Canon MX470 series On-screen Manual (HKLM\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon MX470 series User Registration (HKLM\...\Canon MX470 series User Registration) (Version: - Canon Inc.) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.) Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.) Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) Cisco WebEx Meeting Center for Firefox or Chrome (HKLM\...\{50B62367-6210-45E4-AA1E-A0532926E429}) (Version: 8.29.3201 - Cisco WebEx LLC) Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Access Gateway Plug-in (HKLM\...\{EFA471C2-9843-48A0-BC2E-CCA297835F4E}) (Version: 9.3.58.5 - Citrix Systems, Inc.) Citrix online plug-in (HKLM\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.) Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - ) Dell Driver Download Manager (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.) Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.) Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden HMI Update Service (HKLM\...\{4C171E6A-4654-4F09-8CAA-7E02250AAD45}) (Version: 1.0.0.5 - McKesson) Horizon MI View (HKLM\...\{B129B7D5-BCE8-4497-956B-35C8792E32EB}) (Version: 11.50.2.276 - McKesson Medical Imaging Group) HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP) HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP) HP Officejet Pro All-In-One Series (HKLM\...\{868EA922-5675-4E91-BDA6-BBD0F923C5EF}) (Version: 1.0 - HP) HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP) HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden IBackup Version - 11.0 (HKLM\...\IBackup_is1) (Version: 11.0 - Pro Softnet Corp) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.) J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.) Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle) Juniper Networks Host Checker (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Neoteris_Host_Checker) (Version: 8.0.3.30619 - Juniper Networks) Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.14951 - Juniper Networks) Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 8.0.3.30619 - Juniper Networks) Juniper Networks Setup Client (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks) Kareo (HKLM\...\InstallShield_{9F7D3390-A648-4283-AAD8-BB357FB3F30A}) (Version: 1.77.5774.38751 - Kareo, Inc.) Kareo (Version: 1.77.5774.38751 - Kareo, Inc.) Hidden L7600 (Version: 50.0.165.000 - Hewlett-Packard) Hidden Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McKesson Cardiology Applications (HKLM\...\Medcon) (Version: - McKesson) McKesson Radiology Station (HKLM\...\{89E9D9FF-947F-4269-9866-3EBC36E8AF8A}) (Version: 12.1.1.8056 - McKesson Corporation and/or one of its subsidiaries) Medcon AppLauncher (HKLM\...\{8F5F43D2-C218-4166-82D0-9AABB0953701}) (Version: 4.06.011 - McKesson) Medcon WebClient (HKLM\...\{2F882DF1-6439-4F31-8BF4-A8422D1A056A}) (Version: 4.06.011 - McKesson) MedconViewer (HKLM\...\{17EDDEA4-B322-401F-AC3D-D01819CC9E41}) (Version: 4.06.011 - McKesson) MEDITECH Workstation4.x (HKLM\...\Workstation4.x) (Version: - Medical Information Technology, Inc.) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Live Meeting 2007 (HKLM\...\{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}) (Version: 8.0.6362.201 - Microsoft Corporation) Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SOAP Toolkit 3.0 (HKLM\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NetDeviceManager (Version: 90.0.192.000 - Hewlett-Packard) Hidden OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Palm, Inc.) ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden QuickBooks (Version: 20.0.4006.807 - Intuit Inc.) Hidden QuickBooks (Version: 23.0.4006.2305 - Intuit Inc.) Hidden QuickBooks Pro 2007 (HKLM\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version: - ) QuickBooks Pro 2010 (HKLM\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4006.807 - Intuit Inc.) QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4006.2305 - Intuit Inc.) QuickBooks Product Listing Service (HKLM\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit) RescuePRO 4.0 (HKLM\...\{52BBFD55-F411-42DA-ADD5-309C072BB163}_is1) (Version: 4.0 - LC Technology International, Inc.) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER) Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel) Soft-Central SC-DiskInfo (HKLM\...\Soft-Central SC-DiskInfo) (Version: - ) SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices) Spotify (HKLM\...\Spotify) (Version: 0.5.2 - ) Spotify (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB) Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft) Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden Trend Micro Security Agent (HKLM\...\HostedAgent) (Version: 5.9.1118 - Trend Micro Inc.) Trend Micro Security Agent (Version: 5.9.1118 - Trend Micro Inc.) Hidden Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version: - ) UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - ) Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows PowerShell(TM) 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation) Windows Resource Kit Tools (HKLM\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation) Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Documents and Settings\afenton\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com Shortcut: C:\Documents and Settings\afenton\Desktop\Desktop Backup.lnk -> C:\Old Data\robo.bat (No File) ==================== Loaded Modules (Whitelisted) ============== 2010-04-07 13:36 - 2006-11-01 20:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE 2010-04-07 13:36 - 2006-11-01 20:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll 2016-04-13 14:39 - 2016-04-11 18:07 - 00013312 _____ () C:\Program Files\IBackupWindows\SqliteWrapper.dll 2016-04-13 14:39 - 2016-04-11 15:32 - 00639488 _____ () C:\Program Files\IBackupWindows\sqlite3.dll 2016-04-13 14:39 - 2016-04-11 18:08 - 00043520 _____ () C:\Program Files\IBackupWindows\RemoteManagement.dll 2016-04-13 15:17 - 2011-08-31 13:55 - 00499712 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\sqlite3.dll 2014-12-23 00:09 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2015-03-31 19:09 - 2015-03-31 19:09 - 00024312 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_system-vc110-mt-1_57.dll 2015-03-31 19:09 - 2015-03-31 19:09 - 00049544 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_date_time-vc110-mt-1_57.dll 2015-03-31 19:10 - 2015-03-31 19:10 - 00552696 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\sqlite3.dll 2015-03-31 19:09 - 2015-03-31 19:09 - 01111456 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\libprotobuf.dll 2015-03-31 19:09 - 2015-03-31 19:09 - 00092792 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_thread-vc110-mt-1_57.dll 2015-03-31 19:09 - 2015-03-31 19:09 - 00032552 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_chrono-vc110-mt-1_57.dll 2016-10-12 16:50 - 2015-07-28 11:59 - 00663552 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\sqlite3.dll 2013-05-08 08:51 - 2013-05-08 08:51 - 00019056 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll 2016-04-13 15:30 - 2016-09-07 13:49 - 00375296 _____ () C:\Program Files\Trend Micro\BM\TMBMSRV.exe 2008-04-13 18:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Software\Classes\.exe: exefile => <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\baptisthealthsystem.com -> hxxps://portal.baptisthealthsystem.com IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\christushealth.org -> hxxps://my.christushealth.org IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\corpad.net -> corpad.net IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\forisbaptisthealthsystem.com -> hxxps://forisbaptisthealthsystem.com IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\https://sanantonio.ns.medcity.net -> https://sanantonio.ns.medcity.net IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\insidemhs.com -> insidemhs.com IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\medcity.net -> hxxps://sadra-portal.clio.medcity.net IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\mhsaccess.com -> mhsaccess.com IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\mhsportal.com -> mhsportal.com IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\satx-hc-ws1 -> hxxp://satx-hc-ws1 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-13 18:00 - 2011-01-05 17:42 - 00002031 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 10.194.27.222 mhmhgeqsld.hca.corpad.net 10.194.27.220 mhmhgeqs.hca.corpad.net 10.194.27.221 mhmhgeqsbak.hca.corpad.net 205.132.211.78 mhmhclstr01.hca.corpad.net 205.132.213.250 insidemhs.com 10.71.45.123 mhmhhlweb.hca.corpad.net 10.71.45.55 mhmhhlwao.hca.corpad.net 10.71.45.56 mhmhhlwaocl.hca.corpad.net 205.132.214.187 mhmhweb01.hca.corpad.net 10.71.65.74 mhmhapp10.hca.corpad.net 10.223.32.11 sad.portal.medcity.net 10.223.96.237 sadcwqweb03.hca.corpad.net 10.223.96.236 sadcwqweb02.hca.corpad.net 10.223.96.235 sadcwqweb01.hca.corpad.net 10.223.96.203 sadcwpwebhpf01a.hca.corpad.net 10.223.96.204 sadcwpwebhpf01b.hca.corpad.net 10.223.96.205 sadcwpwebhpf01c.hca.corpad.net 10.223.96.212 sadcwpdbshpfc1.hca.corpad.net 205.132.211.146 mhscentral.com 10.26.90.44 psynch.hca.corpad.net 10.223.96.26 SADCWPAPPHPF01C.hca.corpad.net 10.223.96.34 SADCWQPRTHPF02.hca.corpad.net 205.132.211.162 mhmhspst01.hca.corpad.net 10.198.65.76 mhmhapp10.hca.corpad.net 10.223.32.19 hpfwtxf.hca.corpad.net 10.194.27.225 mhmhappgecpnld.hca.corpad.net 10.198.65.71 mhmheeg01.hca.corpad.net 170.150.224.202 sanadhca02.hca.corpad.net 199.107.238.205 uptodate.medcity.net There are 1 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp DNS Servers: 10.0.0.2 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix Access Gateway.lnk => C:\WINDOWS\pss\Citrix Access Gateway.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\WINDOWS\pss\Intuit Data Protect.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\WINDOWS\pss\QuickBooks_Standard_21.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk => C:\WINDOWS\pss\Status Monitor.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files\AOL 9.5\AOL.EXE" -b MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BrHelp => C:\Program Files\Brother\Brother Help\BrotherHelp.exe /AUTORUN MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1271627642\ee\AOLSoftware.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Documents and Settings\afenton\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe MSCONFIG\startupreg: SigmatelSysTrayApp => %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe MSCONFIG\startupreg: Spotify => "C:\Documents and Settings\afenton\Application Data\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\afenton\Application Data\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Disabled:Microsoft Office Outlook DomainProfile\AuthorizedApplications: [C:\Documents and Settings\afenton\Local Settings\Temp\7zS2DF.tmp\setup\HPZnui01.exe] => Enabled:hpznui01.exe DomainProfile\AuthorizedApplications: [C:\Documents and Settings\afenton\Local Settings\Temp\7zS2DF.tmp\setup\hponicifs01.exe] => Enabled:hponicifs01.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe DomainProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe] => Enabled:QuickBooks 2010 Data Manager DomainProfile\AuthorizedApplications: [C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe] => Enabled:Secure Application Manager Proxy DomainProfile\AuthorizedApplications: [C:\WINDOWS\LMI28A.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue DomainProfile\AuthorizedApplications: [C:\WINDOWS\LMI28B.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue DomainProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer DomainProfile\AuthorizedApplications: [C:\Program Files\Spotify\spotify.exe] => Enabled:Spotify DomainProfile\AuthorizedApplications: [C:\Documents and Settings\afenton\Application Data\Spotify\spotify.exe] => Enabled:Spotify DomainProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2013\QBDBMgrN.exe] => Enabled:QuickBooks 2013 Data Manager DomainProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome DomainProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe] => Enabled:QuickBooks 2007 Data Manager StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\acs\AOLDial.exe] => Enabled:AOL Connectivity Service Dialer StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\acs\AOLacsd.exe] => Enabled:AOL Connectivity Service StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\1271627642\ee\aolsoftware.exe] => Enabled:AOL Shared Components StandardProfile\AuthorizedApplications: [C:\Program Files\AOL 9.5\waol.exe] => Enabled:AOL StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe] => Enabled:AOL TopSpeed StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\Loader\aolload.exe] => Enabled:AOL Loader StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\System Information\sinf.exe] => Enabled:AOL System Information StandardProfile\AuthorizedApplications: [C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe] => Enabled:Secure Application Manager Proxy StandardProfile\AuthorizedApplications: [C:\Program Files\Spotify\spotify.exe] => Enabled:Spotify StandardProfile\AuthorizedApplications: [C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe] => Enabled:DTX broker StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes StandardProfile\AuthorizedApplications: [C:\Documents and Settings\afenton\Application Data\Spotify\spotify.exe] => Enabled:Spotify StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005 DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002 DomainProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management DomainProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) DomainProfile\GloballyOpenPorts: [21112:TCP] => Enabled:Trend Micro Security Agent Listener DomainProfile\GloballyOpenPorts: [61117:UDP] => Enabled:Trend Micro Security Agent Broadcast DomainProfile\GloballyOpenPorts: [61116:TCP] => Enabled:Trend Micro Security Agent Update StandardProfile\GloballyOpenPorts: [61117:UDP] => Enabled:Trend Micro Security Agent Broadcast StandardProfile\GloballyOpenPorts: [21112:TCP] => Enabled:Trend Micro Security Agent Listener ==================== Restore Points ========================= 10-08-2016 19:35:59 System Checkpoint 11-08-2016 19:47:34 System Checkpoint 15-08-2016 19:26:04 System Checkpoint 16-08-2016 23:18:56 System Checkpoint 18-08-2016 00:13:36 System Checkpoint 19-08-2016 01:13:43 System Checkpoint 20-08-2016 03:02:15 System Checkpoint 21-08-2016 03:25:46 System Checkpoint 22-08-2016 04:13:48 System Checkpoint 23-08-2016 05:13:56 System Checkpoint 23-08-2016 20:00:24 Software Distribution Service 3.0 24-08-2016 20:56:52 System Checkpoint 06-09-2016 14:23:36 System Checkpoint 07-09-2016 14:33:57 System Checkpoint 08-09-2016 15:56:48 System Checkpoint 09-09-2016 22:18:07 System Checkpoint 10-09-2016 23:28:22 System Checkpoint 11-09-2016 23:58:52 System Checkpoint 13-09-2016 00:16:35 System Checkpoint 14-09-2016 14:26:17 System Checkpoint 15-09-2016 15:45:31 System Checkpoint 18-09-2016 21:39:43 System Checkpoint 19-09-2016 22:13:36 System Checkpoint 20-09-2016 22:58:28 System Checkpoint 21-09-2016 23:29:01 System Checkpoint 23-09-2016 00:12:30 System Checkpoint 23-09-2016 19:29:18 Software Distribution Service 3.0 24-09-2016 19:54:57 System Checkpoint 25-09-2016 20:54:55 System Checkpoint 26-09-2016 21:55:07 System Checkpoint 27-09-2016 22:31:34 System Checkpoint 28-09-2016 22:55:05 System Checkpoint 30-09-2016 01:31:48 System Checkpoint 01-10-2016 02:37:24 System Checkpoint 02-10-2016 03:13:22 System Checkpoint 03-10-2016 04:00:55 System Checkpoint 04-10-2016 05:01:04 System Checkpoint 05-10-2016 05:58:29 System Checkpoint 06-10-2016 06:01:09 System Checkpoint 07-10-2016 06:05:41 System Checkpoint 08-10-2016 07:01:10 System Checkpoint 09-10-2016 08:01:15 System Checkpoint 10-10-2016 09:01:13 System Checkpoint 11-10-2016 10:01:19 System Checkpoint 12-10-2016 10:02:25 System Checkpoint 12-10-2016 18:42:57 Removed Citrix Access Gateway Plug-in 12-10-2016 18:41:49 Software Distribution Service 3.0 ==================== Faulty Device Manager Devices ============= Name: Officejet Pro L7600 Description: Officejet Pro L7600 Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro L7600 Description: Officejet Pro L7600 Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/12/2016 06:42:53 PM) (Source: MsiInstaller) (EventID: 11704) (User: FENTON) Description: Product: Microsoft Office Small Business 2007 -- Error 1704.An installation for Citrix Access Gateway Plug-in is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL) Error: (10/12/2016 05:13:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\TREND MICRO SECURITY AGENT\SECURITY AGENT.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/12/2016 05:13:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\TREND MICRO SECURITY AGENT\SECURITY AGENT.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/12/2016 05:13:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\TREND MICRO SECURITY AGENT\SECURITY AGENT README.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/12/2016 05:13:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\TREND MICRO SECURITY AGENT\SECURITY AGENT README.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/12/2016 02:43:54 PM) (Source: Application Error) (EventID: 1004) (User: ) Description: Faulting application TmProxy.exe, version 5.82.0.1081, faulting module TmsmHttp.dll, version 5.82.0.1084, fault address 0x0006e24b. Error in creating result PEAP-TLV in response to received PEAP-TLV (TmProxy.exe!ld!) Error: (10/12/2016 02:37:28 PM) (Source: Windows Search Service) (EventID: 3024) (User: ) Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error: (10/12/2016 02:25:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application mbam.exe, version 2.3.173.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd. Processing media-specific event for [mbam.exe!ws!] Error: (10/12/2016 02:16:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 49.0.1.6109, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3. Processing media-specific event for [plugin-container.exe!ws!] Error: (10/12/2016 02:15:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 49.0.1.6109, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3. Processing media-specific event for [plugin-container.exe!ws!] System errors: ============= Error: (10/12/2016 07:13:17 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (10/12/2016 07:09:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (10/12/2016 07:07:23 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (10/12/2016 07:02:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (10/12/2016 07:02:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (10/12/2016 07:02:13 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (10/12/2016 06:59:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (10/12/2016 06:56:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (10/12/2016 06:55:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (10/12/2016 06:55:34 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882} ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz Percentage of memory in use: 64% Total physical RAM: 2038.04 MB Available physical RAM: 714.99 MB Total Virtual: 2640.82 MB Available Virtual: 1333.18 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.49 GB) (Free:22.51 GB) NTFS ==>[drive with boot components (Windows XP)] Drive p: () (Network) (Total:122.95 GB) (Free:16.26 GB) Drive q: () (Network) (Total:122.95 GB) (Free:16.26 GB) Drive u: () (Network) (Total:122.95 GB) (Free:16.26 GB) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 5BB8A509) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Man, that sure was a lot of typing, I've got blisters on my fingers! (Sorry, JK, couldn't help it). -
Hi - I'm writing because I think I have an infection, and would appreciate some help please. I have Malwarebytes Premium, and trendmicro. The first part of this note is things that I've noticed going wrong: 1. I noticed that Firefox was closing, "Sorry something went wrong ..." multiple times. 2. I noticed that I'd also get a similar message from Malwarebytes. 3. I noticed that when I'd do a threat scan on Malwarebytes, it would abruptly shut down when it got to "Scan Memory". 4. I noticed that trendmicro said, "Your antivirus hasn't been updated in 6 days" (it is supposed to update more frequently). 5. Today I went to delete Adobe Flash. During that process, trendmicro mentioned something about au_.exe. I can't remember exactly what I told it (sorry) but it was something along the lines of "don't mess with that" because I'd never heard of it. From that point on, things have been bad. Everything is very slow, the Task Manager Performance showed activity at 50% or more all the time, and I can't open the Start menu, open the programs in the lower right hand part of the screen (including Malwarebytes), or open the "You have updates ready" icon from MS. At this point I had to do a power-down hard reset. It is more responsive as of that, I could open Malwarebytes, and it completed a threat scan with zero bad results found. I did a trendmicro scan, with the same results. But things are still wrong. My Task Manager performance is still hovering around 50%. I can't double click open the yellow shield at the bottom right that says I have Windows updates ready to go (or did it say microsoft updates ... I can't remember from before it was frozen shut, and it doesn't have right click functionality to open). I still don't trust things, and am concerned I have an infection. I'm typing this on a 2nd computer, because I started typing when the the infected one was pretty much unresponsive (before the hard power down reboot). Help is appreciated please! I'll need instructions please about how to use a memory stick to address the infected computer, I think? (I noticed the pinned "what do I do now that I'm infected" thread is from 2009 ... wasn't sure if it was still applicable). Thank you!